./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2090941481 <...> Warning: Permanently added '10.128.1.133' (ED25519) to the list of known hosts. execve("./syz-executor2090941481", ["./syz-executor2090941481"], 0x7fff316b9340 /* 10 vars */) = 0 brk(NULL) = 0x555580e9b000 brk(0x555580e9bd00) = 0x555580e9bd00 arch_prctl(ARCH_SET_FS, 0x555580e9b380) = 0 set_tid_address(0x555580e9b650) = 357 set_robust_list(0x555580e9b660, 24) = 0 rseq(0x555580e9bca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2090941481", 4096) = 28 getrandom("\x72\x86\x51\xcb\x80\x74\x0b\xcd", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555580e9bd00 brk(0x555580ebcd00) = 0x555580ebcd00 brk(0x555580ebd000) = 0x555580ebd000 mprotect(0x7f946f11f000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.P9Fxb0", 0700) = 0 chmod("./syzkaller.P9Fxb0", 0777) = 0 chdir("./syzkaller.P9Fxb0") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x555580e9b660, 24) = 0 [pid 359] chdir("./0") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [ 24.148854][ T23] audit: type=1400 audit(1745508810.310:66): avc: denied { execmem } for pid=357 comm="syz-executor209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.172971][ T23] audit: type=1400 audit(1745508810.340:67): avc: denied { read write } for pid=357 comm="syz-executor209" name="loop0" dev="devtmpfs" ino=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] write(1, "executing program\n", 18executing program ) = 18 [pid 359] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 359] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 359] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 359] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 359] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 359] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 359] memfd_create("syzkaller", 0) = 5 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 359] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 24.197936][ T23] audit: type=1400 audit(1745508810.340:68): avc: denied { open } for pid=357 comm="syz-executor209" path="/dev/loop0" dev="devtmpfs" ino=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.222299][ T23] audit: type=1400 audit(1745508810.350:69): avc: denied { ioctl } for pid=357 comm="syz-executor209" path="/dev/loop0" dev="devtmpfs" ino=128 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 359] munmap(0x7f9466c6c000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.248275][ T23] audit: type=1400 audit(1745508810.370:70): avc: denied { read write } for pid=359 comm="syz-executor209" name="vhost-vsock" dev="devtmpfs" ino=316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.272440][ T23] audit: type=1400 audit(1745508810.370:71): avc: denied { open } for pid=359 comm="syz-executor209" path="/dev/vhost-vsock" dev="devtmpfs" ino=316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 359] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 359] close(5) = 0 [pid 359] close(6) = 0 [pid 359] mkdir("./file0", 0777) = 0 [ 24.296481][ T23] audit: type=1400 audit(1745508810.370:72): avc: denied { ioctl } for pid=359 comm="syz-executor209" path="/dev/vhost-vsock" dev="devtmpfs" ino=316 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 359] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 359] chdir("./file0") = 0 [ 24.330169][ T23] audit: type=1400 audit(1745508810.500:73): avc: denied { mounton } for pid=359 comm="syz-executor209" path="/root/syzkaller.P9Fxb0/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.360971][ T359] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_CLR_FD) = 0 [pid 359] close(6) = 0 [pid 359] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 359] write(6, "#! ./file1\n", 11) = 11 [pid 359] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 359] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=359, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 24.382021][ T23] audit: type=1400 audit(1745508810.550:74): avc: denied { mount } for pid=359 comm="syz-executor209" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 24.410953][ T359] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set [ 24.410971][ T23] audit: type=1400 audit(1745508810.570:75): avc: denied { write } for pid=359 comm="syz-executor209" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555580e9b660, 24) = 0 [pid 365] chdir("./1") = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 365] write(1, "executing program\n", 18) = 18 [pid 365] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 365] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 365] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 365] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 365] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 365] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 365] memfd_create("syzkaller", 0) = 5 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 365] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 365] munmap(0x7f9466c6c000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 365] close(5) = 0 [pid 365] close(6) = 0 [pid 365] mkdir("./file0", 0777) = 0 [pid 365] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 365] chdir("./file0") = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_CLR_FD) = 0 [pid 365] close(6) = 0 [pid 365] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 365] write(6, "#! ./file1\n", 11) = 11 [pid 365] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [ 24.570143][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.600818][ T366] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-365: bg 0: block 234: padding at end of block bitmap is not set [pid 365] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=365, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 24.616009][ T366] vhost-365 (366) used greatest stack depth: 21968 bytes left umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x555580e9b660, 24) = 0 [pid 370] chdir("./2") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 370] write(1, "executing program\n", 18) = 18 [pid 370] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 370] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 370] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 370] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 370] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 370] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 370] memfd_create("syzkaller", 0) = 5 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 370] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 370] munmap(0x7f9466c6c000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 370] close(5) = 0 [pid 370] close(6) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_CLR_FD) = 0 [pid 370] close(6) = 0 [pid 370] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 370] write(6, "#! ./file1\n", 11) = 11 [pid 370] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.800074][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 370] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=370, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 24.841193][ T371] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-370: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x555580e9b660, 24) = 0 [pid 375] chdir("./3") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] write(1, "executing program\n", 18executing program ) = 18 [pid 375] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 375] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 375] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 375] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 375] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 375] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 375] memfd_create("syzkaller", 0) = 5 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 375] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 375] munmap(0x7f9466c6c000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 375] close(5) = 0 [pid 375] close(6) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_CLR_FD) = 0 [pid 375] close(6) = 0 [pid 375] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 375] write(6, "#! ./file1\n", 11) = 11 [pid 375] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 375] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=375, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 25.000157][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.031556][ T376] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-375: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555580e9b660, 24) = 0 [pid 380] chdir("./4") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] write(1, "executing program\n", 18executing program ) = 18 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] memfd_create("syzkaller", 0) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7f9466c6c000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] write(6, "#! ./file1\n", 11) = 11 [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 25.170120][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.198412][ T380] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 386 ./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x555580e9b660, 24) = 0 [pid 386] chdir("./5") = 0 [pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 386] setpgid(0, 0) = 0 [pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 386] write(3, "1000", 4) = 4 [pid 386] close(3) = 0 [pid 386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 386] write(1, "executing program\n", 18executing program ) = 18 [pid 386] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 386] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 386] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 386] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 386] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 386] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 386] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 386] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 386] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 386] memfd_create("syzkaller", 0) = 5 [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 386] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 386] munmap(0x7f9466c6c000, 138412032) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 386] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 386] close(5) = 0 [pid 386] close(6) = 0 [pid 386] mkdir("./file0", 0777) = 0 [pid 386] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 386] chdir("./file0") = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 386] ioctl(6, LOOP_CLR_FD) = 0 [pid 386] close(6) = 0 [pid 386] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 386] write(6, "#! ./file1\n", 11) = 11 [pid 386] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [ 25.336480][ T386] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.367257][ T387] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-386: bg 0: block 234: padding at end of block bitmap is not set [pid 386] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=386, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 25.382587][ T387] vhost-386 (387) used greatest stack depth: 21576 bytes left umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x555580e9b660, 24) = 0 [pid 391] chdir("./6") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] write(1, "executing program\n", 18executing program ) = 18 [pid 391] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 391] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 391] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 391] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 391] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 391] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 391] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 391] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 391] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 391] memfd_create("syzkaller", 0) = 5 [pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 391] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 391] munmap(0x7f9466c6c000, 138412032) = 0 [pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 391] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 391] close(5) = 0 [pid 391] close(6) = 0 [pid 391] mkdir("./file0", 0777) = 0 [pid 391] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 391] chdir("./file0") = 0 [pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 391] ioctl(6, LOOP_CLR_FD) = 0 [pid 391] close(6) = 0 [pid 391] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 391] write(6, "#! ./file1\n", 11) = 11 [pid 391] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 391] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=391, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 25.540193][ T391] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.569701][ T392] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-391: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 396 ./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x555580e9b660, 24) = 0 [pid 396] chdir("./7") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 396] write(1, "executing program\n", 18executing program ) = 18 [pid 396] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 396] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 396] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 396] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 396] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 396] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 396] memfd_create("syzkaller", 0) = 5 [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 396] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 396] munmap(0x7f9466c6c000, 138412032) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 396] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 396] close(5) = 0 [pid 396] close(6) = 0 [pid 396] mkdir("./file0", 0777) = 0 [pid 396] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 396] chdir("./file0") = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 396] ioctl(6, LOOP_CLR_FD) = 0 [pid 396] close(6) = 0 [pid 396] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 396] write(6, "#! ./file1\n", 11) = 11 [pid 396] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 396] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=396, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 25.667988][ T396] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.696995][ T397] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-396: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 401 ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x555580e9b660, 24) = 0 [pid 401] chdir("./8") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] write(1, "executing program\n", 18executing program ) = 18 [pid 401] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 401] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 401] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 401] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 401] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 401] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 401] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 401] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 401] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 401] memfd_create("syzkaller", 0) = 5 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 401] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 401] munmap(0x7f9466c6c000, 138412032) = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 401] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 401] close(5) = 0 [pid 401] close(6) = 0 [pid 401] mkdir("./file0", 0777) = 0 [pid 401] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 401] chdir("./file0") = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 401] ioctl(6, LOOP_CLR_FD) = 0 [pid 401] close(6) = 0 [pid 401] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 401] write(6, "#! ./file1\n", 11) = 11 [pid 401] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.800289][ T401] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 401] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 401] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=401, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 25.838847][ T402] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-401: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 406 ./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x555580e9b660, 24) = 0 [pid 406] chdir("./9") = 0 [pid 406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 406] setpgid(0, 0) = 0 [pid 406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 406] write(3, "1000", 4) = 4 [pid 406] close(3) = 0 [pid 406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 406] write(1, "executing program\n", 18executing program ) = 18 [pid 406] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 406] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 406] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 406] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 406] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 406] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 406] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 406] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 406] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 406] memfd_create("syzkaller", 0) = 5 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 406] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 406] munmap(0x7f9466c6c000, 138412032) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 406] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 406] close(5) = 0 [pid 406] close(6) = 0 [pid 406] mkdir("./file0", 0777) = 0 [pid 406] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 406] chdir("./file0") = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 406] ioctl(6, LOOP_CLR_FD) = 0 [pid 406] close(6) = 0 [pid 406] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 406] write(6, "#! ./file1\n", 11) = 11 [pid 406] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 406] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 406] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=406, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 26.018478][ T406] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.046588][ T406] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 411 ./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x555580e9b660, 24) = 0 [pid 411] chdir("./10") = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 411] write(3, "1000", 4) = 4 [pid 411] close(3) = 0 [pid 411] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 411] write(1, "executing program\n", 18) = 18 [pid 411] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 411] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 411] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 411] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 411] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 411] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 411] memfd_create("syzkaller", 0) = 5 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 411] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 411] munmap(0x7f9466c6c000, 138412032) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 411] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 411] close(5) = 0 [pid 411] close(6) = 0 [pid 411] mkdir("./file0", 0777) = 0 [pid 411] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 411] chdir("./file0") = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 411] ioctl(6, LOOP_CLR_FD) = 0 [pid 411] close(6) = 0 [pid 411] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 411] write(6, "#! ./file1\n", 11) = 11 [pid 411] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 411] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 411] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=411, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 26.170078][ T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.200821][ T412] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-411: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 417 ./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x555580e9b660, 24) = 0 [pid 417] chdir("./11") = 0 [pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 417] setpgid(0, 0) = 0 [pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 417] write(3, "1000", 4) = 4 [pid 417] close(3) = 0 [pid 417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 417] write(1, "executing program\n", 18executing program ) = 18 [pid 417] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 417] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 417] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 417] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 417] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 417] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 417] memfd_create("syzkaller", 0) = 5 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 417] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 417] munmap(0x7f9466c6c000, 138412032) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 417] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 417] close(5) = 0 [pid 417] close(6) = 0 [pid 417] mkdir("./file0", 0777) = 0 [pid 417] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 417] chdir("./file0") = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 417] ioctl(6, LOOP_CLR_FD) = 0 [pid 417] close(6) = 0 [pid 417] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 417] write(6, "#! ./file1\n", 11) = 11 [pid 417] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 417] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=417, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 26.329085][ T417] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.360045][ T418] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-417: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 422 ./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x555580e9b660, 24) = 0 [pid 422] chdir("./12") = 0 [pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 422] setpgid(0, 0) = 0 [pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 422] write(3, "1000", 4) = 4 [pid 422] close(3) = 0 [pid 422] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 422] write(1, "executing program\n", 18) = 18 [pid 422] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 422] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 422] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 422] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 422] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 422] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 422] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 422] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 422] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 422] memfd_create("syzkaller", 0) = 5 [pid 422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 422] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 422] munmap(0x7f9466c6c000, 138412032) = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 422] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 422] close(5) = 0 [pid 422] close(6) = 0 [pid 422] mkdir("./file0", 0777) = 0 [pid 422] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 422] chdir("./file0") = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 422] ioctl(6, LOOP_CLR_FD) = 0 [pid 422] close(6) = 0 [pid 422] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 422] write(6, "#! ./file1\n", 11) = 11 [pid 422] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 422] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=422, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 26.488875][ T422] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.519627][ T423] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-422: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 427 ./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x555580e9b660, 24) = 0 [pid 427] chdir("./13") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 427] write(1, "executing program\n", 18) = 18 [pid 427] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 427] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 427] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 427] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 427] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 427] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 427] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 427] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 427] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 427] memfd_create("syzkaller", 0) = 5 [pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 427] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 427] munmap(0x7f9466c6c000, 138412032) = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 427] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 427] close(5) = 0 [pid 427] close(6) = 0 [pid 427] mkdir("./file0", 0777) = 0 [pid 427] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 427] chdir("./file0") = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 427] ioctl(6, LOOP_CLR_FD) = 0 [pid 427] close(6) = 0 [pid 427] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 427] write(6, "#! ./file1\n", 11) = 11 [pid 427] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 427] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=427, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 26.700178][ T427] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.731594][ T428] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-427: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 432 ./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x555580e9b660, 24) = 0 [pid 432] chdir("./14") = 0 [pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 432] setpgid(0, 0) = 0 [pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 432] write(3, "1000", 4) = 4 [pid 432] close(3) = 0 [pid 432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 432] write(1, "executing program\n", 18executing program ) = 18 [pid 432] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 432] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 432] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 432] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 432] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 432] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 432] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 432] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 432] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 432] memfd_create("syzkaller", 0) = 5 [pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 432] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 432] munmap(0x7f9466c6c000, 138412032) = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 432] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 432] close(5) = 0 [pid 432] close(6) = 0 [pid 432] mkdir("./file0", 0777) = 0 [pid 432] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 432] chdir("./file0") = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 432] ioctl(6, LOOP_CLR_FD) = 0 [pid 432] close(6) = 0 [pid 432] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 432] write(6, "#! ./file1\n", 11) = 11 [pid 432] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 432] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=432, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 26.880172][ T432] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.911315][ T433] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-432: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 437 ./strace-static-x86_64: Process 437 attached [pid 437] set_robust_list(0x555580e9b660, 24) = 0 [pid 437] chdir("./15") = 0 [pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 437] setpgid(0, 0) = 0 [pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 437] write(3, "1000", 4) = 4 [pid 437] close(3) = 0 [pid 437] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 437] write(1, "executing program\n", 18) = 18 [pid 437] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 437] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 437] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 437] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 437] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 437] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 437] memfd_create("syzkaller", 0) = 5 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 437] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 437] munmap(0x7f9466c6c000, 138412032) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 437] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 437] close(5) = 0 [pid 437] close(6) = 0 [pid 437] mkdir("./file0", 0777) = 0 [pid 437] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 437] chdir("./file0") = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 437] ioctl(6, LOOP_CLR_FD) = 0 [pid 437] close(6) = 0 [pid 437] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 437] write(6, "#! ./file1\n", 11) = 11 [pid 437] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 437] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 437] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=437, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 27.090809][ T437] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.122159][ T438] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-437: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x555580e9b660, 24) = 0 [pid 357] <... clone resumed>, child_tidptr=0x555580e9b650) = 443 [pid 443] chdir("./16") = 0 [pid 443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 443] setpgid(0, 0) = 0 [pid 443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 443] write(3, "1000", 4) = 4 [pid 443] close(3) = 0 [pid 443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 443] write(1, "executing program\n", 18executing program ) = 18 [pid 443] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 443] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 443] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 443] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 443] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 443] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 443] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 443] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 443] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 443] memfd_create("syzkaller", 0) = 5 [pid 443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 443] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 443] munmap(0x7f9466c6c000, 138412032) = 0 [pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 443] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 443] close(5) = 0 [pid 443] close(6) = 0 [pid 443] mkdir("./file0", 0777) = 0 [pid 443] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 443] chdir("./file0") = 0 [pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 443] ioctl(6, LOOP_CLR_FD) = 0 [pid 443] close(6) = 0 [pid 443] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 443] write(6, "#! ./file1\n", 11) = 11 [pid 443] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 443] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 443] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=443, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 27.243999][ T443] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.275189][ T444] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-443: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 448 attached [pid 448] set_robust_list(0x555580e9b660, 24) = 0 [pid 448] chdir("./17" [pid 357] <... clone resumed>, child_tidptr=0x555580e9b650) = 448 [pid 448] <... chdir resumed>) = 0 [pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 448] setpgid(0, 0) = 0 [pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 448] write(3, "1000", 4) = 4 [pid 448] close(3) = 0 [pid 448] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 448] write(1, "executing program\n", 18) = 18 [pid 448] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 448] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 448] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 448] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 448] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 448] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 448] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 448] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 448] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 448] memfd_create("syzkaller", 0) = 5 [pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 448] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 448] munmap(0x7f9466c6c000, 138412032) = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 448] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 448] close(5) = 0 [pid 448] close(6) = 0 [pid 448] mkdir("./file0", 0777) = 0 [pid 448] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 448] chdir("./file0") = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 448] ioctl(6, LOOP_CLR_FD) = 0 [pid 448] close(6) = 0 [pid 448] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 448] write(6, "#! ./file1\n", 11) = 11 [pid 448] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 448] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 448] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=448, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 27.409654][ T448] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.441710][ T449] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-448: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 453 ./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x555580e9b660, 24) = 0 [pid 453] chdir("./18") = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 453] setpgid(0, 0) = 0 [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 453] write(3, "1000", 4) = 4 [pid 453] close(3) = 0 [pid 453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 453] write(1, "executing program\n", 18executing program ) = 18 [pid 453] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 453] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 453] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 453] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 453] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 453] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 453] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 453] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 453] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 453] memfd_create("syzkaller", 0) = 5 [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 453] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 453] munmap(0x7f9466c6c000, 138412032) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 453] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 453] close(5) = 0 [pid 453] close(6) = 0 [pid 453] mkdir("./file0", 0777) = 0 [pid 453] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 453] chdir("./file0") = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 453] ioctl(6, LOOP_CLR_FD) = 0 [pid 453] close(6) = 0 [pid 453] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 453] write(6, "#! ./file1\n", 11) = 11 [pid 453] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.700196][ T453] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 453] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 453] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=453, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 27.741330][ T454] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-453: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 458 ./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x555580e9b660, 24) = 0 [pid 458] chdir("./19") = 0 [pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 458] setpgid(0, 0) = 0 [pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 458] write(3, "1000", 4) = 4 [pid 458] close(3) = 0 [pid 458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 458] write(1, "executing program\n", 18executing program ) = 18 [pid 458] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 458] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 458] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 458] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 458] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 458] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 458] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 458] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 458] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 458] memfd_create("syzkaller", 0) = 5 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 458] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 458] munmap(0x7f9466c6c000, 138412032) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 458] close(5) = 0 [pid 458] close(6) = 0 [pid 458] mkdir("./file0", 0777) = 0 [pid 458] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 458] chdir("./file0") = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_CLR_FD) = 0 [pid 458] close(6) = 0 [pid 458] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 458] write(6, "#! ./file1\n", 11) = 11 [pid 458] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 458] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=458, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 27.909168][ T458] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.940084][ T459] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-458: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 463 ./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x555580e9b660, 24) = 0 [pid 463] chdir("./20") = 0 [pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 463] setpgid(0, 0) = 0 [pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 463] write(3, "1000", 4) = 4 [pid 463] close(3) = 0 [pid 463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 463] write(1, "executing program\n", 18executing program ) = 18 [pid 463] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 463] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 463] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 463] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 463] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 463] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 463] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 463] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 463] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 463] memfd_create("syzkaller", 0) = 5 [pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 463] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 463] munmap(0x7f9466c6c000, 138412032) = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 463] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 463] close(5) = 0 [pid 463] close(6) = 0 [pid 463] mkdir("./file0", 0777) = 0 [pid 463] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 463] chdir("./file0") = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 463] ioctl(6, LOOP_CLR_FD) = 0 [pid 463] close(6) = 0 [pid 463] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 463] write(6, "#! ./file1\n", 11) = 11 [pid 463] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 463] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 463] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=463, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 28.100138][ T463] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.131691][ T464] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-463: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 469 ./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x555580e9b660, 24) = 0 [pid 469] chdir("./21") = 0 [pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 469] setpgid(0, 0) = 0 [pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 469] write(3, "1000", 4) = 4 [pid 469] close(3) = 0 [pid 469] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 469] write(1, "executing program\n", 18) = 18 [pid 469] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 469] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 469] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 469] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 469] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 469] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 469] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 469] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 469] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 469] memfd_create("syzkaller", 0) = 5 [pid 469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 469] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 469] munmap(0x7f9466c6c000, 138412032) = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 469] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 469] close(5) = 0 [pid 469] close(6) = 0 [pid 469] mkdir("./file0", 0777) = 0 [pid 469] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 469] chdir("./file0") = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 469] ioctl(6, LOOP_CLR_FD) = 0 [pid 469] close(6) = 0 [pid 469] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 469] write(6, "#! ./file1\n", 11) = 11 [pid 469] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 469] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 469] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=469, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 28.300152][ T469] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.330546][ T470] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-469: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 474 ./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x555580e9b660, 24) = 0 [pid 474] chdir("./22") = 0 [pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 474] setpgid(0, 0) = 0 [pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 474] write(3, "1000", 4) = 4 [pid 474] close(3) = 0 [pid 474] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 474] write(1, "executing program\n", 18) = 18 [pid 474] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 474] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 474] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 474] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 474] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 474] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 474] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 474] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 474] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 474] memfd_create("syzkaller", 0) = 5 [pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 474] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 474] munmap(0x7f9466c6c000, 138412032) = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 474] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 474] close(5) = 0 [pid 474] close(6) = 0 [pid 474] mkdir("./file0", 0777) = 0 [pid 474] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 474] chdir("./file0") = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 474] ioctl(6, LOOP_CLR_FD) = 0 [pid 474] close(6) = 0 [pid 474] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 474] write(6, "#! ./file1\n", 11) = 11 [pid 474] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 474] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 474] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=474, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 28.438973][ T474] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.470117][ T475] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-474: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 479 ./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x555580e9b660, 24) = 0 [pid 479] chdir("./23") = 0 [pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 479] setpgid(0, 0) = 0 [pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 479] write(3, "1000", 4) = 4 [pid 479] close(3) = 0 [pid 479] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 479] write(1, "executing program\n", 18) = 18 [pid 479] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 479] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 479] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 479] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 479] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 479] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 479] memfd_create("syzkaller", 0) = 5 [pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 479] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 479] munmap(0x7f9466c6c000, 138412032) = 0 [pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 479] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 479] close(5) = 0 [pid 479] close(6) = 0 [pid 479] mkdir("./file0", 0777) = 0 [pid 479] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 479] chdir("./file0") = 0 [pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 479] ioctl(6, LOOP_CLR_FD) = 0 [pid 479] close(6) = 0 [pid 479] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 479] write(6, "#! ./file1\n", 11) = 11 [pid 479] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 479] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 479] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=479, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 28.600210][ T479] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.631107][ T480] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-479: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 484 ./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x555580e9b660, 24) = 0 [pid 484] chdir("./24") = 0 [pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 484] setpgid(0, 0) = 0 [pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 484] write(3, "1000", 4) = 4 [pid 484] close(3) = 0 [pid 484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 484] write(1, "executing program\n", 18executing program ) = 18 [pid 484] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 484] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 484] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 484] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 484] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 484] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 484] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 484] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 484] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 484] memfd_create("syzkaller", 0) = 5 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 484] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 484] munmap(0x7f9466c6c000, 138412032) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 484] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 484] close(5) = 0 [pid 484] close(6) = 0 [pid 484] mkdir("./file0", 0777) = 0 [pid 484] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 484] chdir("./file0") = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 484] ioctl(6, LOOP_CLR_FD) = 0 [pid 484] close(6) = 0 [pid 484] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 484] write(6, "#! ./file1\n", 11) = 11 [pid 484] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 484] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 484] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=484, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 28.756338][ T484] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.787230][ T485] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-484: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x555580e9b660, 24) = 0 [pid 489] chdir("./25") = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 489] setpgid(0, 0) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 489] write(3, "1000", 4) = 4 [pid 489] close(3) = 0 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 489] write(1, "executing program\n", 18executing program ) = 18 [pid 489] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 489] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 489] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 489] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 489] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 489] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 489] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 489] memfd_create("syzkaller", 0) = 5 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 489] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 489] munmap(0x7f9466c6c000, 138412032) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 489] close(5) = 0 [pid 489] close(6) = 0 [pid 489] mkdir("./file0", 0777) = 0 [pid 489] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 489] chdir("./file0") = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_CLR_FD) = 0 [pid 489] close(6) = 0 [pid 489] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 489] write(6, "#! ./file1\n", 11) = 11 [pid 489] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.890171][ T489] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 489] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 489] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=489, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 28.929327][ T489] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 494 ./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x555580e9b660, 24) = 0 [pid 494] chdir("./26") = 0 [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 494] setpgid(0, 0) = 0 [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 494] write(3, "1000", 4) = 4 [pid 494] close(3) = 0 [pid 494] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 494] write(1, "executing program\n", 18) = 18 [pid 494] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 494] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 494] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 494] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 494] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 494] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 494] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 494] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 494] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 494] memfd_create("syzkaller", 0) = 5 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 494] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 494] munmap(0x7f9466c6c000, 138412032) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 494] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 494] close(5) = 0 [pid 494] close(6) = 0 [pid 494] mkdir("./file0", 0777) = 0 [pid 494] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 494] chdir("./file0") = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 494] ioctl(6, LOOP_CLR_FD) = 0 [pid 494] close(6) = 0 [pid 494] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 494] write(6, "#! ./file1\n", 11) = 11 [pid 494] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 494] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 494] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=494, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 29.060213][ T494] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.082855][ T494] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 499 ./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x555580e9b660, 24) = 0 [pid 499] chdir("./27") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 499] write(1, "executing program\n", 18executing program ) = 18 [pid 499] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 499] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 499] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 499] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 499] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 499] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 499] memfd_create("syzkaller", 0) = 5 [pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 499] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 499] munmap(0x7f9466c6c000, 138412032) = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 499] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 499] close(5) = 0 [pid 499] close(6) = 0 [pid 499] mkdir("./file0", 0777) = 0 [pid 499] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 499] chdir("./file0") = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 499] ioctl(6, LOOP_CLR_FD) = 0 [pid 499] close(6) = 0 [pid 499] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 499] write(6, "#! ./file1\n", 11) = 11 [pid 499] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.220257][ T499] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 499] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 499] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=499, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 29.263688][ T500] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-499: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x555580e9b660, 24) = 0 [pid 505] chdir("./28") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 505] write(1, "executing program\n", 18) = 18 [pid 505] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 505] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 505] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 505] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 505] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 505] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 505] memfd_create("syzkaller", 0) = 5 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 505] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 505] munmap(0x7f9466c6c000, 138412032) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 505] close(5) = 0 [pid 505] close(6) = 0 [pid 505] mkdir("./file0", 0777) = 0 [pid 505] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 505] chdir("./file0") = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_CLR_FD) = 0 [pid 505] close(6) = 0 [pid 505] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 505] write(6, "#! ./file1\n", 11) = 11 [ 29.410229][ T505] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 505] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 505] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=505, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 29.450568][ T505] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 510 ./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x555580e9b660, 24) = 0 [pid 510] chdir("./29") = 0 [pid 510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 510] setpgid(0, 0) = 0 [pid 510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 510] write(3, "1000", 4) = 4 [pid 510] close(3) = 0 [pid 510] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 510] write(1, "executing program\n", 18) = 18 [pid 510] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 510] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 510] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 510] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 510] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 510] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 510] memfd_create("syzkaller", 0) = 5 [pid 510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 510] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 510] munmap(0x7f9466c6c000, 138412032) = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 510] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 510] close(5) = 0 [pid 510] close(6) = 0 [pid 510] mkdir("./file0", 0777) = 0 [pid 510] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 510] chdir("./file0") = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 510] ioctl(6, LOOP_CLR_FD) = 0 [pid 510] close(6) = 0 [pid 510] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 510] write(6, "#! ./file1\n", 11) = 11 [pid 510] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 510] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=510, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 29.630154][ T510] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.661765][ T511] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-510: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 515 ./strace-static-x86_64: Process 515 attached [pid 515] set_robust_list(0x555580e9b660, 24) = 0 [pid 515] chdir("./30") = 0 [pid 515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 515] setpgid(0, 0) = 0 [pid 515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 515] write(3, "1000", 4) = 4 [pid 515] close(3) = 0 [pid 515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 515] write(1, "executing program\n", 18) = 18 executing program [pid 515] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 515] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 515] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 515] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 515] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 515] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 515] memfd_create("syzkaller", 0) = 5 [pid 515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 515] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 515] munmap(0x7f9466c6c000, 138412032) = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 515] close(5) = 0 [pid 515] close(6) = 0 [pid 515] mkdir("./file0", 0777) = 0 [pid 515] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 515] chdir("./file0") = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_CLR_FD) = 0 [pid 515] close(6) = 0 [pid 515] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 515] write(6, "#! ./file1\n", 11) = 11 [pid 515] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 515] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=515, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 29.800456][ T515] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.830957][ T516] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-515: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x555580e9b660, 24) = 0 [pid 520] chdir("./31") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] write(1, "executing program\n", 18executing program ) = 18 [pid 520] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 520] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 520] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 520] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 520] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 520] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 520] memfd_create("syzkaller", 0) = 5 [pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 520] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 520] munmap(0x7f9466c6c000, 138412032) = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 520] close(5) = 0 [pid 520] close(6) = 0 [pid 520] mkdir("./file0", 0777) = 0 [pid 520] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 520] chdir("./file0") = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_CLR_FD) = 0 [pid 520] close(6) = 0 [pid 520] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 520] write(6, "#! ./file1\n", 11) = 11 [pid 520] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 520] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=520, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 29.976524][ T520] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.008266][ T521] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-520: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 525 ./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x555580e9b660, 24) = 0 [pid 525] chdir("./32") = 0 [pid 525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 525] setpgid(0, 0) = 0 [pid 525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 525] write(3, "1000", 4) = 4 [pid 525] close(3) = 0 [pid 525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 525] write(1, "executing program\n", 18executing program ) = 18 [pid 525] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 525] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 525] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 525] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 525] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 525] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 525] memfd_create("syzkaller", 0) = 5 [pid 525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 525] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 525] munmap(0x7f9466c6c000, 138412032) = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 525] close(5) = 0 [pid 525] close(6) = 0 [pid 525] mkdir("./file0", 0777) = 0 [pid 525] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 525] chdir("./file0") = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_CLR_FD) = 0 [pid 525] close(6) = 0 [pid 525] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 525] write(6, "#! ./file1\n", 11) = 11 [pid 525] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 525] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=525, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 30.140238][ T525] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.172513][ T526] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-525: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 531 ./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x555580e9b660, 24) = 0 [pid 531] chdir("./33") = 0 [pid 531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 531] setpgid(0, 0) = 0 [pid 531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 531] write(3, "1000", 4) = 4 [pid 531] close(3) = 0 [pid 531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 531] write(1, "executing program\n", 18executing program ) = 18 [pid 531] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 531] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 531] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 531] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 531] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 531] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 531] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 531] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 531] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 531] memfd_create("syzkaller", 0) = 5 [pid 531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 531] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 531] munmap(0x7f9466c6c000, 138412032) = 0 [pid 531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 531] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 531] close(5) = 0 [pid 531] close(6) = 0 [pid 531] mkdir("./file0", 0777) = 0 [pid 531] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 531] chdir("./file0") = 0 [pid 531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 531] ioctl(6, LOOP_CLR_FD) = 0 [pid 531] close(6) = 0 [pid 531] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 531] write(6, "#! ./file1\n", 11) = 11 [pid 531] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 531] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 531] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=531, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 30.350099][ T531] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.381006][ T532] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-531: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 536 ./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x555580e9b660, 24) = 0 [pid 536] chdir("./34") = 0 [pid 536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 536] setpgid(0, 0) = 0 [pid 536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 536] write(3, "1000", 4) = 4 [pid 536] close(3) = 0 [pid 536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 536] write(1, "executing program\n", 18executing program ) = 18 [pid 536] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 536] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 536] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 536] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 536] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 536] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 536] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 536] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 536] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 536] memfd_create("syzkaller", 0) = 5 [pid 536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 536] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 536] munmap(0x7f9466c6c000, 138412032) = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 536] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 536] close(5) = 0 [pid 536] close(6) = 0 [pid 536] mkdir("./file0", 0777) = 0 [pid 536] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 536] chdir("./file0") = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 536] ioctl(6, LOOP_CLR_FD) = 0 [pid 536] close(6) = 0 [pid 536] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 536] write(6, "#! ./file1\n", 11) = 11 [pid 536] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 536] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 536] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=536, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 30.540288][ T536] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.570774][ T537] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-536: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 541 ./strace-static-x86_64: Process 541 attached [pid 541] set_robust_list(0x555580e9b660, 24) = 0 [pid 541] chdir("./35") = 0 [pid 541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 541] setpgid(0, 0) = 0 [pid 541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "1000", 4) = 4 [pid 541] close(3) = 0 [pid 541] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 541] write(1, "executing program\n", 18) = 18 [pid 541] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 541] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 541] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 541] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 541] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 541] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 541] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 541] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 541] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 541] memfd_create("syzkaller", 0) = 5 [pid 541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 541] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 541] munmap(0x7f9466c6c000, 138412032) = 0 [pid 541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 541] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 541] close(5) = 0 [pid 541] close(6) = 0 [pid 541] mkdir("./file0", 0777) = 0 [pid 541] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 541] chdir("./file0") = 0 [pid 541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 541] ioctl(6, LOOP_CLR_FD) = 0 [pid 541] close(6) = 0 [pid 541] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 541] write(6, "#! ./file1\n", 11) = 11 [pid 541] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 541] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 541] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=541, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 30.779824][ T541] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.802743][ T541] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 546 ./strace-static-x86_64: Process 546 attached [pid 546] set_robust_list(0x555580e9b660, 24) = 0 [pid 546] chdir("./36") = 0 [pid 546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 546] setpgid(0, 0) = 0 [pid 546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 546] write(3, "1000", 4) = 4 [pid 546] close(3) = 0 [pid 546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 546] write(1, "executing program\n", 18executing program ) = 18 [pid 546] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 546] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 546] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 546] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 546] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 546] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 546] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 546] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 546] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 546] memfd_create("syzkaller", 0) = 5 [pid 546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 546] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 546] munmap(0x7f9466c6c000, 138412032) = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 546] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 546] close(5) = 0 [pid 546] close(6) = 0 [pid 546] mkdir("./file0", 0777) = 0 [pid 546] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 546] chdir("./file0") = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 546] ioctl(6, LOOP_CLR_FD) = 0 [pid 546] close(6) = 0 [pid 546] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 546] write(6, "#! ./file1\n", 11) = 11 [pid 546] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 546] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 546] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=546, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 30.990177][ T546] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.021058][ T547] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-546: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 551 ./strace-static-x86_64: Process 551 attached [pid 551] set_robust_list(0x555580e9b660, 24) = 0 [pid 551] chdir("./37") = 0 [pid 551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 551] setpgid(0, 0) = 0 [pid 551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 551] write(3, "1000", 4) = 4 [pid 551] close(3) = 0 [pid 551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 551] write(1, "executing program\n", 18executing program ) = 18 [pid 551] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 551] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 551] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 551] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 551] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 551] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 551] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 551] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 551] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 551] memfd_create("syzkaller", 0) = 5 [pid 551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 551] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 551] munmap(0x7f9466c6c000, 138412032) = 0 [pid 551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 551] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 551] close(5) = 0 [pid 551] close(6) = 0 [pid 551] mkdir("./file0", 0777) = 0 [pid 551] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 551] chdir("./file0") = 0 [pid 551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 551] ioctl(6, LOOP_CLR_FD) = 0 [pid 551] close(6) = 0 [pid 551] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 551] write(6, "#! ./file1\n", 11) = 11 [pid 551] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 551] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 551] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=551, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 31.150346][ T551] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.176566][ T552] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-551: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 557 attached , child_tidptr=0x555580e9b650) = 557 [pid 557] set_robust_list(0x555580e9b660, 24) = 0 [pid 557] chdir("./38") = 0 [pid 557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 557] setpgid(0, 0) = 0 [pid 557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 557] write(3, "1000", 4) = 4 [pid 557] close(3) = 0 [pid 557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 557] write(1, "executing program\n", 18executing program ) = 18 [pid 557] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 557] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 557] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 557] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 557] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 557] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 557] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 557] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 557] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 557] memfd_create("syzkaller", 0) = 5 [pid 557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 557] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 557] munmap(0x7f9466c6c000, 138412032) = 0 [pid 557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 557] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 557] close(5) = 0 [pid 557] close(6) = 0 [pid 557] mkdir("./file0", 0777) = 0 [pid 557] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 557] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 557] chdir("./file0") = 0 [pid 557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 557] ioctl(6, LOOP_CLR_FD) = 0 [pid 557] close(6) = 0 [pid 557] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 557] write(6, "#! ./file1\n", 11) = 11 [pid 557] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 557] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 557] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=557, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 31.380142][ T557] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.405072][ T557] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 562 ./strace-static-x86_64: Process 562 attached [pid 562] set_robust_list(0x555580e9b660, 24) = 0 [pid 562] chdir("./39") = 0 [pid 562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 562] setpgid(0, 0) = 0 [pid 562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 562] write(3, "1000", 4) = 4 [pid 562] close(3) = 0 [pid 562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 562] write(1, "executing program\n", 18executing program ) = 18 [pid 562] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 562] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 562] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 562] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 562] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 562] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 562] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 562] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 562] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 562] memfd_create("syzkaller", 0) = 5 [pid 562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 562] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 562] munmap(0x7f9466c6c000, 138412032) = 0 [pid 562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 562] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 562] close(5) = 0 [pid 562] close(6) = 0 [pid 562] mkdir("./file0", 0777) = 0 [pid 562] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 562] chdir("./file0") = 0 [pid 562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 562] ioctl(6, LOOP_CLR_FD) = 0 [pid 562] close(6) = 0 [pid 562] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 562] write(6, "#! ./file1\n", 11) = 11 [pid 562] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 562] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 562] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=562, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 31.530223][ T562] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.555176][ T562] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 567 ./strace-static-x86_64: Process 567 attached [pid 567] set_robust_list(0x555580e9b660, 24) = 0 [pid 567] chdir("./40") = 0 [pid 567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 567] setpgid(0, 0) = 0 [pid 567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 567] write(3, "1000", 4) = 4 [pid 567] close(3) = 0 [pid 567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 567] write(1, "executing program\n", 18executing program ) = 18 [pid 567] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 567] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 567] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 567] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 567] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 567] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 567] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 567] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 567] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 567] memfd_create("syzkaller", 0) = 5 [pid 567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 567] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 567] munmap(0x7f9466c6c000, 138412032) = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 567] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 567] close(5) = 0 [pid 567] close(6) = 0 [pid 567] mkdir("./file0", 0777) = 0 [pid 567] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 567] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 567] chdir("./file0") = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 567] ioctl(6, LOOP_CLR_FD) = 0 [pid 567] close(6) = 0 [pid 567] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 567] write(6, "#! ./file1\n", 11) = 11 [pid 567] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 567] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 567] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=567, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 31.710486][ T567] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.741543][ T568] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-567: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 572 ./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x555580e9b660, 24) = 0 [pid 572] chdir("./41") = 0 [pid 572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 572] setpgid(0, 0) = 0 [pid 572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 572] write(3, "1000", 4) = 4 [pid 572] close(3) = 0 [pid 572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 572] write(1, "executing program\n", 18executing program ) = 18 [pid 572] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 572] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 572] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 572] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 572] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 572] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 572] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 572] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 572] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 572] memfd_create("syzkaller", 0) = 5 [pid 572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 572] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 572] munmap(0x7f9466c6c000, 138412032) = 0 [pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 572] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 572] close(5) = 0 [pid 572] close(6) = 0 [pid 572] mkdir("./file0", 0777) = 0 [pid 572] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 572] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 572] chdir("./file0") = 0 [pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 572] ioctl(6, LOOP_CLR_FD) = 0 [pid 572] close(6) = 0 [pid 572] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 572] write(6, "#! ./file1\n", 11) = 11 [pid 572] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 32.000381][ T572] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 572] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 572] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=572, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 32.041168][ T573] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-572: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 577 ./strace-static-x86_64: Process 577 attached [pid 577] set_robust_list(0x555580e9b660, 24) = 0 [pid 577] chdir("./42") = 0 [pid 577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 577] setpgid(0, 0) = 0 [pid 577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 577] write(3, "1000", 4) = 4 [pid 577] close(3) = 0 [pid 577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 577] write(1, "executing program\n", 18executing program ) = 18 [pid 577] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 577] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 577] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 577] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 577] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 577] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 577] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 577] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 577] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 577] memfd_create("syzkaller", 0) = 5 [pid 577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 577] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 577] munmap(0x7f9466c6c000, 138412032) = 0 [pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 577] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 577] close(5) = 0 [pid 577] close(6) = 0 [pid 577] mkdir("./file0", 0777) = 0 [pid 577] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 577] chdir("./file0") = 0 [pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 577] ioctl(6, LOOP_CLR_FD) = 0 [pid 577] close(6) = 0 [pid 577] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 577] write(6, "#! ./file1\n", 11) = 11 [pid 577] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 577] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 577] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=577, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 32.160642][ T577] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.183121][ T577] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 583 ./strace-static-x86_64: Process 583 attached [pid 583] set_robust_list(0x555580e9b660, 24) = 0 [pid 583] chdir("./43") = 0 [pid 583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 583] setpgid(0, 0) = 0 [pid 583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 583] write(3, "1000", 4) = 4 [pid 583] close(3) = 0 [pid 583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 583] write(1, "executing program\n", 18executing program ) = 18 [pid 583] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 583] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 583] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 583] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 583] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 583] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 583] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 583] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 583] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 583] memfd_create("syzkaller", 0) = 5 [pid 583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 583] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 583] munmap(0x7f9466c6c000, 138412032) = 0 [pid 583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 583] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 583] close(5) = 0 [pid 583] close(6) = 0 [pid 583] mkdir("./file0", 0777) = 0 [pid 583] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 583] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 583] chdir("./file0") = 0 [pid 583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 583] ioctl(6, LOOP_CLR_FD) = 0 [pid 583] close(6) = 0 [pid 583] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 583] write(6, "#! ./file1\n", 11) = 11 [pid 583] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 583] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 583] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=583, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 32.310533][ T583] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.333587][ T583] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 588 ./strace-static-x86_64: Process 588 attached [pid 588] set_robust_list(0x555580e9b660, 24) = 0 [pid 588] chdir("./44") = 0 [pid 588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 588] setpgid(0, 0) = 0 [pid 588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 588] write(3, "1000", 4) = 4 [pid 588] close(3) = 0 [pid 588] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 588] write(1, "executing program\n", 18) = 18 [pid 588] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 588] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 588] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 588] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 588] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 588] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 588] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 588] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 588] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 588] memfd_create("syzkaller", 0) = 5 [pid 588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 588] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 588] munmap(0x7f9466c6c000, 138412032) = 0 [pid 588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 588] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 588] close(5) = 0 [pid 588] close(6) = 0 [pid 588] mkdir("./file0", 0777) = 0 [pid 588] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 588] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 588] chdir("./file0") = 0 [pid 588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 588] ioctl(6, LOOP_CLR_FD) = 0 [pid 588] close(6) = 0 [pid 588] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 588] write(6, "#! ./file1\n", 11) = 11 [pid 588] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 588] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 588] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=588, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 32.450358][ T588] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.480738][ T588] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 593 ./strace-static-x86_64: Process 593 attached [pid 593] set_robust_list(0x555580e9b660, 24) = 0 [pid 593] chdir("./45") = 0 [pid 593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 593] setpgid(0, 0) = 0 [pid 593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 593] write(3, "1000", 4) = 4 [pid 593] close(3) = 0 [pid 593] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 593] write(1, "executing program\n", 18) = 18 [pid 593] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 593] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 593] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 593] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 593] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 593] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 593] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 593] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 593] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 593] memfd_create("syzkaller", 0) = 5 [pid 593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 593] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 593] munmap(0x7f9466c6c000, 138412032) = 0 [pid 593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 593] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 593] close(5) = 0 [pid 593] close(6) = 0 [pid 593] mkdir("./file0", 0777) = 0 [pid 593] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 593] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 593] chdir("./file0") = 0 [pid 593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 593] ioctl(6, LOOP_CLR_FD) = 0 [pid 593] close(6) = 0 [pid 593] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 593] write(6, "#! ./file1\n", 11) = 11 [pid 593] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 593] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 593] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=593, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 32.650897][ T593] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.679806][ T593] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 598 attached , child_tidptr=0x555580e9b650) = 598 [pid 598] set_robust_list(0x555580e9b660, 24) = 0 [pid 598] chdir("./46") = 0 [pid 598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 598] setpgid(0, 0) = 0 [pid 598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 598] write(3, "1000", 4) = 4 [pid 598] close(3) = 0 [pid 598] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 598] write(1, "executing program\n", 18) = 18 [pid 598] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 598] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 598] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 598] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 598] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 598] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 598] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 598] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 598] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 598] memfd_create("syzkaller", 0) = 5 [pid 598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 598] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 598] munmap(0x7f9466c6c000, 138412032) = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 598] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 598] close(5) = 0 [pid 598] close(6) = 0 [pid 598] mkdir("./file0", 0777) = 0 [pid 598] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 598] chdir("./file0") = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 598] ioctl(6, LOOP_CLR_FD) = 0 [pid 598] close(6) = 0 [pid 598] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 598] write(6, "#! ./file1\n", 11) = 11 [pid 598] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 598] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 598] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=598, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 32.780154][ T598] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.811302][ T599] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-598: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 603 ./strace-static-x86_64: Process 603 attached [pid 603] set_robust_list(0x555580e9b660, 24) = 0 [pid 603] chdir("./47") = 0 [pid 603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 603] setpgid(0, 0) = 0 [pid 603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 603] write(3, "1000", 4) = 4 [pid 603] close(3) = 0 [pid 603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 603] write(1, "executing program\n", 18executing program ) = 18 [pid 603] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 603] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 603] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 603] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 603] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 603] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 603] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 603] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 603] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 603] memfd_create("syzkaller", 