./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2576810163 <...> Warning: Permanently added '10.128.0.151' (ED25519) to the list of known hosts. execve("./syz-executor2576810163", ["./syz-executor2576810163"], 0x7fff0701e900 /* 10 vars */) = 0 brk(NULL) = 0x55558a0de000 brk(0x55558a0ded40) = 0x55558a0ded40 arch_prctl(ARCH_SET_FS, 0x55558a0de3c0) = 0 set_tid_address(0x55558a0de690) = 282 set_robust_list(0x55558a0de6a0, 24) = 0 rseq(0x55558a0dece0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2576810163", 4096) = 28 getrandom("\xba\x94\x6f\x7f\x92\x51\xcd\x00", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558a0ded40 brk(0x55558a0ffd40) = 0x55558a0ffd40 brk(0x55558a100000) = 0x55558a100000 mprotect(0x7f694ce74000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.NSFYaV", 0700) = 0 chmod("./syzkaller.NSFYaV", 0777) = 0 chdir("./syzkaller.NSFYaV") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 283 ./strace-static-x86_64: Process 283 attached [pid 283] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 283] chdir("./0") = 0 [pid 283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 283] setpgid(0, 0) = 0 [pid 283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 283] write(3, "1000", 4) = 4 [pid 283] close(3) = 0 [pid 283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 283] write(1, "executing program\n", 18executing program ) = 18 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 23.380220][ T24] audit: type=1400 audit(1750581500.379:64): avc: denied { execmem } for pid=282 comm="syz-executor257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.403150][ T24] audit: type=1400 audit(1750581500.409:65): avc: denied { read write } for pid=282 comm="syz-executor257" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 283] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[285]}, 88) = 285 [pid 283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 285 attached [pid 285] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 285] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [pid 285] memfd_create("syzkaller", 0) = 5 [pid 285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 285] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 285] munmap(0x7f694498e000, 138412032) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.428142][ T24] audit: type=1400 audit(1750581500.409:66): avc: denied { open } for pid=282 comm="syz-executor257" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.453600][ T24] audit: type=1400 audit(1750581500.429:67): avc: denied { ioctl } for pid=282 comm="syz-executor257" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 285] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 285] close(5) = 0 [pid 285] close(6) = 0 [pid 285] mkdir("./file0", 0777) = 0 [ 23.479712][ T24] audit: type=1400 audit(1750581500.439:68): avc: denied { read write } for pid=283 comm="syz-executor257" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 23.504941][ T24] audit: type=1400 audit(1750581500.439:69): avc: denied { open } for pid=283 comm="syz-executor257" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 23.529550][ T24] audit: type=1400 audit(1750581500.439:70): avc: denied { ioctl } for pid=283 comm="syz-executor257" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 23.555501][ T24] audit: type=1400 audit(1750581500.489:71): avc: denied { mounton } for pid=283 comm="syz-executor257" path="/root/syzkaller.NSFYaV/0/file0" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 285] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 285] chdir("./file0") = 0 [pid 285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 285] ioctl(6, LOOP_CLR_FD) = 0 [pid 285] close(6) = 0 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... futex resumed>) = 1 [ 23.586878][ T285] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.606930][ T24] audit: type=1400 audit(1750581500.609:72): avc: denied { mount } for pid=283 comm="syz-executor257" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 285] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 285] write(6, "#! ./file1\n", 11 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... write resumed>) = 11 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 285] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 283] <... futex resumed>) = ? [pid 285] +++ killed by SIGBUS +++ [pid 283] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=283, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 290 ./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 290] chdir("./1") = 0 [pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 290] setpgid(0, 0) = 0 [pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 290] write(3, "1000", 4) = 4 [pid 290] close(3) = 0 [pid 290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] write(1, "executing program\n", 18executing program ) = 18 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [ 23.629712][ T24] audit: type=1400 audit(1750581500.629:73): avc: denied { write } for pid=283 comm="syz-executor257" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.654096][ T286] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-285: bg 0: block 234: padding at end of block bitmap is not set [pid 290] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 291 attached [pid 291] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 291] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... clone3 resumed> => {parent_tid=[291]}, 88) = 291 [pid 290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 291] <... futex resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 291] <... futex resumed>) = 0 [pid 291] ioctl(3, VHOST_SET_OWNER [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... ioctl resumed>, 0) = 0 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 291] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 291] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] memfd_create("syzkaller", 0 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 291] <... memfd_create resumed>) = 5 [pid 291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 291] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 291] munmap(0x7f694498e000, 138412032) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 291] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 291] close(5) = 0 [pid 291] close(6) = 0 [pid 291] mkdir("./file0", 0777) = 0 [pid 291] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 291] chdir("./file0") = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 291] ioctl(6, LOOP_CLR_FD) = 0 [pid 291] close(6) = 0 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] write(6, "#! ./file1\n", 11) = 11 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 291] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 291] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 0 [pid 291] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 290] <... futex resumed>) = ? [pid 291] +++ killed by SIGBUS +++ [pid 290] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=290, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 23.772435][ T291] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.803758][ T292] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-291: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 296] chdir("./2") = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] write(1, "executing program\n", 18executing program ) = 18 [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 296] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 297 attached => {parent_tid=[297]}, 88) = 297 [pid 297] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] ioctl(3, VHOST_SET_OWNER [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... ioctl resumed>, 0) = 0 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 296] <... futex resumed>) = 1 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 1 [pid 297] memfd_create("syzkaller", 0) = 5 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 297] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] <... write resumed>) = 1048576 [pid 297] munmap(0x7f694498e000, 138412032) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 297] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 297] close(5) = 0 [pid 297] close(6) = 0 [pid 297] mkdir("./file0", 0777) = 0 [pid 297] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 297] chdir("./file0") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 297] ioctl(6, LOOP_CLR_FD) = 0 [pid 297] close(6) = 0 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] write(6, "#! ./file1\n", 11) = 11 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 297] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 0 [pid 297] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 296] <... futex resumed>) = ? [pid 297] +++ killed by SIGBUS +++ [pid 296] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=296, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 24.052172][ T297] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.087643][ T298] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-297: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 302] chdir("./3") = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] write(1, "executing program\n", 18) = 18 [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 302] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... clone3 resumed> => {parent_tid=[303]}, 88) = 303 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_OWNER [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... ioctl resumed>, 0) = 0 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 303] eventfd2(118, EFD_SEMAPHORE [pid 302] <... futex resumed>) = 1 [pid 303] <... eventfd2 resumed>) = 4 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_VRING_ERR [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 303] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 303] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 303] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 303] memfd_create("syzkaller", 