0) = 5 [pid 603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 603] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 603] munmap(0x7f9466c6c000, 138412032) = 0 [pid 603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 603] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 603] close(5) = 0 [pid 603] close(6) = 0 [pid 603] mkdir("./file0", 0777) = 0 [pid 603] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 603] chdir("./file0") = 0 [pid 603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 603] ioctl(6, LOOP_CLR_FD) = 0 [pid 603] close(6) = 0 [pid 603] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 603] write(6, "#! ./file1\n", 11) = 11 [pid 603] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 603] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 603] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=603, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 32.986928][ T603] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.019831][ T604] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-603: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 608 attached [pid 608] set_robust_list(0x555580e9b660, 24) = 0 [pid 357] <... clone resumed>, child_tidptr=0x555580e9b650) = 608 [pid 608] chdir("./48") = 0 [pid 608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 608] setpgid(0, 0) = 0 [pid 608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 608] write(3, "1000", 4) = 4 [pid 608] close(3) = 0 [pid 608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 608] write(1, "executing program\n", 18executing program ) = 18 [pid 608] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 608] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 608] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 608] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 608] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 608] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 608] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 608] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 608] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 608] memfd_create("syzkaller", 0) = 5 [pid 608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 608] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 608] munmap(0x7f9466c6c000, 138412032) = 0 [pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 608] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 608] close(5) = 0 [pid 608] close(6) = 0 [pid 608] mkdir("./file0", 0777) = 0 [pid 608] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 608] chdir("./file0") = 0 [pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 608] ioctl(6, LOOP_CLR_FD) = 0 [pid 608] close(6) = 0 [pid 608] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 608] write(6, "#! ./file1\n", 11) = 11 [pid 608] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.189522][ T608] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 608] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 608] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=608, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 33.229813][ T609] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-608: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 614 ./strace-static-x86_64: Process 614 attached [pid 614] set_robust_list(0x555580e9b660, 24) = 0 [pid 614] chdir("./49") = 0 [pid 614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 614] setpgid(0, 0) = 0 [pid 614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 614] write(3, "1000", 4) = 4 [pid 614] close(3) = 0 [pid 614] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 614] write(1, "executing program\n", 18) = 18 [pid 614] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 614] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 614] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 614] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 614] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 614] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 614] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 614] memfd_create("syzkaller", 0) = 5 [pid 614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 614] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 614] munmap(0x7f9466c6c000, 138412032) = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 614] close(5) = 0 [pid 614] close(6) = 0 [pid 614] mkdir("./file0", 0777) = 0 [pid 614] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 614] chdir("./file0") = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_CLR_FD) = 0 [pid 614] close(6) = 0 [pid 614] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 614] write(6, "#! ./file1\n", 11) = 11 [pid 614] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 614] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 614] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=614, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 33.420570][ T614] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.445311][ T614] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 619 attached , child_tidptr=0x555580e9b650) = 619 [pid 619] set_robust_list(0x555580e9b660, 24) = 0 [pid 619] chdir("./50") = 0 [pid 619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 619] setpgid(0, 0) = 0 [pid 619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 619] write(3, "1000", 4) = 4 [pid 619] close(3) = 0 [pid 619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 619] write(1, "executing program\n", 18executing program ) = 18 [pid 619] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 619] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 619] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 619] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 619] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 619] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 619] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 619] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 619] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 619] memfd_create("syzkaller", 0) = 5 [pid 619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 619] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 619] munmap(0x7f9466c6c000, 138412032) = 0 [pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 619] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 619] close(5) = 0 [pid 619] close(6) = 0 [pid 619] mkdir("./file0", 0777) = 0 [pid 619] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 619] chdir("./file0") = 0 [pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 619] ioctl(6, LOOP_CLR_FD) = 0 [pid 619] close(6) = 0 [pid 619] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 619] write(6, "#! ./file1\n", 11) = 11 [pid 619] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.690694][ T619] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 619] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 619] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=619, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 33.731233][ T620] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-619: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 624 ./strace-static-x86_64: Process 624 attached [pid 624] set_robust_list(0x555580e9b660, 24) = 0 [pid 624] chdir("./51") = 0 [pid 624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 624] setpgid(0, 0) = 0 [pid 624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 624] write(3, "1000", 4) = 4 [pid 624] close(3) = 0 [pid 624] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 624] write(1, "executing program\n", 18) = 18 [pid 624] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 624] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 624] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 624] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 624] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 624] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 624] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 624] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 624] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 624] memfd_create("syzkaller", 0) = 5 [pid 624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 624] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 624] munmap(0x7f9466c6c000, 138412032) = 0 [pid 624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 624] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 624] close(5) = 0 [pid 624] close(6) = 0 [pid 624] mkdir("./file0", 0777) = 0 [pid 624] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 624] chdir("./file0") = 0 [pid 624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 624] ioctl(6, LOOP_CLR_FD) = 0 [pid 624] close(6) = 0 [pid 624] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 624] write(6, "#! ./file1\n", 11) = 11 [pid 624] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 624] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 624] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=624, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 33.867848][ T624] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.891148][ T624] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 629 attached , child_tidptr=0x555580e9b650) = 629 [pid 629] set_robust_list(0x555580e9b660, 24) = 0 [pid 629] chdir("./52") = 0 [pid 629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 629] setpgid(0, 0) = 0 [pid 629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 629] write(3, "1000", 4) = 4 [pid 629] close(3) = 0 [pid 629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 629] write(1, "executing program\n", 18executing program ) = 18 [pid 629] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 629] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 629] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 629] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 629] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 629] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 629] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 629] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 629] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 629] memfd_create("syzkaller", 0) = 5 [pid 629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 629] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 629] munmap(0x7f9466c6c000, 138412032) = 0 [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 629] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 629] close(5) = 0 [pid 629] close(6) = 0 [pid 629] mkdir("./file0", 0777) = 0 [pid 629] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 629] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 629] chdir("./file0") = 0 [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 629] ioctl(6, LOOP_CLR_FD) = 0 [pid 629] close(6) = 0 [pid 629] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 629] write(6, "#! ./file1\n", 11) = 11 [pid 629] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 629] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 629] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=629, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 34.049791][ T629] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.084587][ T630] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-629: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 635 ./strace-static-x86_64: Process 635 attached [pid 635] set_robust_list(0x555580e9b660, 24) = 0 [pid 635] chdir("./53") = 0 [pid 635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 635] setpgid(0, 0) = 0 [pid 635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 635] write(3, "1000", 4) = 4 [pid 635] close(3) = 0 [pid 635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 635] write(1, "executing program\n", 18executing program ) = 18 [pid 635] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 635] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 635] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 635] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 635] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 635] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 635] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 635] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 635] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 635] memfd_create("syzkaller", 0) = 5 [pid 635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 635] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 635] munmap(0x7f9466c6c000, 138412032) = 0 [pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 635] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 635] close(5) = 0 [pid 635] close(6) = 0 [pid 635] mkdir("./file0", 0777) = 0 [pid 635] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 635] chdir("./file0") = 0 [pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 635] ioctl(6, LOOP_CLR_FD) = 0 [pid 635] close(6) = 0 [pid 635] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 635] write(6, "#! ./file1\n", 11) = 11 [pid 635] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 635] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=635, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 34.287238][ T635] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.319939][ T636] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-635: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 640 ./strace-static-x86_64: Process 640 attached [pid 640] set_robust_list(0x555580e9b660, 24) = 0 [pid 640] chdir("./54") = 0 [pid 640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 640] setpgid(0, 0) = 0 [pid 640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 640] write(3, "1000", 4) = 4 [pid 640] close(3) = 0 [pid 640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 640] write(1, "executing program\n", 18executing program ) = 18 [pid 640] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 640] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 640] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 640] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 640] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 640] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 640] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 640] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 640] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 640] memfd_create("syzkaller", 0) = 5 [pid 640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 640] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 640] munmap(0x7f9466c6c000, 138412032) = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 640] close(5) = 0 [pid 640] close(6) = 0 [pid 640] mkdir("./file0", 0777) = 0 [pid 640] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 640] chdir("./file0") = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_CLR_FD) = 0 [pid 640] close(6) = 0 [pid 640] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 640] write(6, "#! ./file1\n", 11) = 11 [pid 640] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 640] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=640, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 34.500527][ T640] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.532680][ T641] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-640: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 645 attached [pid 645] set_robust_list(0x555580e9b660, 24) = 0 [pid 645] chdir("./55" [pid 357] <... clone resumed>, child_tidptr=0x555580e9b650) = 645 [pid 645] <... chdir resumed>) = 0 [pid 645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 645] setpgid(0, 0) = 0 [pid 645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 645] write(3, "1000", 4) = 4 [pid 645] close(3) = 0 [pid 645] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 645] write(1, "executing program\n", 18) = 18 [pid 645] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 645] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 645] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 645] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 645] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 645] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 645] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 645] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 645] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 645] memfd_create("syzkaller", 0) = 5 [pid 645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 645] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 645] munmap(0x7f9466c6c000, 138412032) = 0 [pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 645] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 645] close(5) = 0 [pid 645] close(6) = 0 [pid 645] mkdir("./file0", 0777) = 0 [pid 645] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 645] chdir("./file0") = 0 [pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 645] ioctl(6, LOOP_CLR_FD) = 0 [pid 645] close(6) = 0 [pid 645] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 645] write(6, "#! ./file1\n", 11) = 11 [pid 645] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 34.730425][ T645] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 645] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=645, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 34.771932][ T646] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-645: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 650 ./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x555580e9b660, 24) = 0 [pid 650] chdir("./56") = 0 [pid 650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 650] setpgid(0, 0) = 0 [pid 650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 650] write(3, "1000", 4) = 4 [pid 650] close(3) = 0 [pid 650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 650] write(1, "executing program\n", 18executing program ) = 18 [pid 650] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 650] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 650] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 650] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 650] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 650] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 650] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 650] memfd_create("syzkaller", 0) = 5 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 650] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 650] munmap(0x7f9466c6c000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 650] close(5) = 0 [pid 650] close(6) = 0 [pid 650] mkdir("./file0", 0777) = 0 [pid 650] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 650] chdir("./file0") = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_CLR_FD) = 0 [pid 650] close(6) = 0 [pid 650] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 650] write(6, "#! ./file1\n", 11) = 11 [pid 650] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 650] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=650, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 34.944099][ T650] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.977239][ T651] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-650: bg 0: block 234: padding at end of block bitmap is not set umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 655 ./strace-static-x86_64: Process 655 attached [pid 655] set_robust_list(0x555580e9b660, 24) = 0 [pid 655] chdir("./57") = 0 [pid 655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] setpgid(0, 0) = 0 [pid 655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] write(3, "1000", 4) = 4 [pid 655] close(3) = 0 [pid 655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 655] write(1, "executing program\n", 18executing program ) = 18 [pid 655] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 655] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 655] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 655] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 655] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 655] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 655] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 655] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 655] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 655] memfd_create("syzkaller", 0) = 5 [pid 655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 655] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 655] munmap(0x7f9466c6c000, 138412032) = 0 [pid 655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 655] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 655] close(5) = 0 [pid 655] close(6) = 0 [pid 655] mkdir("./file0", 0777) = 0 [pid 655] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 655] chdir("./file0") = 0 [pid 655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 655] ioctl(6, LOOP_CLR_FD) = 0 [pid 655] close(6) = 0 [pid 655] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 655] write(6, "#! ./file1\n", 11) = 11 [pid 655] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 655] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=655, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 35.116811][ T655] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.149570][ T656] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-655: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 661 ./strace-static-x86_64: Process 661 attached [pid 661] set_robust_list(0x555580e9b660, 24) = 0 [pid 661] chdir("./58") = 0 [pid 661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 661] setpgid(0, 0) = 0 [pid 661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 661] write(3, "1000", 4) = 4 [pid 661] close(3) = 0 [pid 661] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 661] write(1, "executing program\n", 18) = 18 [pid 661] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 661] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 661] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 661] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 661] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 661] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 661] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 661] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 661] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 661] memfd_create("syzkaller", 0) = 5 [pid 661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 661] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 661] munmap(0x7f9466c6c000, 138412032) = 0 [pid 661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 661] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 661] close(5) = 0 [pid 661] close(6) = 0 [pid 661] mkdir("./file0", 0777) = 0 [pid 661] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 661] chdir("./file0") = 0 [pid 661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 661] ioctl(6, LOOP_CLR_FD) = 0 [pid 661] close(6) = 0 [pid 661] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 661] write(6, "#! ./file1\n", 11) = 11 [pid 661] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 661] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 661] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=661, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 35.270307][ T661] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.303793][ T662] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-661: bg 0: block 234: padding at end of block bitmap is not set umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 666 ./strace-static-x86_64: Process 666 attached [pid 666] set_robust_list(0x555580e9b660, 24) = 0 [pid 666] chdir("./59") = 0 [pid 666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 666] setpgid(0, 0) = 0 [pid 666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 666] write(3, "1000", 4) = 4 [pid 666] close(3) = 0 [pid 666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 666] write(1, "executing program\n", 18executing program ) = 18 [pid 666] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 666] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 666] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 666] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 666] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 666] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 666] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 666] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 666] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 666] memfd_create("syzkaller", 0) = 5 [pid 666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 666] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 666] munmap(0x7f9466c6c000, 138412032) = 0 [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 666] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 666] close(5) = 0 [pid 666] close(6) = 0 [pid 666] mkdir("./file0", 0777) = 0 [pid 666] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 666] chdir("./file0") = 0 [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 666] ioctl(6, LOOP_CLR_FD) = 0 [pid 666] close(6) = 0 [pid 666] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 666] write(6, "#! ./file1\n", 11) = 11 [pid 666] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 666] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 666] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=666, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 35.460431][ T666] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.486804][ T667] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-666: bg 0: block 234: padding at end of block bitmap is not set umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 671 ./strace-static-x86_64: Process 671 attached [pid 671] set_robust_list(0x555580e9b660, 24) = 0 [pid 671] chdir("./60") = 0 [pid 671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 671] setpgid(0, 0) = 0 [pid 671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 671] write(3, "1000", 4) = 4 [pid 671] close(3) = 0 [pid 671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 671] write(1, "executing program\n", 18executing program ) = 18 [pid 671] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 671] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 671] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 671] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 671] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 671] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 671] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 671] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 671] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 671] memfd_create("syzkaller", 0) = 5 [pid 671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 671] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 671] munmap(0x7f9466c6c000, 138412032) = 0 [pid 671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 671] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 671] close(5) = 0 [pid 671] close(6) = 0 [pid 671] mkdir("./file0", 0777) = 0 [pid 671] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 671] chdir("./file0") = 0 [pid 671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 671] ioctl(6, LOOP_CLR_FD) = 0 [pid 671] close(6) = 0 [pid 671] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 671] write(6, "#! ./file1\n", 11) = 11 [pid 671] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 671] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 671] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=671, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 35.660225][ T671] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.692400][ T672] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-671: bg 0: block 234: padding at end of block bitmap is not set umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 676 ./strace-static-x86_64: Process 676 attached [pid 676] set_robust_list(0x555580e9b660, 24) = 0 [pid 676] chdir("./61") = 0 [pid 676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 676] setpgid(0, 0) = 0 [pid 676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 676] write(3, "1000", 4) = 4 [pid 676] close(3) = 0 [pid 676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 676] write(1, "executing program\n", 18executing program ) = 18 [pid 676] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 676] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 676] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 676] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 676] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 676] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 676] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 676] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 676] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 676] memfd_create("syzkaller", 0) = 5 [pid 676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 676] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 676] munmap(0x7f9466c6c000, 138412032) = 0 [pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 676] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 676] close(5) = 0 [pid 676] close(6) = 0 [pid 676] mkdir("./file0", 0777) = 0 [pid 676] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 676] chdir("./file0") = 0 [pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 676] ioctl(6, LOOP_CLR_FD) = 0 [pid 676] close(6) = 0 [pid 676] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 676] write(6, "#! ./file1\n", 11) = 11 [pid 676] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 676] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 676] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=676, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 35.839835][ T676] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.874277][ T677] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-676: bg 0: block 234: padding at end of block bitmap is not set umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 681 ./strace-static-x86_64: Process 681 attached [pid 681] set_robust_list(0x555580e9b660, 24) = 0 [pid 681] chdir("./62") = 0 [pid 681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 681] setpgid(0, 0) = 0 [pid 681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 681] write(3, "1000", 4) = 4 [pid 681] close(3) = 0 [pid 681] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 681] write(1, "executing program\n", 18) = 18 [pid 681] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 681] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 681] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 681] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 681] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 681] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 681] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 681] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 681] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 681] memfd_create("syzkaller", 0) = 5 [pid 681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 681] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 681] munmap(0x7f9466c6c000, 138412032) = 0 [pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 681] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 681] close(5) = 0 [pid 681] close(6) = 0 [pid 681] mkdir("./file0", 0777) = 0 [pid 681] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 681] chdir("./file0") = 0 [pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 681] ioctl(6, LOOP_CLR_FD) = 0 [pid 681] close(6) = 0 [pid 681] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 681] write(6, "#! ./file1\n", 11) = 11 [pid 681] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 681] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 681] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=681, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 35.980387][ T681] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.011497][ T682] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-681: bg 0: block 234: padding at end of block bitmap is not set umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 686 ./strace-static-x86_64: Process 686 attached [pid 686] set_robust_list(0x555580e9b660, 24) = 0 [pid 686] chdir("./63") = 0 [pid 686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 686] setpgid(0, 0) = 0 [pid 686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 686] write(3, "1000", 4) = 4 [pid 686] close(3) = 0 [pid 686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 686] write(1, "executing program\n", 18executing program ) = 18 [pid 686] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 686] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 686] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 686] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 686] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 686] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 686] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 686] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 686] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 686] memfd_create("syzkaller", 0) = 5 [pid 686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 686] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 686] munmap(0x7f9466c6c000, 138412032) = 0 [pid 686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 686] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 686] close(5) = 0 [pid 686] close(6) = 0 [pid 686] mkdir("./file0", 0777) = 0 [pid 686] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 686] chdir("./file0") = 0 [pid 686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 686] ioctl(6, LOOP_CLR_FD) = 0 [pid 686] close(6) = 0 [pid 686] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 686] write(6, "#! ./file1\n", 11) = 11 [pid 686] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 686] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 686] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=686, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 36.159976][ T686] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.192787][ T687] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-686: bg 0: block 234: padding at end of block bitmap is not set umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 692 attached , child_tidptr=0x555580e9b650) = 692 [pid 692] set_robust_list(0x555580e9b660, 24) = 0 [pid 692] chdir("./64") = 0 [pid 692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 692] setpgid(0, 0) = 0 [pid 692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 692] write(3, "1000", 4) = 4 [pid 692] close(3) = 0 [pid 692] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 692] write(1, "executing program\n", 18) = 18 [pid 692] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 692] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 692] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 692] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 692] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 692] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 692] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 692] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 692] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 692] memfd_create("syzkaller", 0) = 5 [pid 692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 692] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 692] munmap(0x7f9466c6c000, 138412032) = 0 [pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 692] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 692] close(5) = 0 [pid 692] close(6) = 0 [pid 692] mkdir("./file0", 0777) = 0 [pid 692] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 692] chdir("./file0") = 0 [pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 692] ioctl(6, LOOP_CLR_FD) = 0 [pid 692] close(6) = 0 [pid 692] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 692] write(6, "#! ./file1\n", 11) = 11 [pid 692] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 36.500386][ T692] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 692] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 692] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=692, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 [ 36.541832][ T693] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-692: bg 0: block 234: padding at end of block bitmap is not set umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 697 ./strace-static-x86_64: Process 697 attached [pid 697] set_robust_list(0x555580e9b660, 24) = 0 [pid 697] chdir("./65") = 0 [pid 697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 697] setpgid(0, 0) = 0 [pid 697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 697] write(3, "1000", 4) = 4 [pid 697] close(3) = 0 [pid 697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 697] write(1, "executing program\n", 18executing program ) = 18 [pid 697] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 697] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 697] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 697] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 697] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 697] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 697] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 697] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 697] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 697] memfd_create("syzkaller", 0) = 5 [pid 697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 697] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 697] munmap(0x7f9466c6c000, 138412032) = 0 [pid 697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 697] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 697] close(5) = 0 [pid 697] close(6) = 0 [pid 697] mkdir("./file0", 0777) = 0 [pid 697] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 697] chdir("./file0") = 0 [pid 697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 697] ioctl(6, LOOP_CLR_FD) = 0 [pid 697] close(6) = 0 [pid 697] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 697] write(6, "#! ./file1\n", 11) = 11 [pid 697] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 697] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 697] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=697, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 36.710444][ T697] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.742850][ T698] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-697: bg 0: block 234: padding at end of block bitmap is not set umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 702 ./strace-static-x86_64: Process 702 attached [pid 702] set_robust_list(0x555580e9b660, 24) = 0 [pid 702] chdir("./66") = 0 [pid 702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 702] setpgid(0, 0) = 0 [pid 702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 702] write(3, "1000", 4) = 4 [pid 702] close(3) = 0 [pid 702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 702] write(1, "executing program\n", 18executing program ) = 18 [pid 702] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 702] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 702] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 702] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 702] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 702] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 702] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 702] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 702] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 702] memfd_create("syzkaller", 0) = 5 [pid 702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 702] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 702] munmap(0x7f9466c6c000, 138412032) = 0 [pid 702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 702] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 702] close(5) = 0 [pid 702] close(6) = 0 [pid 702] mkdir("./file0", 0777) = 0 [pid 702] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 702] chdir("./file0") = 0 [pid 702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 702] ioctl(6, LOOP_CLR_FD) = 0 [pid 702] close(6) = 0 [pid 702] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 702] write(6, "#! ./file1\n", 11) = 11 [pid 702] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 36.870190][ T702] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 702] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 702] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=702, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 36.913444][ T703] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-702: bg 0: block 234: padding at end of block bitmap is not set newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 707 ./strace-static-x86_64: Process 707 attached [pid 707] set_robust_list(0x555580e9b660, 24) = 0 [pid 707] chdir("./67") = 0 [pid 707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 707] setpgid(0, 0) = 0 [pid 707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 707] write(3, "1000", 4) = 4 [pid 707] close(3) = 0 [pid 707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 707] write(1, "executing program\n", 18executing program ) = 18 [pid 707] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 707] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 707] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 707] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 707] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 707] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 707] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 707] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 707] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 707] memfd_create("syzkaller", 0) = 5 [pid 707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 707] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 707] munmap(0x7f9466c6c000, 138412032) = 0 [pid 707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 707] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 707] close(5) = 0 [pid 707] close(6) = 0 [pid 707] mkdir("./file0", 0777) = 0 [pid 707] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 707] chdir("./file0") = 0 [pid 707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 707] ioctl(6, LOOP_CLR_FD) = 0 [pid 707] close(6) = 0 [pid 707] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 707] write(6, "#! ./file1\n", 11) = 11 [pid 707] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 37.020147][ T707] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 707] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 707] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=707, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 37.059769][ T708] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-707: bg 0: block 234: padding at end of block bitmap is not set umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 712 ./strace-static-x86_64: Process 712 attached [pid 712] set_robust_list(0x555580e9b660, 24) = 0 [pid 712] chdir("./68") = 0 [pid 712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 712] setpgid(0, 0) = 0 [pid 712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 712] write(3, "1000", 4) = 4 [pid 712] close(3) = 0 [pid 712] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 712] write(1, "executing program\n", 18) = 18 [pid 712] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 712] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 712] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 712] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 712] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 712] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 712] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 712] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 712] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 712] memfd_create("syzkaller", 0) = 5 [pid 712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 712] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 712] munmap(0x7f9466c6c000, 138412032) = 0 [pid 712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 712] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 712] close(5) = 0 [pid 712] close(6) = 0 [pid 712] mkdir("./file0", 0777) = 0 [pid 712] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 712] chdir("./file0") = 0 [pid 712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 712] ioctl(6, LOOP_CLR_FD) = 0 [pid 712] close(6) = 0 [pid 712] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 712] write(6, "#! ./file1\n", 11) = 11 [pid 712] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 37.230061][ T712] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 712] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 712] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=712, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 [ 37.274392][ T713] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-712: bg 0: block 234: padding at end of block bitmap is not set mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 718 ./strace-static-x86_64: Process 718 attached [pid 718] set_robust_list(0x555580e9b660, 24) = 0 [pid 718] chdir("./69") = 0 [pid 718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 718] setpgid(0, 0) = 0 [pid 718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 718] write(3, "1000", 4) = 4 [pid 718] close(3) = 0 [pid 718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 718] write(1, "executing program\n", 18executing program ) = 18 [pid 718] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 718] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 718] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 718] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 718] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 718] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 718] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 718] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 718] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 718] memfd_create("syzkaller", 0) = 5 [pid 718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 718] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 718] munmap(0x7f9466c6c000, 138412032) = 0 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 718] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 718] close(5) = 0 [pid 718] close(6) = 0 [pid 718] mkdir("./file0", 0777) = 0 [pid 718] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 718] chdir("./file0") = 0 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 718] ioctl(6, LOOP_CLR_FD) = 0 [pid 718] close(6) = 0 [pid 718] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 718] write(6, "#! ./file1\n", 11) = 11 [pid 718] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 37.470409][ T718] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 718] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 718] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=718, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 [ 37.511285][ T719] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-718: bg 0: block 234: padding at end of block bitmap is not set umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 723 ./strace-static-x86_64: Process 723 attached [pid 723] set_robust_list(0x555580e9b660, 24) = 0 [pid 723] chdir("./70") = 0 [pid 723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 723] setpgid(0, 0) = 0 [pid 723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 723] write(3, "1000", 4) = 4 [pid 723] close(3) = 0 [pid 723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 723] write(1, "executing program\n", 18executing program ) = 18 [pid 723] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 723] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 723] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 723] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 723] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 723] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 723] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 723] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 723] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 723] memfd_create("syzkaller", 0) = 5 [pid 723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 723] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 723] munmap(0x7f9466c6c000, 138412032) = 0 [pid 723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 723] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 723] close(5) = 0 [pid 723] close(6) = 0 [pid 723] mkdir("./file0", 0777) = 0 [pid 723] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 723] chdir("./file0") = 0 [pid 723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 723] ioctl(6, LOOP_CLR_FD) = 0 [pid 723] close(6) = 0 [pid 723] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 723] write(6, "#! ./file1\n", 11) = 11 [pid 723] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 723] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 723] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=723, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 37.760787][ T723] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.795621][ T724] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-723: bg 0: block 234: padding at end of block bitmap is not set umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 728 ./strace-static-x86_64: Process 728 attached [pid 728] set_robust_list(0x555580e9b660, 24) = 0 [pid 728] chdir("./71") = 0 [pid 728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 728] setpgid(0, 0) = 0 [pid 728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 728] write(3, "1000", 4) = 4 [pid 728] close(3) = 0 [pid 728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 728] write(1, "executing program\n", 18executing program ) = 18 [pid 728] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 728] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 728] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 728] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 728] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 728] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 728] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 728] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 728] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 728] memfd_create("syzkaller", 0) = 5 [pid 728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 728] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 728] munmap(0x7f9466c6c000, 138412032) = 0 [pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 728] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 728] close(5) = 0 [pid 728] close(6) = 0 [pid 728] mkdir("./file0", 0777) = 0 [pid 728] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 728] chdir("./file0") = 0 [pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 728] ioctl(6, LOOP_CLR_FD) = 0 [pid 728] close(6) = 0 [pid 728] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 728] write(6, "#! ./file1\n", 11) = 11 [pid 728] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 728] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 728] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=728, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 37.900258][ T728] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.931963][ T729] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-728: bg 0: block 234: padding at end of block bitmap is not set umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 733 ./strace-static-x86_64: Process 733 attached [pid 733] set_robust_list(0x555580e9b660, 24) = 0 [pid 733] chdir("./72") = 0 [pid 733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 733] setpgid(0, 0) = 0 [pid 733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 733] write(3, "1000", 4) = 4 [pid 733] close(3) = 0 [pid 733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 733] write(1, "executing program\n", 18executing program ) = 18 [pid 733] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 733] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 733] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 733] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 733] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 733] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 733] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 733] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 733] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 733] memfd_create("syzkaller", 0) = 5 [pid 733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 733] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 733] munmap(0x7f9466c6c000, 138412032) = 0 [pid 733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 733] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 733] close(5) = 0 [pid 733] close(6) = 0 [pid 733] mkdir("./file0", 0777) = 0 [pid 733] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 733] chdir("./file0") = 0 [pid 733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 733] ioctl(6, LOOP_CLR_FD) = 0 [pid 733] close(6) = 0 [pid 733] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 733] write(6, "#! ./file1\n", 11) = 11 [pid 733] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 733] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 733] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=733, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 38.070292][ T733] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.096552][ T734] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-733: bg 0: block 234: padding at end of block bitmap is not set umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 738 ./strace-static-x86_64: Process 738 attached [pid 738] set_robust_list(0x555580e9b660, 24) = 0 [pid 738] chdir("./73") = 0 [pid 738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 738] setpgid(0, 0) = 0 [pid 738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 738] write(3, "1000", 4) = 4 [pid 738] close(3) = 0 [pid 738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 738] write(1, "executing program\n", 18executing program ) = 18 [pid 738] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 738] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 738] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 738] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 738] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 738] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 738] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 738] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 738] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 738] memfd_create("syzkaller", 0) = 5 [pid 738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 738] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 738] munmap(0x7f9466c6c000, 138412032) = 0 [pid 738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 738] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 738] close(5) = 0 [pid 738] close(6) = 0 [pid 738] mkdir("./file0", 0777) = 0 [pid 738] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 738] chdir("./file0") = 0 [pid 738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 738] ioctl(6, LOOP_CLR_FD) = 0 [pid 738] close(6) = 0 [pid 738] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 738] write(6, "#! ./file1\n", 11) = 11 [pid 738] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 738] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 738] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=738, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 38.200230][ T738] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.227389][ T739] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-738: bg 0: block 234: padding at end of block bitmap is not set umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 744 ./strace-static-x86_64: Process 744 attached [pid 744] set_robust_list(0x555580e9b660, 24) = 0 [pid 744] chdir("./74") = 0 [pid 744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 744] setpgid(0, 0) = 0 [pid 744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 744] write(3, "1000", 4) = 4 [pid 744] close(3) = 0 [pid 744] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 744] write(1, "executing program\n", 18) = 18 [pid 744] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 744] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 744] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 744] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 744] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 744] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 744] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 744] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 744] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 744] memfd_create("syzkaller", 0) = 5 [pid 744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 744] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 744] munmap(0x7f9466c6c000, 138412032) = 0 [pid 744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 744] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 744] close(5) = 0 [pid 744] close(6) = 0 [pid 744] mkdir("./file0", 0777) = 0 [pid 744] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 744] chdir("./file0") = 0 [pid 744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 744] ioctl(6, LOOP_CLR_FD) = 0 [pid 744] close(6) = 0 [pid 744] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 744] write(6, "#! ./file1\n", 11) = 11 [pid 744] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 744] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 744] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=744, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 38.431013][ T744] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.463107][ T745] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-744: bg 0: block 234: padding at end of block bitmap is not set umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 749 ./strace-static-x86_64: Process 749 attached [pid 749] set_robust_list(0x555580e9b660, 24) = 0 [pid 749] chdir("./75") = 0 [pid 749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 749] setpgid(0, 0) = 0 [pid 749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 749] write(3, "1000", 4) = 4 [pid 749] close(3) = 0 [pid 749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 749] write(1, "executing program\n", 18) = 18 executing program [pid 749] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 749] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 749] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 749] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 749] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 749] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 749] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 749] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 749] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 749] memfd_create("syzkaller", 0) = 5 [pid 749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 749] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 749] munmap(0x7f9466c6c000, 138412032) = 0 [pid 749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 749] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 749] close(5) = 0 [pid 749] close(6) = 0 [pid 749] mkdir("./file0", 0777) = 0 [pid 749] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 749] chdir("./file0") = 0 [pid 749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 749] ioctl(6, LOOP_CLR_FD) = 0 [pid 749] close(6) = 0 [pid 749] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 749] write(6, "#! ./file1\n", 11) = 11 [pid 749] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 749] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 749] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=749, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 [ 38.571838][ T749] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.603878][ T750] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-749: bg 0: block 234: padding at end of block bitmap is not set umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 754 attached [pid 754] set_robust_list(0x555580e9b660, 24) = 0 [pid 357] <... clone resumed>, child_tidptr=0x555580e9b650) = 754 [pid 754] chdir("./76") = 0 [pid 754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 754] setpgid(0, 0) = 0 [pid 754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 754] write(3, "1000", 4) = 4 [pid 754] close(3) = 0 [pid 754] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 754] write(1, "executing program\n", 18) = 18 [pid 754] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 754] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 754] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 754] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 754] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 754] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 754] memfd_create("syzkaller", 0) = 5 [pid 754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 754] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 754] munmap(0x7f9466c6c000, 138412032) = 0 [pid 754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 754] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 754] close(5) = 0 [pid 754] close(6) = 0 [pid 754] mkdir("./file0", 0777) = 0 [pid 754] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 754] chdir("./file0") = 0 [pid 754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 754] ioctl(6, LOOP_CLR_FD) = 0 [pid 754] close(6) = 0 [pid 754] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 754] write(6, "#! ./file1\n", 11) = 11 [pid 754] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 754] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 754] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=754, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 [ 38.730245][ T754] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.763851][ T755] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-754: bg 0: block 234: padding at end of block bitmap is not set umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 759 ./strace-static-x86_64: Process 759 attached [pid 759] set_robust_list(0x555580e9b660, 24) = 0 [pid 759] chdir("./77") = 0 [pid 759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 759] setpgid(0, 0) = 0 [pid 759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 759] write(3, "1000", 4) = 4 [pid 759] close(3) = 0 [pid 759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 759] write(1, "executing program\n", 18executing program ) = 18 [pid 759] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 759] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 759] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 759] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 759] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 759] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 759] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 759] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 759] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 759] memfd_create("syzkaller", 0) = 5 [pid 759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 759] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 759] munmap(0x7f9466c6c000, 138412032) = 0 [pid 759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 759] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 759] close(5) = 0 [pid 759] close(6) = 0 [pid 759] mkdir("./file0", 0777) = 0 [pid 759] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 759] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 759] chdir("./file0") = 0 [pid 759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 759] ioctl(6, LOOP_CLR_FD) = 0 [pid 759] close(6) = 0 [pid 759] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 759] write(6, "#! ./file1\n", 11) = 11 [pid 759] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 759] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 759] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=759, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 38.930204][ T759] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.963670][ T760] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-759: bg 0: block 234: padding at end of block bitmap is not set umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 764 ./strace-static-x86_64: Process 764 attached [pid 764] set_robust_list(0x555580e9b660, 24) = 0 [pid 764] chdir("./78") = 0 [pid 764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 764] setpgid(0, 0) = 0 [pid 764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 764] write(3, "1000", 4) = 4 [pid 764] close(3) = 0 [pid 764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 764] write(1, "executing program\n", 18executing program ) = 18 [pid 764] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 764] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 764] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 764] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 764] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 764] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 764] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 764] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 764] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 764] memfd_create("syzkaller", 0) = 5 [pid 764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 764] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 764] munmap(0x7f9466c6c000, 138412032) = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 764] close(5) = 0 [pid 764] close(6) = 0 [pid 764] mkdir("./file0", 0777) = 0 [pid 764] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 764] chdir("./file0") = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_CLR_FD) = 0 [pid 764] close(6) = 0 [pid 764] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 764] write(6, "#! ./file1\n", 11) = 11 [pid 764] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 764] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 764] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=764, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 [ 39.070223][ T764] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.101561][ T765] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-764: bg 0: block 234: padding at end of block bitmap is not set umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 770 ./strace-static-x86_64: Process 770 attached [pid 770] set_robust_list(0x555580e9b660, 24) = 0 [pid 770] chdir("./79") = 0 [pid 770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 770] setpgid(0, 0) = 0 [pid 770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 770] write(3, "1000", 4) = 4 [pid 770] close(3) = 0 [pid 770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 770] write(1, "executing program\n", 18executing program ) = 18 [pid 770] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 770] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 770] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 770] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 770] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 770] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 770] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 770] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 770] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 770] memfd_create("syzkaller", 0) = 5 [pid 770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 770] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 770] munmap(0x7f9466c6c000, 138412032) = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 770] close(5) = 0 [pid 770] close(6) = 0 [pid 770] mkdir("./file0", 0777) = 0 [pid 770] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 770] chdir("./file0") = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_CLR_FD) = 0 [pid 770] close(6) = 0 [pid 770] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 770] write(6, "#! ./file1\n", 11) = 11 [pid 770] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 770] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=770, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 [ 39.308577][ T770] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.340199][ T771] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-770: bg 0: block 234: padding at end of block bitmap is not set umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 775 ./strace-static-x86_64: Process 775 attached [pid 775] set_robust_list(0x555580e9b660, 24) = 0 [pid 775] chdir("./80") = 0 [pid 775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 775] setpgid(0, 0) = 0 [pid 775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 775] write(3, "1000", 4) = 4 [pid 775] close(3) = 0 [pid 775] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 775] write(1, "executing program\n", 18) = 18 [pid 775] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 775] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 775] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 775] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 775] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 775] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 775] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 775] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 775] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 775] memfd_create("syzkaller", 0) = 5 [pid 775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 775] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 775] munmap(0x7f9466c6c000, 138412032) = 0 [pid 775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 775] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 775] close(5) = 0 [pid 775] close(6) = 0 [pid 775] mkdir("./file0", 0777) = 0 [pid 775] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 775] chdir("./file0") = 0 [pid 775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 775] ioctl(6, LOOP_CLR_FD) = 0 [pid 775] close(6) = 0 [pid 775] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 775] write(6, "#! ./file1\n", 11) = 11 [pid 775] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 775] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=775, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 [ 39.480169][ T775] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.512833][ T776] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-775: bg 0: block 234: padding at end of block bitmap is not set umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 780 attached [pid 780] set_robust_list(0x555580e9b660, 24) = 0 [pid 357] <... clone resumed>, child_tidptr=0x555580e9b650) = 780 [pid 780] chdir("./81") = 0 [pid 780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 780] setpgid(0, 0) = 0 [pid 780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 780] write(3, "1000", 4) = 4 [pid 780] close(3) = 0 [pid 780] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 780] write(1, "executing program\n", 18) = 18 [pid 780] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 780] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 780] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 780] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 780] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 780] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 780] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 780] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 780] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 780] memfd_create("syzkaller", 0) = 5 [pid 780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 780] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 780] munmap(0x7f9466c6c000, 138412032) = 0 [pid 780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 780] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 780] close(5) = 0 [pid 780] close(6) = 0 [pid 780] mkdir("./file0", 0777) = 0 [pid 780] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 780] chdir("./file0") = 0 [pid 780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 780] ioctl(6, LOOP_CLR_FD) = 0 [pid 780] close(6) = 0 [pid 780] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 780] write(6, "#! ./file1\n", 11) = 11 [pid 780] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 780] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=780, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 39.719759][ T780] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.753012][ T781] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-780: bg 0: block 234: padding at end of block bitmap is not set umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 785 ./strace-static-x86_64: Process 785 attached [pid 785] set_robust_list(0x555580e9b660, 24) = 0 [pid 785] chdir("./82") = 0 [pid 785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 785] setpgid(0, 0) = 0 [pid 785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 785] write(3, "1000", 4) = 4 [pid 785] close(3) = 0 [pid 785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 785] write(1, "executing program\n", 18executing program ) = 18 [pid 785] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 785] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 785] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 785] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 785] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 785] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 785] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 785] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 785] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 785] memfd_create("syzkaller", 0) = 5 [pid 785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 785] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 785] munmap(0x7f9466c6c000, 138412032) = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 785] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 785] close(5) = 0 [pid 785] close(6) = 0 [pid 785] mkdir("./file0", 0777) = 0 [pid 785] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 785] chdir("./file0") = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 785] ioctl(6, LOOP_CLR_FD) = 0 [pid 785] close(6) = 0 [pid 785] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 785] write(6, "#! ./file1\n", 11) = 11 [pid 785] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 40.070188][ T785] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 785] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=785, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 40.111608][ T786] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-785: bg 0: block 234: padding at end of block bitmap is not set close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 790 ./strace-static-x86_64: Process 790 attached [pid 790] set_robust_list(0x555580e9b660, 24) = 0 [pid 790] chdir("./83") = 0 [pid 790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 790] setpgid(0, 0) = 0 [pid 790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 790] write(3, "1000", 4) = 4 [pid 790] close(3) = 0 [pid 790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 790] write(1, "executing program\n", 18executing program ) = 18 [pid 790] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 790] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 790] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 790] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 790] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 790] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 790] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 790] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 790] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 790] memfd_create("syzkaller", 0) = 5 [pid 790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 790] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 790] munmap(0x7f9466c6c000, 138412032) = 0 [pid 790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 790] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 790] close(5) = 0 [pid 790] close(6) = 0 [pid 790] mkdir("./file0", 0777) = 0 [pid 790] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 790] chdir("./file0") = 0 [pid 790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 790] ioctl(6, LOOP_CLR_FD) = 0 [pid 790] close(6) = 0 [pid 790] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 790] write(6, "#! ./file1\n", 11) = 11 [pid 790] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 40.209530][ T790] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 790] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=790, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 [ 40.250062][ T791] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-790: bg 0: block 234: padding at end of block bitmap is not set umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 796 ./strace-static-x86_64: Process 796 attached [pid 796] set_robust_list(0x555580e9b660, 24) = 0 [pid 796] chdir("./84") = 0 [pid 796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 796] setpgid(0, 0) = 0 [pid 796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 796] write(3, "1000", 4) = 4 [pid 796] close(3) = 0 [pid 796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 796] write(1, "executing program\n", 18executing program ) = 18 [pid 796] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 796] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 796] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 796] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 796] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 796] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 796] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 796] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 796] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 796] memfd_create("syzkaller", 0) = 5 [pid 796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 796] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 796] munmap(0x7f9466c6c000, 138412032) = 0 [pid 796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 796] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 796] close(5) = 0 [pid 796] close(6) = 0 [pid 796] mkdir("./file0", 0777) = 0 [pid 796] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 796] chdir("./file0") = 0 [pid 796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 796] ioctl(6, LOOP_CLR_FD) = 0 [pid 796] close(6) = 0 [pid 796] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 796] write(6, "#! ./file1\n", 11) = 11 [pid 796] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 796] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 796] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=796, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 [ 40.420321][ T796] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.453984][ T797] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-796: bg 0: block 234: padding at end of block bitmap is not set umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 801 attached , child_tidptr=0x555580e9b650) = 801 [pid 801] set_robust_list(0x555580e9b660, 24) = 0 [pid 801] chdir("./85") = 0 [pid 801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 801] setpgid(0, 0) = 0 [pid 801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 801] write(3, "1000", 4) = 4 [pid 801] close(3) = 0 [pid 801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 801] write(1, "executing program\n", 18executing program ) = 18 [pid 801] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 801] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 801] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 801] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 801] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 801] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 801] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 801] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 801] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 801] memfd_create("syzkaller", 0) = 5 [pid 801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 801] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 801] munmap(0x7f9466c6c000, 138412032) = 0 [pid 801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 801] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 801] close(5) = 0 [pid 801] close(6) = 0 [pid 801] mkdir("./file0", 0777) = 0 [pid 801] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 801] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 801] chdir("./file0") = 0 [pid 801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 801] ioctl(6, LOOP_CLR_FD) = 0 [pid 801] close(6) = 0 [pid 801] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 801] write(6, "#! ./file1\n", 11) = 11 [pid 801] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 801] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 801] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=801, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 [ 40.628990][ T801] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.661391][ T802] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-801: bg 0: block 234: padding at end of block bitmap is not set umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 806 ./strace-static-x86_64: Process 806 attached [pid 806] set_robust_list(0x555580e9b660, 24) = 0 [pid 806] chdir("./86") = 0 [pid 806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 806] setpgid(0, 0) = 0 [pid 806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 806] write(3, "1000", 4) = 4 [pid 806] close(3) = 0 [pid 806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 806] write(1, "executing program\n", 18executing program ) = 18 [pid 806] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 806] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 806] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 806] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 806] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 806] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 806] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 806] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 806] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 806] memfd_create("syzkaller", 0) = 5 [pid 806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 806] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 806] munmap(0x7f9466c6c000, 138412032) = 0 [pid 806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 806] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 806] close(5) = 0 [pid 806] close(6) = 0 [pid 806] mkdir("./file0", 0777) = 0 [pid 806] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 806] chdir("./file0") = 0 [pid 806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 806] ioctl(6, LOOP_CLR_FD) = 0 [pid 806] close(6) = 0 [pid 806] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 806] write(6, "#! ./file1\n", 11) = 11 [pid 806] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 806] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=806, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 [ 40.820196][ T806] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.851951][ T807] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-806: bg 0: block 234: padding at end of block bitmap is not set umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 811 ./strace-static-x86_64: Process 811 attached [pid 811] set_robust_list(0x555580e9b660, 24) = 0 [pid 811] chdir("./87") = 0 [pid 811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 811] setpgid(0, 0) = 0 [pid 811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 811] write(3, "1000", 4) = 4 [pid 811] close(3) = 0 [pid 811] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 811] write(1, "executing program\n", 18) = 18 [pid 811] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 811] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 811] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 811] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 811] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 811] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 811] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 811] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 811] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 811] memfd_create("syzkaller", 0) = 5 [pid 811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 811] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 811] munmap(0x7f9466c6c000, 138412032) = 0 [pid 811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 811] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 811] close(5) = 0 [pid 811] close(6) = 0 [pid 811] mkdir("./file0", 0777) = 0 [pid 811] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 811] chdir("./file0") = 0 [pid 811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 811] ioctl(6, LOOP_CLR_FD) = 0 [pid 811] close(6) = 0 [pid 811] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 811] write(6, "#! ./file1\n", 11) = 11 [pid 811] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 811] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 811] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=811, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 [ 40.971063][ T811] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.002694][ T812] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-811: bg 0: block 234: padding at end of block bitmap is not set umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 816 ./strace-static-x86_64: Process 816 attached [pid 816] set_robust_list(0x555580e9b660, 24) = 0 [pid 816] chdir("./88") = 0 [pid 816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 816] setpgid(0, 0) = 0 [pid 816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 816] write(3, "1000", 4) = 4 [pid 816] close(3) = 0 [pid 816] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 816] write(1, "executing program\n", 18) = 18 [pid 816] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 816] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 816] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 816] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 816] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 816] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 816] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 816] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 816] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 816] memfd_create("syzkaller", 0) = 5 [pid 816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 816] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 816] munmap(0x7f9466c6c000, 138412032) = 0 [pid 816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 816] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 816] close(5) = 0 [pid 816] close(6) = 0 [pid 816] mkdir("./file0", 0777) = 0 [pid 816] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 816] chdir("./file0") = 0 [pid 816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 816] ioctl(6, LOOP_CLR_FD) = 0 [pid 816] close(6) = 0 [pid 816] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 816] write(6, "#! ./file1\n", 11) = 11 [pid 816] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 41.200211][ T816] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 816] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 816] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=816, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 [ 41.241531][ T817] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-816: bg 0: block 234: padding at end of block bitmap is not set umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 822 ./strace-static-x86_64: Process 822 attached [pid 822] set_robust_list(0x555580e9b660, 24) = 0 [pid 822] chdir("./89") = 0 [pid 822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 822] setpgid(0, 0) = 0 [pid 822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 822] write(3, "1000", 4) = 4 [pid 822] close(3) = 0 [pid 822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 822] write(1, "executing program\n", 18executing program ) = 18 [pid 822] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 822] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 822] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 822] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 822] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 822] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 822] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 822] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 822] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 822] memfd_create("syzkaller", 0) = 5 [pid 822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 822] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 822] munmap(0x7f9466c6c000, 138412032) = 0 [pid 822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 822] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 822] close(5) = 0 [pid 822] close(6) = 0 [pid 822] mkdir("./file0", 0777) = 0 [pid 822] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 822] chdir("./file0") = 0 [pid 822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 822] ioctl(6, LOOP_CLR_FD) = 0 [pid 822] close(6) = 0 [pid 822] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 822] write(6, "#! ./file1\n", 11) = 11 [pid 822] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 822] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 822] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=822, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 41.370157][ T822] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.399677][ T823] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-822: bg 0: block 234: padding at end of block bitmap is not set umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 827 ./strace-static-x86_64: Process 827 attached [pid 827] set_robust_list(0x555580e9b660, 24) = 0 [pid 827] chdir("./90") = 0 [pid 827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 827] setpgid(0, 0) = 0 [pid 827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 827] write(3, "1000", 4) = 4 [pid 827] close(3) = 0 [pid 827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 827] write(1, "executing program\n", 18executing program ) = 18 [pid 827] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 827] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 827] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 827] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 827] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 827] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 827] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 827] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 827] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 827] memfd_create("syzkaller", 0) = 5 [pid 827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 827] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 827] munmap(0x7f9466c6c000, 138412032) = 0 [pid 827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 827] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 827] close(5) = 0 [pid 827] close(6) = 0 [pid 827] mkdir("./file0", 0777) = 0 [pid 827] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 827] chdir("./file0") = 0 [pid 827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 827] ioctl(6, LOOP_CLR_FD) = 0 [pid 827] close(6) = 0 [pid 827] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 827] write(6, "#! ./file1\n", 11) = 11 [pid 827] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 827] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 827] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=827, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 [ 41.540386][ T827] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.571301][ T827] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 832 ./strace-static-x86_64: Process 832 attached [pid 832] set_robust_list(0x555580e9b660, 24) = 0 [pid 832] chdir("./91") = 0 [pid 832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 832] setpgid(0, 0) = 0 [pid 832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 832] write(3, "1000", 4) = 4 [pid 832] close(3) = 0 [pid 832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 832] write(1, "executing program\n", 18executing program ) = 18 [pid 832] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 832] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 832] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 832] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 832] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 832] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 832] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 832] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 832] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 832] memfd_create("syzkaller", 0) = 5 [pid 832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 832] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 832] munmap(0x7f9466c6c000, 138412032) = 0 [pid 832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 832] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 832] close(5) = 0 [pid 832] close(6) = 0 [pid 832] mkdir("./file0", 0777) = 0 [pid 832] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 832] chdir("./file0") = 0 [pid 832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 832] ioctl(6, LOOP_CLR_FD) = 0 [pid 832] close(6) = 0 [pid 832] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 832] write(6, "#! ./file1\n", 11) = 11 [pid 832] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 832] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 832] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=832, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 [ 41.750357][ T832] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.782150][ T833] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-832: bg 0: block 234: padding at end of block bitmap is not set umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 837 ./strace-static-x86_64: Process 837 attached [pid 837] set_robust_list(0x555580e9b660, 24) = 0 [pid 837] chdir("./92") = 0 [pid 837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 837] setpgid(0, 0) = 0 [pid 837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 837] write(3, "1000", 4) = 4 [pid 837] close(3) = 0 [pid 837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 837] write(1, "executing program\n", 18executing program ) = 18 [pid 837] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 837] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 837] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 837] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 837] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 837] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 837] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 837] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 837] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 837] memfd_create("syzkaller", 0) = 5 [pid 837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 837] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 837] munmap(0x7f9466c6c000, 138412032) = 0 [pid 837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 837] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 837] close(5) = 0 [pid 837] close(6) = 0 [pid 837] mkdir("./file0", 0777) = 0 [pid 837] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 837] chdir("./file0") = 0 [pid 837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 837] ioctl(6, LOOP_CLR_FD) = 0 [pid 837] close(6) = 0 [pid 837] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 837] write(6, "#! ./file1\n", 11) = 11 [pid 837] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 837] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 837] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=837, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 [ 41.940189][ T837] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.962571][ T837] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 842 ./strace-static-x86_64: Process 842 attached [pid 842] set_robust_list(0x555580e9b660, 24) = 0 [pid 842] chdir("./93") = 0 [pid 842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 842] setpgid(0, 0) = 0 [pid 842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 842] write(3, "1000", 4) = 4 [pid 842] close(3) = 0 [pid 842] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 842] write(1, "executing program\n", 18) = 18 [pid 842] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 842] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 842] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 842] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 842] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 842] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 842] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 842] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 842] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 842] memfd_create("syzkaller", 0) = 5 [pid 842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 842] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 842] munmap(0x7f9466c6c000, 138412032) = 0 [pid 842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 842] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 842] close(5) = 0 [pid 842] close(6) = 0 [pid 842] mkdir("./file0", 0777) = 0 [pid 842] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 842] chdir("./file0") = 0 [pid 842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 842] ioctl(6, LOOP_CLR_FD) = 0 [pid 842] close(6) = 0 [pid 842] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 842] write(6, "#! ./file1\n", 11) = 11 [pid 842] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 842] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 842] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=842, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 [ 42.138011][ T842] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.169173][ T843] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-842: bg 0: block 234: padding at end of block bitmap is not set umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 848 ./strace-static-x86_64: Process 848 attached [pid 848] set_robust_list(0x555580e9b660, 24) = 0 [pid 848] chdir("./94") = 0 [pid 848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 848] setpgid(0, 0) = 0 [pid 848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 848] write(3, "1000", 4) = 4 [pid 848] close(3) = 0 [pid 848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 848] write(1, "executing program\n", 18executing program ) = 18 [pid 848] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 848] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 848] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 848] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 848] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 848] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 848] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 848] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 848] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 848] memfd_create("syzkaller", 0) = 5 [pid 848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 848] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 848] munmap(0x7f9466c6c000, 138412032) = 0 [pid 848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 848] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 848] close(5) = 0 [pid 848] close(6) = 0 [pid 848] mkdir("./file0", 0777) = 0 [pid 848] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 848] chdir("./file0") = 0 [pid 848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 848] ioctl(6, LOOP_CLR_FD) = 0 [pid 848] close(6) = 0 [pid 848] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 848] write(6, "#! ./file1\n", 11) = 11 [pid 848] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 848] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 848] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=848, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 [ 42.330154][ T848] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.353134][ T848] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 853 ./strace-static-x86_64: Process 853 attached [pid 853] set_robust_list(0x555580e9b660, 24) = 0 [pid 853] chdir("./95") = 0 [pid 853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 853] setpgid(0, 0) = 0 [pid 853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 853] write(3, "1000", 4) = 4 [pid 853] close(3) = 0 [pid 853] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 853] write(1, "executing program\n", 18) = 18 [pid 853] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 853] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 853] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 853] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 853] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 853] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 853] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 853] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 853] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 853] memfd_create("syzkaller", 0) = 5 [pid 853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 853] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 853] munmap(0x7f9466c6c000, 138412032) = 0 [pid 853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 853] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 853] close(5) = 0 [pid 853] close(6) = 0 [pid 853] mkdir("./file0", 0777) = 0 [pid 853] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 853] chdir("./file0") = 0 [pid 853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 853] ioctl(6, LOOP_CLR_FD) = 0 [pid 853] close(6) = 0 [pid 853] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 853] write(6, "#! ./file1\n", 11) = 11 [pid 853] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 42.570113][ T853] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 853] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 853] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=853, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 [ 42.612055][ T854] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-853: bg 0: block 234: padding at end of block bitmap is not set umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 858 ./strace-static-x86_64: Process 858 attached [pid 858] set_robust_list(0x555580e9b660, 24) = 0 [pid 858] chdir("./96") = 0 [pid 858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 858] setpgid(0, 0) = 0 [pid 858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 858] write(3, "1000", 4) = 4 [pid 858] close(3) = 0 [pid 858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 858] write(1, "executing program\n", 18executing program ) = 18 [pid 858] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 858] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 858] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 858] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 858] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 858] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 858] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 858] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 858] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 858] memfd_create("syzkaller", 0) = 5 [pid 858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 858] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 858] munmap(0x7f9466c6c000, 138412032) = 0 [pid 858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 858] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 858] close(5) = 0 [pid 858] close(6) = 0 [pid 858] mkdir("./file0", 0777) = 0 [pid 858] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 858] chdir("./file0") = 0 [pid 858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 858] ioctl(6, LOOP_CLR_FD) = 0 [pid 858] close(6) = 0 [pid 858] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 858] write(6, "#! ./file1\n", 11) = 11 [pid 858] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 858] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 858] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=858, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 [ 42.734739][ T858] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.766853][ T859] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-858: bg 0: block 234: padding at end of block bitmap is not set umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 863 ./strace-static-x86_64: Process 863 attached [pid 863] set_robust_list(0x555580e9b660, 24) = 0 [pid 863] chdir("./97") = 0 [pid 863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 863] setpgid(0, 0) = 0 [pid 863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 863] write(3, "1000", 4) = 4 [pid 863] close(3) = 0 [pid 863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 863] write(1, "executing program\n", 18executing program ) = 18 [pid 863] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 863] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 863] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 863] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 863] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 863] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 863] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 863] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 863] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 863] memfd_create("syzkaller", 0) = 5 [pid 863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 863] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 863] munmap(0x7f9466c6c000, 138412032) = 0 [pid 863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 863] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 863] close(5) = 0 [pid 863] close(6) = 0 [pid 863] mkdir("./file0", 0777) = 0 [pid 863] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 863] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 863] chdir("./file0") = 0 [pid 863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 863] ioctl(6, LOOP_CLR_FD) = 0 [pid 863] close(6) = 0 [pid 863] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 863] write(6, "#! ./file1\n", 11) = 11 [pid 863] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 863] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=863, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 [ 42.934532][ T863] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.966992][ T864] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-863: bg 0: block 234: padding at end of block bitmap is not set umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 868 ./strace-static-x86_64: Process 868 attached [pid 868] set_robust_list(0x555580e9b660, 24) = 0 [pid 868] chdir("./98") = 0 [pid 868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 868] setpgid(0, 0) = 0 [pid 868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 868] write(3, "1000", 4) = 4 [pid 868] close(3) = 0 [pid 868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 868] write(1, "executing program\n", 18executing program ) = 18 [pid 868] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 868] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 868] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 868] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 868] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 868] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 868] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 868] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 868] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 868] memfd_create("syzkaller", 0) = 5 [pid 868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 868] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 868] munmap(0x7f9466c6c000, 138412032) = 0 [pid 868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 868] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 868] close(5) = 0 [pid 868] close(6) = 0 [pid 868] mkdir("./file0", 0777) = 0 [pid 868] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 868] chdir("./file0") = 0 [pid 868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 868] ioctl(6, LOOP_CLR_FD) = 0 [pid 868] close(6) = 0 [pid 868] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 868] write(6, "#! ./file1\n", 11) = 11 [pid 868] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 868] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 868] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=868, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 [ 43.095123][ T868] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.127812][ T869] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-868: bg 0: block 234: padding at end of block bitmap is not set umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 874 ./strace-static-x86_64: Process 874 attached [pid 874] set_robust_list(0x555580e9b660, 24) = 0 [pid 874] chdir("./99") = 0 [pid 874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 874] setpgid(0, 0) = 0 [pid 874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 874] write(3, "1000", 4) = 4 [pid 874] close(3) = 0 [pid 874] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 874] write(1, "executing program\n", 18) = 18 [pid 874] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 874] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 874] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 874] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 874] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 874] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 874] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 874] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 874] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 874] memfd_create("syzkaller", 0) = 5 [pid 874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 874] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 874] munmap(0x7f9466c6c000, 138412032) = 0 [pid 874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 874] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 874] close(5) = 0 [pid 874] close(6) = 0 [pid 874] mkdir("./file0", 0777) = 0 [pid 874] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 874] chdir("./file0") = 0 [pid 874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 874] ioctl(6, LOOP_CLR_FD) = 0 [pid 874] close(6) = 0 [pid 874] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 874] write(6, "#! ./file1\n", 11) = 11 [pid 874] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 874] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 874] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=874, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 [ 43.294832][ T874] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.326812][ T875] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-874: bg 0: block 234: padding at end of block bitmap is not set umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 879 ./strace-static-x86_64: Process 879 attached [pid 879] set_robust_list(0x555580e9b660, 24) = 0 [pid 879] chdir("./100") = 0 [pid 879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 879] setpgid(0, 0) = 0 [pid 879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 879] write(3, "1000", 4) = 4 [pid 879] close(3) = 0 [pid 879] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 879] write(1, "executing program\n", 18) = 18 [pid 879] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 879] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 879] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 879] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 879] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 879] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 879] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 879] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 879] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 879] memfd_create("syzkaller", 0) = 5 [pid 879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 879] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 879] munmap(0x7f9466c6c000, 138412032) = 0 [pid 879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 879] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 879] close(5) = 0 [pid 879] close(6) = 0 [pid 879] mkdir("./file0", 0777) = 0 [pid 879] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 879] chdir("./file0") = 0 [pid 879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 879] ioctl(6, LOOP_CLR_FD) = 0 [pid 879] close(6) = 0 [pid 879] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 879] write(6, "#! ./file1\n", 11) = 11 [pid 879] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 43.580150][ T879] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 879] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 879] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=879, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 [ 43.622985][ T880] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-879: bg 0: block 234: padding at end of block bitmap is not set umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 885 ./strace-static-x86_64: Process 885 attached [pid 885] set_robust_list(0x555580e9b660, 24) = 0 [pid 885] chdir("./101") = 0 [pid 885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 885] setpgid(0, 0) = 0 [pid 885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 885] write(3, "1000", 4) = 4 [pid 885] close(3) = 0 [pid 885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 885] write(1, "executing program\n", 18) = 18 [pid 885] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 885] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 885] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 885] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 885] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 885] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 885] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 885] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 885] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 885] memfd_create("syzkaller", 0) = 5 [pid 885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 885] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 885] munmap(0x7f9466c6c000, 138412032) = 0 [pid 885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 885] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 885] close(5) = 0 [pid 885] close(6) = 0 [pid 885] mkdir("./file0", 0777) = 0 [pid 885] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 885] chdir("./file0") = 0 [pid 885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 885] ioctl(6, LOOP_CLR_FD) = 0 [pid 885] close(6) = 0 [pid 885] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 885] write(6, "#! ./file1\n", 11) = 11 [pid 885] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 885] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 885] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=885, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 [ 43.760095][ T885] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.787971][ T885] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 890 ./strace-static-x86_64: Process 890 attached [pid 890] set_robust_list(0x555580e9b660, 24) = 0 [pid 890] chdir("./102") = 0 [pid 890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 890] setpgid(0, 0) = 0 [pid 890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 890] write(3, "1000", 4) = 4 [pid 890] close(3) = 0 [pid 890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 890] write(1, "executing program\n", 18executing program ) = 18 [pid 890] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 890] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 890] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 890] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 890] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 890] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 890] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 890] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 890] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 890] memfd_create("syzkaller", 0) = 5 [pid 890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 890] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 890] munmap(0x7f9466c6c000, 138412032) = 0 [pid 890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 890] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 890] close(5) = 0 [pid 890] close(6) = 0 [pid 890] mkdir("./file0", 0777) = 0 [pid 890] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 890] chdir("./file0") = 0 [pid 890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 890] ioctl(6, LOOP_CLR_FD) = 0 [pid 890] close(6) = 0 [pid 890] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 890] write(6, "#! ./file1\n", 11) = 11 [pid 890] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 890] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 890] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=890, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 [ 43.980171][ T890] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.010746][ T891] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-890: bg 0: block 234: padding at end of block bitmap is not set umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 895 ./strace-static-x86_64: Process 895 attached [pid 895] set_robust_list(0x555580e9b660, 24) = 0 [pid 895] chdir("./103") = 0 [pid 895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 895] setpgid(0, 0) = 0 [pid 895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 895] write(3, "1000", 4) = 4 [pid 895] close(3) = 0 [pid 895] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 895] write(1, "executing program\n", 18) = 18 [pid 895] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 895] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 895] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 895] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 895] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 895] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 895] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 895] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 895] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 895] memfd_create("syzkaller", 0) = 5 [pid 895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 895] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 895] munmap(0x7f9466c6c000, 138412032) = 0 [pid 895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 895] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 895] close(5) = 0 [pid 895] close(6) = 0 [pid 895] mkdir("./file0", 0777) = 0 [pid 895] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 895] chdir("./file0") = 0 [pid 895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 895] ioctl(6, LOOP_CLR_FD) = 0 [pid 895] close(6) = 0 [pid 895] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 895] write(6, "#! ./file1\n", 11) = 11 [pid 895] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 895] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 895] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=895, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 44.180198][ T895] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.208624][ T895] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 901 attached [pid 901] set_robust_list(0x555580e9b660, 24) = 0 [pid 901] chdir("./104" [pid 357] <... clone resumed>, child_tidptr=0x555580e9b650) = 901 [pid 901] <... chdir resumed>) = 0 [pid 901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 901] setpgid(0, 0) = 0 [pid 901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 901] write(3, "1000", 4) = 4 [pid 901] close(3) = 0 [pid 901] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 901] write(1, "executing program\n", 18) = 18 [pid 901] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 901] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 901] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 901] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 901] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 901] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 901] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 901] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 901] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 901] memfd_create("syzkaller", 0) = 5 [pid 901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 901] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 901] munmap(0x7f9466c6c000, 138412032) = 0 [pid 901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 901] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 901] close(5) = 0 [pid 901] close(6) = 0 [pid 901] mkdir("./file0", 0777) = 0 [pid 901] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 901] chdir("./file0") = 0 [pid 901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 901] ioctl(6, LOOP_CLR_FD) = 0 [pid 901] close(6) = 0 [pid 901] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 901] write(6, "#! ./file1\n", 11) = 11 [pid 901] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 901] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 901] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=901, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 [ 44.370307][ T901] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.397140][ T901] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 906 ./strace-static-x86_64: Process 906 attached [pid 906] set_robust_list(0x555580e9b660, 24) = 0 [pid 906] chdir("./105") = 0 [pid 906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 906] setpgid(0, 0) = 0 [pid 906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 906] write(3, "1000", 4) = 4 [pid 906] close(3) = 0 [pid 906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 906] write(1, "executing program\n", 18executing program ) = 18 [pid 906] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 906] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 906] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 906] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 906] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 906] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 906] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 906] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 906] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 906] memfd_create("syzkaller", 0) = 5 [pid 906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 906] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 906] munmap(0x7f9466c6c000, 138412032) = 0 [pid 906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 906] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 906] close(5) = 0 [pid 906] close(6) = 0 [pid 906] mkdir("./file0", 0777) = 0 [pid 906] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 906] chdir("./file0") = 0 [pid 906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 906] ioctl(6, LOOP_CLR_FD) = 0 [pid 906] close(6) = 0 [pid 906] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 906] write(6, "#! ./file1\n", 11) = 11 [pid 906] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 906] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 906] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=906, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 [ 44.520378][ T906] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.542869][ T906] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 911 attached , child_tidptr=0x555580e9b650) = 911 [pid 911] set_robust_list(0x555580e9b660, 24) = 0 [pid 911] chdir("./106") = 0 [pid 911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 911] setpgid(0, 0) = 0 [pid 911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 911] write(3, "1000", 4) = 4 [pid 911] close(3) = 0 [pid 911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 911] write(1, "executing program\n", 18executing program ) = 18 [pid 911] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 911] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 911] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 911] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 911] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 911] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 911] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 911] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 911] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 911] memfd_create("syzkaller", 0) = 5 [pid 911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 911] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 911] munmap(0x7f9466c6c000, 138412032) = 0 [pid 911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 911] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 911] close(5) = 0 [pid 911] close(6) = 0 [pid 911] mkdir("./file0", 0777) = 0 [pid 911] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 911] chdir("./file0") = 0 [pid 911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 911] ioctl(6, LOOP_CLR_FD) = 0 [pid 911] close(6) = 0 [pid 911] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 911] write(6, "#! ./file1\n", 11) = 11 [pid 911] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 911] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 911] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=911, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 [ 44.650298][ T911] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.677778][ T911] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 916 ./strace-static-x86_64: Process 916 attached [pid 916] set_robust_list(0x555580e9b660, 24) = 0 [pid 916] chdir("./107") = 0 [pid 916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 916] setpgid(0, 0) = 0 [pid 916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 916] write(3, "1000", 4) = 4 [pid 916] close(3) = 0 [pid 916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 916] write(1, "executing program\n", 18executing program ) = 18 [pid 916] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 916] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 916] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 916] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 916] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 916] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 916] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 916] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 916] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 916] memfd_create("syzkaller", 0) = 5 [pid 916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 916] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 916] munmap(0x7f9466c6c000, 138412032) = 0 [pid 916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 916] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 916] close(5) = 0 [pid 916] close(6) = 0 [pid 916] mkdir("./file0", 0777) = 0 [pid 916] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 916] chdir("./file0") = 0 [pid 916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 916] ioctl(6, LOOP_CLR_FD) = 0 [pid 916] close(6) = 0 [pid 916] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 916] write(6, "#! ./file1\n", 11) = 11 [pid 916] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 916] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=916, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 [ 44.860133][ T916] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.891830][ T917] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-916: bg 0: block 234: padding at end of block bitmap is not set umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 921 ./strace-static-x86_64: Process 921 attached [pid 921] set_robust_list(0x555580e9b660, 24) = 0 [pid 921] chdir("./108") = 0 [pid 921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 921] setpgid(0, 0) = 0 [pid 921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 921] write(3, "1000", 4) = 4 [pid 921] close(3) = 0 [pid 921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 921] write(1, "executing program\n", 18executing program ) = 18 [pid 921] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 921] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 921] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 921] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 921] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 921] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 921] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 921] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 921] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 921] memfd_create("syzkaller", 0) = 5 [pid 921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 921] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 921] munmap(0x7f9466c6c000, 138412032) = 0 [pid 921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 921] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 921] close(5) = 0 [pid 921] close(6) = 0 [pid 921] mkdir("./file0", 0777) = 0 [pid 921] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 921] chdir("./file0") = 0 [pid 921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 921] ioctl(6, LOOP_CLR_FD) = 0 [pid 921] close(6) = 0 [pid 921] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 921] write(6, "#! ./file1\n", 11) = 11 [pid 921] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 921] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 921] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=921, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 [ 45.020191][ T921] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.052250][ T922] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-921: bg 0: block 234: padding at end of block bitmap is not set umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 926 attached , child_tidptr=0x555580e9b650) = 926 [pid 926] set_robust_list(0x555580e9b660, 24) = 0 [pid 926] chdir("./109") = 0 [pid 926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 926] setpgid(0, 0) = 0 [pid 926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 926] write(3, "1000", 4) = 4 [pid 926] close(3) = 0 [pid 926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 926] write(1, "executing program\n", 18executing program ) = 18 [pid 926] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 926] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 926] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 926] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 926] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 926] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 926] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 926] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 926] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 926] memfd_create("syzkaller", 0) = 5 [pid 926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 926] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 926] munmap(0x7f9466c6c000, 138412032) = 0 [pid 926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 926] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 926] close(5) = 0 [pid 926] close(6) = 0 [pid 926] mkdir("./file0", 0777) = 0 [pid 926] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 926] chdir("./file0") = 0 [pid 926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 926] ioctl(6, LOOP_CLR_FD) = 0 [pid 926] close(6) = 0 [pid 926] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 926] write(6, "#! ./file1\n", 11) = 11 [pid 926] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 926] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 926] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=926, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 [ 45.190102][ T926] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.221990][ T927] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-926: bg 0: block 234: padding at end of block bitmap is not set umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 932 ./strace-static-x86_64: Process 932 attached [pid 932] set_robust_list(0x555580e9b660, 24) = 0 [pid 932] chdir("./110") = 0 [pid 932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 932] setpgid(0, 0) = 0 [pid 932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 932] write(3, "1000", 4) = 4 [pid 932] close(3) = 0 [pid 932] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 932] write(1, "executing program\n", 18) = 18 [pid 932] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 932] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 932] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 932] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 932] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 932] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 932] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 932] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 932] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 932] memfd_create("syzkaller", 0) = 5 [pid 932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 932] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 932] munmap(0x7f9466c6c000, 138412032) = 0 [pid 932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 932] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 932] close(5) = 0 [pid 932] close(6) = 0 [pid 932] mkdir("./file0", 0777) = 0 [pid 932] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 932] chdir("./file0") = 0 [pid 932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 932] ioctl(6, LOOP_CLR_FD) = 0 [pid 932] close(6) = 0 [pid 932] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 932] write(6, "#! ./file1\n", 11) = 11 [pid 932] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 932] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 932] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=932, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 [ 45.340183][ T932] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.371968][ T933] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-932: bg 0: block 234: padding at end of block bitmap is not set umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 937 ./strace-static-x86_64: Process 937 attached [pid 937] set_robust_list(0x555580e9b660, 24) = 0 [pid 937] chdir("./111") = 0 [pid 937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 937] setpgid(0, 0) = 0 [pid 937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 937] write(3, "1000", 4) = 4 [pid 937] close(3) = 0 [pid 937] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 937] write(1, "executing program\n", 18) = 18 [pid 937] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 937] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 937] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 937] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 937] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 937] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 937] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 937] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 937] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 937] memfd_create("syzkaller", 0) = 5 [pid 937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 937] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 937] munmap(0x7f9466c6c000, 138412032) = 0 [pid 937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 937] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 937] close(5) = 0 [pid 937] close(6) = 0 [pid 937] mkdir("./file0", 0777) = 0 [pid 937] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 937] chdir("./file0") = 0 [pid 937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 937] ioctl(6, LOOP_CLR_FD) = 0 [pid 937] close(6) = 0 [pid 937] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 937] write(6, "#! ./file1\n", 11) = 11 [pid 937] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 45.620194][ T937] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 937] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 937] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=937, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 [ 45.663089][ T938] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-937: bg 0: block 234: padding at end of block bitmap is not set umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 942 ./strace-static-x86_64: Process 942 attached [pid 942] set_robust_list(0x555580e9b660, 24) = 0 [pid 942] chdir("./112") = 0 [pid 942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 942] setpgid(0, 0) = 0 [pid 942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 942] write(3, "1000", 4) = 4 [pid 942] close(3) = 0 [pid 942] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 942] write(1, "executing program\n", 18) = 18 [pid 942] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 942] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 942] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 942] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 942] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 942] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 942] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 942] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 942] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 942] memfd_create("syzkaller", 0) = 5 [pid 942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 942] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 942] munmap(0x7f9466c6c000, 138412032) = 0 [pid 942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 942] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 942] close(5) = 0 [pid 942] close(6) = 0 [pid 942] mkdir("./file0", 0777) = 0 [pid 942] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 942] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 942] chdir("./file0") = 0 [pid 942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 942] ioctl(6, LOOP_CLR_FD) = 0 [pid 942] close(6) = 0 [pid 942] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 942] write(6, "#! ./file1\n", 11) = 11 [pid 942] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 942] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 942] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=942, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 [ 45.820307][ T942] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.852708][ T943] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-942: bg 0: block 234: padding at end of block bitmap is not set umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 947 ./strace-static-x86_64: Process 947 attached [pid 947] set_robust_list(0x555580e9b660, 24) = 0 [pid 947] chdir("./113") = 0 [pid 947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 947] setpgid(0, 0) = 0 [pid 947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 947] write(3, "1000", 4) = 4 [pid 947] close(3) = 0 [pid 947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 947] write(1, "executing program\n", 18executing program ) = 18 [pid 947] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 947] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 947] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 947] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 947] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 947] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 947] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 947] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 947] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 947] memfd_create("syzkaller", 0) = 5 [pid 947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 947] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 947] munmap(0x7f9466c6c000, 138412032) = 0 [pid 947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 947] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 947] close(5) = 0 [pid 947] close(6) = 0 [pid 947] mkdir("./file0", 0777) = 0 [pid 947] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 947] chdir("./file0") = 0 [pid 947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 947] ioctl(6, LOOP_CLR_FD) = 0 [pid 947] close(6) = 0 [pid 947] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 947] write(6, "#! ./file1\n", 11) = 11 [pid 947] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 46.029373][ T947] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 947] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 947] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=947, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 [ 46.069821][ T948] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-947: bg 0: block 234: padding at end of block bitmap is not set umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 952 ./strace-static-x86_64: Process 952 attached [pid 952] set_robust_list(0x555580e9b660, 24) = 0 [pid 952] chdir("./114") = 0 [pid 952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 952] setpgid(0, 0) = 0 [pid 952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 952] write(3, "1000", 4) = 4 [pid 952] close(3) = 0 [pid 952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 952] write(1, "executing program\n", 18executing program ) = 18 [pid 952] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 952] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 952] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 952] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 952] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 952] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 952] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 952] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 952] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 952] memfd_create("syzkaller", 0) = 5 [pid 952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 952] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 952] munmap(0x7f9466c6c000, 138412032) = 0 [pid 952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 952] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 952] close(5) = 0 [pid 952] close(6) = 0 [pid 952] mkdir("./file0", 0777) = 0 [pid 952] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 952] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 952] chdir("./file0") = 0 [pid 952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 952] ioctl(6, LOOP_CLR_FD) = 0 [pid 952] close(6) = 0 [pid 952] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 952] write(6, "#! ./file1\n", 11) = 11 [pid 952] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 952] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 952] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=952, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 [ 46.229422][ T952] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor209: bg 0: block 234: padding at end of block bitmap is not set umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 958 ./strace-static-x86_64: Process 958 attached [pid 958] set_robust_list(0x555580e9b660, 24) = 0 [pid 958] chdir("./115") = 0 [pid 958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 958] setpgid(0, 0) = 0 [pid 958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 958] write(3, "1000", 4) = 4 [pid 958] close(3) = 0 [pid 958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 958] write(1, "executing program\n", 18executing program ) = 18 [pid 958] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 958] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 958] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 958] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 958] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 958] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 958] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 958] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 958] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 958] memfd_create("syzkaller", 0) = 5 [pid 958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 958] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 958] munmap(0x7f9466c6c000, 138412032) = 0 [pid 958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 958] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 958] close(5) = 0 [pid 958] close(6) = 0 [pid 958] mkdir("./file0", 0777) = 0 [pid 958] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 958] chdir("./file0") = 0 [pid 958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 958] ioctl(6, LOOP_CLR_FD) = 0 [pid 958] close(6) = 0 [pid 958] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 958] write(6, "#! ./file1\n", 11) = 11 [pid 958] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 958] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 958] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=958, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 [ 46.377351][ T959] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-958: bg 0: block 234: padding at end of block bitmap is not set umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555580ea4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555580ea4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x555580e9c6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555580e9b650) = 963 ./strace-static-x86_64: Process 963 attached [pid 963] set_robust_list(0x555580e9b660, 24) = 0 [pid 963] chdir("./116") = 0 [pid 963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 963] setpgid(0, 0) = 0 [pid 963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 963] write(3, "1000", 4) = 4 [pid 963] close(3) = 0 [pid 963] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 963] write(1, "executing program\n", 18) = 18 [pid 963] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 963] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 963] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 963] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 963] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 963] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 963] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 963] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 963] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 963] memfd_create("syzkaller", 0) = 5 [pid 963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9466c6c000 [pid 963] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 963] munmap(0x7f9466c6c000, 138412032) = 0 [pid 963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 963] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 963] close(5) = 0 [pid 963] close(6) = 0 [pid 963] mkdir("./file0", 0777) = 0 [pid 963] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 963] chdir("./file0") = 0 [pid 963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 963] ioctl(6, LOOP_CLR_FD) = 0 [pid 963] close(6) = 0 [pid 963] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 963] write(6, "#! ./file1\n", 11) = 11 [pid 963] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 963] exit_group(0) = ? [pid 963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=963, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555580e9c6f0 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 [ 46.522046][ T964] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-963: bg 0: block 234: padding at end of block bitmap is not set [ 46.549717][ T7] ------------[ cut here ]------------ [ 46.555103][ T7] kernel BUG at fs/ext4/inode.c:2844! [ 46.560623][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 46.566498][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.290-syzkaller-00001-g986c38813dff #0 [ 46.576043][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 46.586046][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 46.591844][ T7] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 46.597488][ T7] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 46.617005][ T7] RSP: 0018:ffff8881f5db70c0 EFLAGS: 00010293 [ 46.622921][ T7] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f5d6af40 [ 46.630804][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 46.638719][ T7] RBP: ffff8881f5db74b0 R08: ffffffff81cae736 R09: ffffed103b19bdd8 [ 46.646513][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d8cdef68 [ 46.654328][ T7] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 46.662331][ T7] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 46.671083][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.677597][ T7] CR2: 00007ffc43105ff8 CR3: 00000001da405000 CR4: 00000000003406a0 [ 46.685408][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.693301][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.701197][ T7] Call Trace: [ 46.704418][ T7] ? __die+0xbc/0x100 [ 46.708233][ T7] ? die+0x2a/0x50 [ 46.711793][ T7] ? do_trap+0x1a4/0x310 [ 46.716060][ T7] ? do_invalid_op+0x105/0x120 [ 46.720646][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 46.725593][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 46.730540][ T7] ? invalid_op+0x1e/0x30 [ 46.734706][ T7] ? ext4_writepages+0x8e6/0x3cc0 [ 46.739564][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 46.744633][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 46.749697][ T7] ? debug_smp_processor_id+0x20/0x20 [ 46.755034][ T7] ? check_preemption_disabled+0x9f/0x320 [ 46.760555][ T7] ? __kasan_check_read+0x11/0x20 [ 46.765421][ T7] ? mark_page_accessed+0x280/0x670 [ 46.770458][ T7] ? write_boundary_block+0x150/0x150 [ 46.775666][ T7] ? check_preemption_disabled+0x9f/0x320 [ 46.781232][ T7] ? ext4_readpage+0x2d0/0x2d0 [ 46.785811][ T7] ? __getblk_gfp+0x3d/0x770 [ 46.790335][ T7] ? update_load_avg+0xc23/0x1250 [ 46.795200][ T7] ? check_preemption_disabled+0x9f/0x320 [ 46.800851][ T7] ? update_load_avg+0x43f/0x1250 [ 46.805709][ T7] ? check_preemption_disabled+0x9f/0x320 [ 46.811275][ T7] ? ext4_readpage+0x2d0/0x2d0 [ 46.816019][ T7] do_writepages+0x12b/0x270 [ 46.820450][ T7] ? __writepage+0x110/0x110 [ 46.825160][ T7] ? __kasan_check_write+0x14/0x20 [ 46.830097][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 46.834694][ T7] ? _raw_spin_trylock_bh+0x190/0x190 [ 46.840063][ T7] __writeback_single_inode+0xdb/0xc80 [ 46.845575][ T7] writeback_sb_inodes+0x9e0/0x1800 [ 46.850586][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 46.855184][ T7] ? queue_io+0x5b0/0x5b0 [ 46.859348][ T7] ? writeback_sb_inodes+0x1800/0x1800 [ 46.864656][ T7] ? queue_io+0x3f8/0x5b0 [ 46.868820][ T7] wb_writeback+0x403/0xd70 [ 46.873371][ T7] ? wb_io_lists_depopulated+0x170/0x170 [ 46.878907][ T7] ? check_preemption_disabled+0x9f/0x320 [ 46.884889][ T7] ? debug_smp_processor_id+0x20/0x20 [ 46.890058][ T7] ? __kasan_check_write+0x14/0x20 [ 46.895012][ T7] ? check_preemption_disabled+0x9f/0x320 [ 46.900560][ T7] wb_workfn+0x3b6/0x1230 [ 46.904928][ T7] ? inode_wait_for_writeback+0x280/0x280 [ 46.910472][ T7] ? __kasan_check_read+0x11/0x20 [ 46.915354][ T7] ? switch_mm_irqs_off+0x35a/0xab0 [ 46.920521][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 46.925564][ T7] ? finish_task_switch+0x130/0x590 [ 46.930772][ T7] ? __schedule+0xb0d/0x1320 [ 46.935370][ T7] ? __kasan_check_read+0x11/0x20 [ 46.940235][ T7] ? strscpy+0x9c/0x260 [ 46.944212][ T7] process_one_work+0x781/0xd50 [ 46.948899][ T7] worker_thread+0xa27/0x1360 [ 46.953428][ T7] kthread+0x321/0x3a0 [ 46.957318][ T7] ? worker_clr_flags+0x180/0x180 [ 46.962176][ T7] ? kthread_blkcg+0xd0/0xd0 [ 46.966631][ T7] ret_from_fork+0x1f/0x30 [ 46.970849][ T7] Modules linked in: [ 46.974710][ T7] ---[ end trace 87c0a048b6aac791 ]--- [ 46.980116][ T7] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 46.985635][ T7] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 47.005214][ T7] RSP: 0018:ffff8881f5db70c0 EFLAGS: 00010293 [ 47.011124][ T7] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f5d6af40 [ 47.018917][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 47.026704][ T7] RBP: ffff8881f5db74b0 R08: ffffffff81cae736 R09: ffffed103b19bdd8 [ 47.034585][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d8cdef68 [ 47.042360][ T7] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 47.050480][ T7] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 47.059237][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.065966][ T7] CR2: 00007ffc43105ff8 CR3: 00000001da405000 CR4: 00000000003406a0 [ 47.074181][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.082148][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.089958][ T7] Kernel panic - not syncing: Fatal exception [ 47.096109][ T7] Kernel Offset: disabled [ 47.100239][ T7] Rebooting in 86400 seconds..