0) = 5 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 303] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 303] <... write resumed>) = 1048576 [pid 303] munmap(0x7f694498e000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 303] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 303] close(5) = 0 [pid 303] close(6) = 0 [pid 303] mkdir("./file0", 0777) = 0 [pid 303] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 303] chdir("./file0") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 303] ioctl(6, LOOP_CLR_FD) = 0 [pid 303] close(6) = 0 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] write(6, "#! ./file1\n", 11) = 11 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 303] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [ 24.322165][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 303] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 302] <... futex resumed>) = ? [pid 303] +++ killed by SIGBUS +++ [pid 302] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=302, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 24.363037][ T303] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 308 ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 308] chdir("./4") = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 308] write(1, "executing program\n", 18) = 18 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 308] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... clone3 resumed> => {parent_tid=[309]}, 88) = 309 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 309] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... openat resumed>) = 3 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 309] ioctl(3, VHOST_SET_OWNER [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... ioctl resumed>, 0) = 0 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 309] memfd_create("syzkaller", 0) = 5 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 309] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 309] munmap(0x7f694498e000, 138412032) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 309] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 309] close(5) = 0 [pid 309] close(6) = 0 [pid 309] mkdir("./file0", 0777) = 0 [pid 309] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 309] chdir("./file0") = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 309] ioctl(6, LOOP_CLR_FD) = 0 [pid 309] close(6) = 0 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 309] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 309] write(6, "#! ./file1\n", 11) = 11 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 309] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 309] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 1 [pid 309] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 308] <... futex resumed>) = ? [pid 309] +++ killed by SIGBUS +++ [pid 308] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=308, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 24.502061][ T309] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.524640][ T309] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 314 attached , child_tidptr=0x55558a0de690) = 314 [pid 314] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 314] chdir("./5") = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 314] write(1, "executing program\n", 18executing program ) = 18 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 314] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 315 attached => {parent_tid=[315]}, 88) = 315 [pid 315] set_robust_list(0x7f694cdae9a0, 24 [pid 314] rt_sigprocmask(SIG_SETMASK, [], [pid 315] <... set_robust_list resumed>) = 0 [pid 314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 315] rt_sigprocmask(SIG_SETMASK, [], [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 315] <... futex resumed>) = 1 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] ioctl(3, VHOST_SET_OWNER [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... ioctl resumed>, 0) = 0 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] <... futex resumed>) = 0 [pid 315] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 314] <... futex resumed>) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... ioctl resumed>, 0x200000000300) = 0 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 315] <... futex resumed>) = 1 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] ioctl(3, VHOST_SET_MEM_TABLE [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... ioctl resumed>, 0x200000003380) = 0 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 315] <... futex resumed>) = 1 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 1 [pid 314] <... futex resumed>) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_KICK [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... ioctl resumed>, 0x200000000000) = 0 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] <... futex resumed>) = 0 [pid 315] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... ioctl resumed>, 0x200000000140) = 0 [pid 314] <... futex resumed>) = 0 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] memfd_create("syzkaller", 0 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... memfd_create resumed>) = 5 [pid 314] <... futex resumed>) = 0 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 315] <... mmap resumed>) = 0x7f694498e000 [pid 315] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 315] munmap(0x7f694498e000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 315] close(5) = 0 [pid 315] close(6) = 0 [pid 315] mkdir("./file0", 0777) = 0 [pid 315] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 315] chdir("./file0") = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_CLR_FD) = 0 [pid 315] close(6) = 0 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] write(6, "#! ./file1\n", 11) = 11 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 315] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 314] <... futex resumed>) = ? [pid 315] +++ killed by SIGBUS +++ [pid 314] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=314, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 24.692584][ T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.715903][ T315] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 320] chdir("./6") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] write(1, "executing program\n", 18executing program ) = 18 [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 320] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] <... clone3 resumed> => {parent_tid=[321]}, 88) = 321 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] ioctl(3, VHOST_SET_OWNER [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... ioctl resumed>, 0) = 0 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 320] <... futex resumed>) = 1 [pid 321] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 320] <... futex resumed>) = 1 [pid 321] memfd_create("syzkaller", 0) = 5 [pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 321] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 321] <... write resumed>) = 1048576 [pid 321] munmap(0x7f694498e000, 138412032) = 0 [pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 321] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 321] close(5) = 0 [pid 321] close(6) = 0 [pid 321] mkdir("./file0", 0777) = 0 [pid 321] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 321] chdir("./file0") = 0 [pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 321] ioctl(6, LOOP_CLR_FD) = 0 [pid 321] close(6) = 0 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] write(6, "#! ./file1\n", 11) = 11 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 321] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 320] <... futex resumed>) = ? [pid 321] +++ killed by SIGBUS +++ [pid 320] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=320, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 24.863836][ T321] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.892799][ T322] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-321: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 326 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 326] chdir("./7") = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [pid 326] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 326] write(1, "executing program\n", 18) = 18 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 326] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 326] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 326] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 326] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 327 attached => {parent_tid=[327]}, 88) = 327 [pid 327] set_robust_list(0x7f694cdae9a0, 24 [pid 326] rt_sigprocmask(SIG_SETMASK, [], [pid 327] <... set_robust_list resumed>) = 0 [pid 326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 327] rt_sigprocmask(SIG_SETMASK, [], [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] ioctl(3, VHOST_SET_OWNER [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... ioctl resumed>, 0) = 0 [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] ioctl(3, VHOST_SET_VRING_ADDR [pid 326] <... futex resumed>) = 0 [pid 327] <... ioctl resumed>, 0x200000000300) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] ioctl(3, VHOST_SET_MEM_TABLE [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... ioctl resumed>, 0x200000003380) = 0 [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] eventfd2(118, EFD_SEMAPHORE [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... eventfd2 resumed>) = 4 [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 326] <... futex resumed>) = 0 [pid 327] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 326] <... futex resumed>) = 0 [pid 327] ioctl(3, VHOST_SET_VRING_ERR [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] ioctl(3, VHOST_SET_VRING_ADDR [pid 326] <... futex resumed>) = 0 [pid 327] <... ioctl resumed>, 0x200000000240) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] ioctl(3, VHOST_SET_VRING_KICK [pid 326] <... futex resumed>) = 0 [pid 327] <... ioctl resumed>, 0x200000000000) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 326] <... futex resumed>) = 0 [pid 327] <... ioctl resumed>, 0x200000000140) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 327] memfd_create("syzkaller", 0) = 5 [pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 327] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 327] munmap(0x7f694498e000, 138412032) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 327] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 327] close(5) = 0 [pid 327] close(6) = 0 [pid 327] mkdir("./file0", 0777) = 0 [pid 327] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 327] chdir("./file0") = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 327] ioctl(6, LOOP_CLR_FD) = 0 [pid 327] close(6) = 0 [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] write(6, "#! ./file1\n", 11) = 11 [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 327] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [ 25.043657][ T327] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 327] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 326] <... futex resumed>) = ? [pid 327] +++ killed by SIGBUS +++ [pid 326] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=326, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 25.085419][ T328] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-327: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 332] chdir("./8") = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 332] write(1, "executing program\n", 18) = 18 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 332] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[333]}, 88) = 333 [pid 332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] memfd_create("syzkaller", 0) = 5 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 333] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 333] munmap(0x7f694498e000, 138412032) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 333] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 333] close(5) = 0 [pid 333] close(6) = 0 [pid 333] mkdir("./file0", 0777) = 0 [pid 333] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 333] chdir("./file0") = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 333] ioctl(6, LOOP_CLR_FD) = 0 [pid 333] close(6) = 0 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] write(6, "#! ./file1\n", 11) = 11 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 333] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 332] <... futex resumed>) = ? [pid 333] +++ killed by SIGBUS +++ [pid 332] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=332, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 25.282107][ T333] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.309871][ T333] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 338 attached , child_tidptr=0x55558a0de690) = 338 [pid 338] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 338] chdir("./9") = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 338] write(1, "executing program\n", 18executing program ) = 18 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 338] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 339 attached => {parent_tid=[339]}, 88) = 339 [pid 339] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 339] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 338] <... futex resumed>) = 1 [pid 339] ioctl(3, VHOST_SET_OWNER [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... ioctl resumed>, 0) = 0 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] memfd_create("syzkaller", 0) = 5 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 339] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 339] munmap(0x7f694498e000, 138412032) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 339] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 339] close(5) = 0 [pid 339] close(6) = 0 [pid 339] mkdir("./file0", 0777) = 0 [pid 339] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 339] chdir("./file0") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 339] ioctl(6, LOOP_CLR_FD) = 0 [pid 339] close(6) = 0 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] write(6, "#! ./file1\n", 11) = 11 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 339] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 338] <... futex resumed>) = ? [pid 339] +++ killed by SIGBUS +++ [pid 338] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=338, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 25.432226][ T339] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.463561][ T340] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-339: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 344 attached , child_tidptr=0x55558a0de690) = 344 [pid 344] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 344] chdir("./10") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] write(1, "executing program\n", 18executing program ) = 18 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 344] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[345]}, 88) = 345 [pid 344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 345] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] ioctl(3, VHOST_SET_VRING_ADDR [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... ioctl resumed>, 0x200000000300) = 0 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 345] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] ioctl(3, VHOST_SET_VRING_ERR [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 345] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 344] <... futex resumed>) = 1 [pid 345] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 344] <... futex resumed>) = 0 [pid 345] <... ioctl resumed>, 0x200000000140) = 0 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 344] <... futex resumed>) = 1 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 345] memfd_create("syzkaller", 0) = 5 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 345] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 345] munmap(0x7f694498e000, 138412032) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 345] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 345] close(5) = 0 [pid 345] close(6) = 0 [pid 345] mkdir("./file0", 0777) = 0 [pid 345] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 345] chdir("./file0") = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 345] ioctl(6, LOOP_CLR_FD) = 0 [pid 345] close(6) = 0 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] write(6, "#! ./file1\n", 11) = 11 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 345] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [ 25.671801][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 344] <... futex resumed>) = ? [pid 345] +++ killed by SIGBUS +++ [pid 344] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=344, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 25.713788][ T346] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-345: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 350 attached , child_tidptr=0x55558a0de690) = 350 [pid 350] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 350] chdir("./11") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 350] write(1, "executing program\n", 18executing program ) = 18 [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 350] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] <... clone3 resumed> => {parent_tid=[351]}, 88) = 351 [pid 350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 351] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 351] ioctl(3, VHOST_SET_OWNER [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... ioctl resumed>, 0) = 0 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 350] <... futex resumed>) = 1 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 351] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 351] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] <... futex resumed>) = 0 [pid 351] ioctl(3, VHOST_SET_VRING_ERR [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] <... futex resumed>) = 0 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] <... futex resumed>) = 0 [pid 351] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 350] <... futex resumed>) = 1 [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] <... futex resumed>) = 0 [pid 351] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... ioctl resumed>, 0x200000000140) = 0 [pid 350] <... futex resumed>) = 0 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 0 [pid 350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 350] <... futex resumed>) = 1 [pid 351] memfd_create("syzkaller", 0 [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 351] <... memfd_create resumed>) = 5 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 351] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 351] munmap(0x7f694498e000, 138412032) = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 351] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 351] close(5) = 0 [pid 351] close(6) = 0 [pid 351] mkdir("./file0", 0777) = 0 [pid 351] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 351] chdir("./file0") = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 351] ioctl(6, LOOP_CLR_FD) = 0 [pid 351] close(6) = 0 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 351] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] write(6, "#! ./file1\n", 11) = 11 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 351] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 25.922205][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 350] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 0 [pid 351] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 350] <... futex resumed>) = ? [pid 351] +++ killed by SIGBUS +++ [pid 350] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=350, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 25.965439][ T352] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-351: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 356 ./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 356] chdir("./12") = 0 [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 356] setpgid(0, 0) = 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] write(3, "1000", 4) = 4 [pid 356] close(3) = 0 [pid 356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 356] write(1, "executing program\n", 18executing program ) = 18 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 356] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 356] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 357 attached => {parent_tid=[357]}, 88) = 357 [pid 357] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 357] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 356] <... futex resumed>) = 1 [pid 357] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 357] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 356] <... futex resumed>) = 0 [pid 357] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 357] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 357] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] eventfd2(118, EFD_SEMAPHORE [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... eventfd2 resumed>) = 4 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] ioctl(3, VHOST_SET_VRING_ERR [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 357] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] ioctl(3, VHOST_SET_VRING_ADDR [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... ioctl resumed>, 0x200000000240) = 0 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] <... futex resumed>) = 0 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 356] <... futex resumed>) = 0 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 357] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 356] <... futex resumed>) = 1 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 357] memfd_create("syzkaller", 0) = 5 [pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 357] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 357] munmap(0x7f694498e000, 138412032) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 357] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 357] close(5) = 0 [pid 357] close(6) = 0 [pid 357] mkdir("./file0", 0777) = 0 [pid 357] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 357] chdir("./file0") = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 357] ioctl(6, LOOP_CLR_FD) = 0 [pid 357] close(6) = 0 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] write(6, "#! ./file1\n", 11) = 11 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 357] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... futex resumed>) = 0 [pid 357] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 356] <... futex resumed>) = ? [pid 357] +++ killed by SIGBUS +++ [pid 356] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=356, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 26.202141][ T357] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.233608][ T358] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-357: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 362 ./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x55558a0de6a0, 24) = 0 executing program [pid 362] chdir("./13") = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 362] write(3, "1000", 4) = 4 [pid 362] close(3) = 0 [pid 362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 362] write(1, "executing program\n", 18) = 18 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 362] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[363]}, 88) = 363 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 363] memfd_create("syzkaller", 0) = 5 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 363] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 363] munmap(0x7f694498e000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 363] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 363] close(5) = 0 [pid 363] close(6) = 0 [pid 363] mkdir("./file0", 0777) = 0 [pid 363] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 363] chdir("./file0") = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 363] ioctl(6, LOOP_CLR_FD) = 0 [pid 363] close(6) = 0 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [pid 363] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [pid 363] write(6, "#! ./file1\n", 11) = 11 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [pid 363] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 363] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [pid 363] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 362] <... futex resumed>) = ? [pid 363] +++ killed by SIGBUS +++ [pid 362] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=362, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 26.382114][ T363] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.409962][ T363] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 368 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 368] chdir("./14") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 368] write(1, "executing program\n", 18executing program ) = 18 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 368] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[369]}, 88) = 369 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 369] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 369] memfd_create("syzkaller", 0) = 5 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 369] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 369] munmap(0x7f694498e000, 138412032) = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 369] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 369] close(5) = 0 [pid 369] close(6) = 0 [pid 369] mkdir("./file0", 0777) = 0 [pid 369] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 369] chdir("./file0") = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 369] ioctl(6, LOOP_CLR_FD) = 0 [pid 369] close(6) = 0 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 369] <... futex resumed>) = 1 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] <... openat resumed>) = 6 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] write(6, "#! ./file1\n", 11 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] <... write resumed>) = 11 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] <... futex resumed>) = 1 [pid 369] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 369] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] <... futex resumed>) = 1 [ 26.579057][ T369] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 369] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 368] <... futex resumed>) = ? [pid 369] +++ killed by SIGBUS +++ [pid 368] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=368, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 26.617181][ T370] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-369: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 374 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 374] chdir("./15") = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 374] write(1, "executing program\n", 18) = 18 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 374] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[375]}, 88) = 375 [pid 374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 375] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 375] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 374] <... futex resumed>) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ERR [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 375] <... futex resumed>) = 1 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR [pid 374] <... futex resumed>) = 0 [pid 375] <... ioctl resumed>, 0x200000000240) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_KICK [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] <... ioctl resumed>, 0x200000000000) = 0 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 375] <... futex resumed>) = 1 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... ioctl resumed>, 0x200000000140) = 0 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 375] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 375] memfd_create("syzkaller", 0) = 5 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 375] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 375] munmap(0x7f694498e000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 375] close(5) = 0 [pid 375] close(6) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_CLR_FD) = 0 [pid 375] close(6) = 0 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... openat resumed>) = 6 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] write(6, "#! ./file1\n", 11) = 11 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 375] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 26.722155][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 374] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 374] <... futex resumed>) = ? [pid 375] +++ killed by SIGBUS +++ [pid 374] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=374, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 26.764335][ T375] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 380] chdir("./16") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] write(1, "executing program\n", 18executing program ) = 18 [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 380] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 380] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 380] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x7f694cdae9a0, 24 [pid 380] <... clone3 resumed> => {parent_tid=[381]}, 88) = 381 [pid 381] <... set_robust_list resumed>) = 0 [pid 380] rt_sigprocmask(SIG_SETMASK, [], [pid 381] rt_sigprocmask(SIG_SETMASK, [], [pid 380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] <... futex resumed>) = 0 [pid 381] ioctl(3, VHOST_SET_OWNER [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... ioctl resumed>, 0) = 0 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] <... futex resumed>) = 0 [pid 381] ioctl(3, VHOST_SET_VRING_ADDR [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... ioctl resumed>, 0x200000000300) = 0 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] <... futex resumed>) = 0 [pid 381] ioctl(3, VHOST_SET_MEM_TABLE [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... ioctl resumed>, 0x200000003380) = 0 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] <... futex resumed>) = 0 [pid 381] eventfd2(118, EFD_SEMAPHORE [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... eventfd2 resumed>) = 4 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] <... futex resumed>) = 0 [pid 381] ioctl(3, VHOST_SET_VRING_ERR [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] <... futex resumed>) = 0 [pid 381] ioctl(3, VHOST_SET_VRING_ADDR [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... ioctl resumed>, 0x200000000240) = 0 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] <... futex resumed>) = 0 [pid 381] ioctl(3, VHOST_SET_VRING_KICK [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... ioctl resumed>, 0x200000000000) = 0 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 381] memfd_create("syzkaller", 0) = 5 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 381] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 381] munmap(0x7f694498e000, 138412032) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 381] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 381] close(5) = 0 [pid 381] close(6) = 0 [pid 381] mkdir("./file0", 0777) = 0 [pid 381] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 381] chdir("./file0") = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 381] ioctl(6, LOOP_CLR_FD) = 0 [pid 381] close(6) = 0 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... openat resumed>) = 6 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] write(6, "#! ./file1\n", 11 [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... write resumed>) = 11 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 381] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... futex resumed>) = 0 [ 26.902285][ T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 380] <... futex resumed>) = ? [pid 381] +++ killed by SIGBUS +++ [pid 380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 26.939707][ T382] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-381: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 386 ./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 386] chdir("./17") = 0 [pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 386] setpgid(0, 0) = 0 [pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 386] write(3, "1000", 4) = 4 [pid 386] close(3) = 0 [pid 386] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 386] write(1, "executing program\n", 18) = 18 [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 386] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] <... clone3 resumed> => {parent_tid=[387]}, 88) = 387 [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] ioctl(3, VHOST_SET_OWNER [pid 386] <... futex resumed>) = 1 [pid 387] <... ioctl resumed>, 0) = 0 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 386] <... futex resumed>) = 1 [pid 387] memfd_create("syzkaller", 0) = 5 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 387] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 387] <... write resumed>) = 1048576 [pid 387] munmap(0x7f694498e000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 387] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 387] close(5) = 0 [pid 387] close(6) = 0 [pid 387] mkdir("./file0", 0777) = 0 [pid 387] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 387] chdir("./file0") = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 387] ioctl(6, LOOP_CLR_FD) = 0 [pid 387] close(6) = 0 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = 0 [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... futex resumed>) = 1 [pid 387] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = 0 [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... futex resumed>) = 1 [pid 387] write(6, "#! ./file1\n", 11) = 11 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = 0 [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... futex resumed>) = 1 [pid 387] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 387] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = 0 [pid 386] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... futex resumed>) = 1 [pid 387] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 386] <... futex resumed>) = ? [pid 387] +++ killed by SIGBUS +++ [pid 386] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=386, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 27.112054][ T387] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.139015][ T387] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 392 ./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 392] chdir("./18") = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 392] write(1, "executing program\n", 18executing program ) = 18 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 392] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 393 attached => {parent_tid=[393]}, 88) = 393 [pid 393] set_robust_list(0x7f694cdae9a0, 24 [pid 392] rt_sigprocmask(SIG_SETMASK, [], [pid 393] <... set_robust_list resumed>) = 0 [pid 392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 393] rt_sigprocmask(SIG_SETMASK, [], [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 393] <... futex resumed>) = 1 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] ioctl(3, VHOST_SET_OWNER [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... ioctl resumed>, 0) = 0 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] eventfd2(118, EFD_SEMAPHORE [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... eventfd2 resumed>) = 4 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 393] memfd_create("syzkaller", 0) = 5 [pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 393] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 393] munmap(0x7f694498e000, 138412032) = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 393] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 393] close(5) = 0 [pid 393] close(6) = 0 [pid 393] mkdir("./file0", 0777) = 0 [pid 393] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 393] chdir("./file0") = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 393] ioctl(6, LOOP_CLR_FD) = 0 [pid 393] close(6) = 0 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] write(6, "#! ./file1\n", 11) = 11 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 393] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... mmap resumed>) = 0x200000000000 [pid 393] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 392] <... futex resumed>) = ? [pid 393] +++ killed by SIGBUS +++ [pid 392] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=392, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 27.262306][ T393] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.293643][ T394] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-393: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 398 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x55558a0de6a0, 24) = 0 executing program [pid 398] chdir("./19") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 398] write(1, "executing program\n", 18) = 18 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 398] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[399]}, 88) = 399 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 399] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] memfd_create("syzkaller", 0) = 5 [pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 399] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 399] munmap(0x7f694498e000, 138412032) = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 399] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 399] close(5) = 0 [pid 399] close(6) = 0 [pid 399] mkdir("./file0", 0777) = 0 [pid 399] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 399] chdir("./file0") = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 399] ioctl(6, LOOP_CLR_FD) = 0 [pid 399] close(6) = 0 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] write(6, "#! ./file1\n", 11) = 11 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] <... futex resumed>) = 0 [pid 399] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 399] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 398] <... futex resumed>) = ? [pid 399] +++ killed by SIGBUS +++ [pid 398] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=398, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 27.404026][ T399] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.435497][ T400] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-399: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 404] chdir("./20") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] write(1, "executing program\n", 18executing program ) = 18 [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 404] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] <... clone3 resumed> => {parent_tid=[405]}, 88) = 405 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 405] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 405] ioctl(3, VHOST_SET_OWNER [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... ioctl resumed>, 0) = 0 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 404] <... futex resumed>) = 1 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 405] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 405] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 404] <... futex resumed>) = 1 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 405] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 404] <... futex resumed>) = 1 [pid 405] memfd_create("syzkaller", 0) = 5 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 405] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 405] <... write resumed>) = 1048576 [pid 405] munmap(0x7f694498e000, 138412032) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 405] close(5) = 0 [pid 405] close(6) = 0 [pid 405] mkdir("./file0", 0777) = 0 [pid 405] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 405] chdir("./file0") = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_CLR_FD) = 0 [pid 405] close(6) = 0 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] write(6, "#! ./file1\n", 11) = 11 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 405] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 404] <... futex resumed>) = ? [pid 405] +++ killed by SIGBUS +++ [pid 404] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=404, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 27.722109][ T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.751736][ T405] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 410 ./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 410] chdir("./21") = 0 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] setpgid(0, 0) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3) = 0 [pid 410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 410] write(1, "executing program\n", 18executing program ) = 18 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 410] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 411 attached => {parent_tid=[411]}, 88) = 411 [pid 411] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 411] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 410] <... futex resumed>) = 1 [pid 411] ioctl(3, VHOST_SET_VRING_ADDR [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... ioctl resumed>, 0x200000000300) = 0 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 410] <... futex resumed>) = 0 [pid 411] ioctl(3, VHOST_SET_MEM_TABLE [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... ioctl resumed>, 0x200000003380) = 0 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 411] eventfd2(118, EFD_SEMAPHORE [pid 410] <... futex resumed>) = 0 [pid 411] <... eventfd2 resumed>) = 4 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 410] <... futex resumed>) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 410] <... futex resumed>) = 1 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 410] <... futex resumed>) = 1 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 410] <... futex resumed>) = 1 [pid 411] memfd_create("syzkaller", 0 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 411] <... memfd_create resumed>) = 5 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 411] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 411] munmap(0x7f694498e000, 138412032) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 411] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 411] close(5) = 0 [pid 411] close(6) = 0 [pid 411] mkdir("./file0", 0777) = 0 [pid 411] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 411] chdir("./file0") = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 411] ioctl(6, LOOP_CLR_FD) = 0 [pid 411] close(6) = 0 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 411] write(6, "#! ./file1\n", 11 [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... write resumed>) = 11 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 411] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 0 [pid 411] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 410] <... futex resumed>) = ? [pid 411] +++ killed by SIGBUS +++ [pid 410] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=410, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 27.941834][ T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.971578][ T412] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-411: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 416 ./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 416] chdir("./22") = 0 [pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 416] setpgid(0, 0) = 0 [pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 416] write(3, "1000", 4) = 4 [pid 416] close(3) = 0 [pid 416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 416] write(1, "executing program\n", 18executing program ) = 18 [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 416] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] <... clone3 resumed> => {parent_tid=[417]}, 88) = 417 [pid 416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 417] <... futex resumed>) = 0 [pid 416] <... futex resumed>) = 1 [pid 417] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 417] <... futex resumed>) = 0 [pid 416] <... futex resumed>) = 1 [pid 417] memfd_create("syzkaller", 0) = 5 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 417] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 417] <... write resumed>) = 1048576 [pid 417] munmap(0x7f694498e000, 138412032) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 417] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 417] close(5) = 0 [pid 417] close(6) = 0 [pid 417] mkdir("./file0", 0777) = 0 [pid 417] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 417] chdir("./file0") = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 417] ioctl(6, LOOP_CLR_FD) = 0 [pid 417] close(6) = 0 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] write(6, "#! ./file1\n", 11) = 11 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 417] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] <... futex resumed>) = 0 [ 28.104368][ T417] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 416] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 417] <... futex resumed>) = 0 [pid 416] <... futex resumed>) = 1 [pid 416] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 416] <... futex resumed>) = ? [pid 417] +++ killed by SIGBUS +++ [pid 416] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=416, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 28.148540][ T418] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-417: bg 0: block 234: padding at end of block bitmap is not set clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 422 ./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 422] chdir("./23") = 0 [pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 422] setpgid(0, 0) = 0 [pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 422] write(3, "1000", 4) = 4 [pid 422] close(3) = 0 [pid 422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 422] write(1, "executing program\n", 18) = 18 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 422] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[423]}, 88) = 423 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] memfd_create("syzkaller", 0) = 5 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 423] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 423] munmap(0x7f694498e000, 138412032) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 423] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 423] close(5) = 0 [pid 423] close(6) = 0 [pid 423] mkdir("./file0", 0777) = 0 [pid 423] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 423] chdir("./file0") = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 423] ioctl(6, LOOP_CLR_FD) = 0 [pid 423] close(6) = 0 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] write(6, "#! ./file1\n", 11) = 11 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 423] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 422] <... futex resumed>) = ? [pid 423] +++ killed by SIGBUS +++ [pid 422] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=422, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 28.362174][ T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.391575][ T424] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-423: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 428 ./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 428] chdir("./24") = 0 [pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 428] setpgid(0, 0) = 0 [pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 428] write(3, "1000", 4) = 4 [pid 428] close(3) = 0 [pid 428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 428] write(1, "executing program\n", 18executing program ) = 18 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 428] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 429] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] <... clone3 resumed> => {parent_tid=[429]}, 88) = 429 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 429] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_ADDR [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... ioctl resumed>, 0x200000000300) = 0 [pid 428] <... futex resumed>) = 0 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] <... futex resumed>) = 0 [pid 428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] ioctl(3, VHOST_SET_MEM_TABLE [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] <... ioctl resumed>, 0x200000003380) = 0 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 429] memfd_create("syzkaller", 0) = 5 [pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 429] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 429] munmap(0x7f694498e000, 138412032) = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 429] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 429] close(5) = 0 [pid 429] close(6) = 0 [pid 429] mkdir("./file0", 0777) = 0 [pid 429] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 429] chdir("./file0") = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 429] ioctl(6, LOOP_CLR_FD) = 0 [pid 429] close(6) = 0 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] write(6, "#! ./file1\n", 11) = 11 [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 429] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] <... mmap resumed>) = 0x200000000000 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 429] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 428] <... futex resumed>) = ? [pid 429] +++ killed by SIGBUS +++ [pid 428] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=428, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 28.552213][ T429] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.583383][ T430] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-429: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 434 ./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 434] chdir("./25") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] write(1, "executing program\n", 18) = 18 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 434] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[435]}, 88) = 435 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 435] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 1 [pid 435] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 435] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 434] <... futex resumed>) = 1 [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] <... futex resumed>) = 0 [pid 435] ioctl(3, VHOST_SET_MEM_TABLE [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... ioctl resumed>, 0x200000003380) = 0 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 435] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 434] <... futex resumed>) = 1 [pid 435] eventfd2(118, EFD_SEMAPHORE [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... eventfd2 resumed>) = 4 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 435] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] <... futex resumed>) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_ERR [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 435] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 435] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] <... futex resumed>) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 434] <... futex resumed>) = 0 [pid 435] <... ioctl resumed>, 0x200000000140) = 0 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 434] <... futex resumed>) = 1 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 435] memfd_create("syzkaller", 0) = 5 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 435] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 435] munmap(0x7f694498e000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 435] close(5) = 0 [pid 435] close(6) = 0 [pid 435] mkdir("./file0", 0777) = 0 [pid 435] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_CLR_FD) = 0 [pid 435] close(6) = 0 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 1 [pid 435] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 1 [pid 435] write(6, "#! ./file1\n", 11) = 11 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 435] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] <... futex resumed>) = 0 [pid 435] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... mmap resumed>) = 0x200000000000 [pid 435] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 1 [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 434] <... futex resumed>) = ? [pid 435] +++ killed by SIGBUS +++ [pid 434] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=434, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 28.712186][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.739670][ T436] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-435: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 440 ./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 440] chdir("./26") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 440] write(1, "executing program\n", 18) = 18 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 440] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[441]}, 88) = 441 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] memfd_create("syzkaller", 0) = 5 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 441] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 441] munmap(0x7f694498e000, 138412032) = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 441] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 441] close(5) = 0 [pid 441] close(6) = 0 [pid 441] mkdir("./file0", 0777) = 0 [pid 441] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 441] chdir("./file0") = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 441] ioctl(6, LOOP_CLR_FD) = 0 [pid 441] close(6) = 0 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] write(6, "#! ./file1\n", 11) = 11 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 441] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 441] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 0 [pid 441] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 440] <... futex resumed>) = ? [pid 441] +++ killed by SIGBUS +++ [pid 440] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=440, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 28.972023][ T441] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.005866][ T442] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-441: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 446 ./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 446] chdir("./27") = 0 [pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 446] setpgid(0, 0) = 0 [pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 446] write(3, "1000", 4) = 4 [pid 446] close(3) = 0 [pid 446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 446] write(1, "executing program\n", 18executing program ) = 18 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 446] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 447 attached => {parent_tid=[447]}, 88) = 447 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 447] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 447] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 447] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 447] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 447] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 447] eventfd2(118, EFD_SEMAPHORE [pid 446] <... futex resumed>) = 0 [pid 447] <... eventfd2 resumed>) = 4 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 447] ioctl(3, VHOST_SET_VRING_ERR [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 447] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 447] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 447] ioctl(3, VHOST_SET_VRING_KICK [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... ioctl resumed>, 0x200000000000) = 0 [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 447] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 447] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 447] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 447] memfd_create("syzkaller", 0) = 5 [pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 447] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 447] munmap(0x7f694498e000, 138412032) = 0 [pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 447] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 447] close(5) = 0 [pid 447] close(6) = 0 [pid 447] mkdir("./file0", 0777) = 0 [pid 447] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 447] chdir("./file0") = 0 [pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 447] ioctl(6, LOOP_CLR_FD) = 0 [pid 447] close(6) = 0 [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] write(6, "#! ./file1\n", 11) = 11 [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 447] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 446] <... futex resumed>) = ? [pid 447] +++ killed by SIGBUS +++ [pid 446] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=446, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 29.132215][ T447] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.154994][ T447] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 452 ./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 452] chdir("./28") = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 452] setpgid(0, 0) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 452] write(3, "1000", 4) = 4 [pid 452] close(3) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 452] write(1, "executing program\n", 18) = 18 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 452] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 452] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[453]}, 88) = 453 [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 453] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] memfd_create("syzkaller", 0) = 5 [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 453] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 453] munmap(0x7f694498e000, 138412032) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 453] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 453] close(5) = 0 [pid 453] close(6) = 0 [pid 453] mkdir("./file0", 0777) = 0 [pid 453] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 453] chdir("./file0") = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 453] ioctl(6, LOOP_CLR_FD) = 0 [pid 453] close(6) = 0 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 0 [pid 453] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] write(6, "#! ./file1\n", 11 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... write resumed>) = 11 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 453] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... mmap resumed>) = 0x200000000000 [pid 453] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 452] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 452] <... futex resumed>) = 1 [pid 452] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 452] <... futex resumed>) = ? [pid 453] +++ killed by SIGBUS +++ [pid 452] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=452, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 29.292276][ T453] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.323602][ T454] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-453: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 458 ./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 458] chdir("./29") = 0 [pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 458] setpgid(0, 0) = 0 [pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 458] write(3, "1000", 4) = 4 [pid 458] close(3) = 0 [pid 458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 458] write(1, "executing program\n", 18executing program ) = 18 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 458] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 458] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 458] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x7f694cdae9a0, 24 [pid 458] <... clone3 resumed> => {parent_tid=[459]}, 88) = 459 [pid 459] <... set_robust_list resumed>) = 0 [pid 459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 459] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] <... futex resumed>) = 0 [pid 459] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] <... futex resumed>) = 0 [pid 459] ioctl(3, VHOST_SET_OWNER [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... ioctl resumed>, 0) = 0 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 459] memfd_create("syzkaller", 0) = 5 [pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 459] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 459] munmap(0x7f694498e000, 138412032) = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 459] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 459] close(5) = 0 [pid 459] close(6) = 0 [pid 459] mkdir("./file0", 0777) = 0 [pid 459] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 459] chdir("./file0") = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 459] ioctl(6, LOOP_CLR_FD) = 0 [pid 459] close(6) = 0 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 1 [pid 459] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 1 [pid 459] write(6, "#! ./file1\n", 11) = 11 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 1 [pid 459] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 459] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 1 [pid 459] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 458] <... futex resumed>) = ? [pid 459] +++ killed by SIGBUS +++ [pid 458] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=458, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 29.452222][ T459] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.477332][ T459] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 464 ./strace-static-x86_64: Process 464 attached [pid 464] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 464] chdir("./30") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] write(1, "executing program\n", 18executing program ) = 18 [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 464] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 464] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] <... clone3 resumed> => {parent_tid=[465]}, 88) = 465 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 0 [pid 464] <... futex resumed>) = 1 [pid 465] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 0 [pid 464] <... futex resumed>) = 1 [pid 465] memfd_create("syzkaller", 0) = 5 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 465] <... write resumed>) = 1048576 [pid 465] munmap(0x7f694498e000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 465] close(5) = 0 [pid 465] close(6) = 0 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] close(6) = 0 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] write(6, "#! ./file1\n", 11) = 11 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 465] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 0 [ 29.662251][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 464] <... futex resumed>) = ? [pid 465] +++ killed by SIGBUS +++ [pid 464] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=464, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 29.705310][ T466] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-465: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 470 ./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 470] chdir("./31") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 470] write(1, "executing program\n", 18executing program ) = 18 [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 470] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... clone3 resumed> => {parent_tid=[471]}, 88) = 471 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] ioctl(3, VHOST_SET_OWNER [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... ioctl resumed>, 0) = 0 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_ADDR [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... ioctl resumed>, 0x200000000300) = 0 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] ioctl(3, VHOST_SET_MEM_TABLE [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... ioctl resumed>, 0x200000003380) = 0 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = 1 [pid 471] memfd_create("syzkaller", 0 [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 471] <... memfd_create resumed>) = 5 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 471] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 471] munmap(0x7f694498e000, 138412032) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 471] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 471] close(5) = 0 [pid 471] close(6) = 0 [pid 471] mkdir("./file0", 0777) = 0 [pid 471] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 471] chdir("./file0") = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 471] ioctl(6, LOOP_CLR_FD) = 0 [pid 471] close(6) = 0 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] write(6, "#! ./file1\n", 11) = 11 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 471] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 470] <... futex resumed>) = ? [pid 471] +++ killed by SIGBUS +++ [pid 470] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=470, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 29.912262][ T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.937373][ T471] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 476 ./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 476] chdir("./32") = 0 [pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 476] setpgid(0, 0) = 0 [pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 476] write(3, "1000", 4) = 4 [pid 476] close(3) = 0 [pid 476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 476] write(1, "executing program\n", 18executing program ) = 18 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 476] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... clone3 resumed> => {parent_tid=[477]}, 88) = 477 [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 477] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... openat resumed>) = 3 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 477] ioctl(3, VHOST_SET_OWNER [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... ioctl resumed>, 0) = 0 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 477] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 477] ioctl(3, VHOST_SET_MEM_TABLE [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... ioctl resumed>, 0x200000003380) = 0 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 477] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 477] ioctl(3, VHOST_SET_VRING_ADDR [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... ioctl resumed>, 0x200000000240) = 0 [pid 476] <... futex resumed>) = 0 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] ioctl(3, VHOST_SET_VRING_KICK [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... ioctl resumed>, 0x200000000000) = 0 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 477] memfd_create("syzkaller", 0) = 5 [pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 477] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 477] munmap(0x7f694498e000, 138412032) = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 477] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 477] close(5) = 0 [pid 477] close(6) = 0 [pid 477] mkdir("./file0", 0777) = 0 [pid 477] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 477] chdir("./file0") = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 477] ioctl(6, LOOP_CLR_FD) = 0 [pid 477] close(6) = 0 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 0 [pid 477] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] write(6, "#! ./file1\n", 11) = 11 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 477] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 0 [pid 477] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 476] <... futex resumed>) = ? [pid 477] +++ killed by SIGBUS +++ [pid 476] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=476, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 30.052350][ T477] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.083335][ T478] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-477: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 482 ./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 482] chdir("./33") = 0 [pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 482] setpgid(0, 0) = 0 [pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 482] write(3, "1000", 4) = 4 [pid 482] close(3) = 0 [pid 482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 482] write(1, "executing program\n", 18) = 18 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 482] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[483]}, 88) = 483 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] memfd_create("syzkaller", 0) = 5 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 483] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 483] munmap(0x7f694498e000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 483] close(5) = 0 [pid 483] close(6) = 0 [pid 483] mkdir("./file0", 0777) = 0 [pid 483] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 483] chdir("./file0") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_CLR_FD) = 0 [pid 483] close(6) = 0 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] write(6, "#! ./file1\n", 11) = 11 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 483] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 482] <... futex resumed>) = ? [pid 483] +++ killed by SIGBUS +++ [pid 482] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=482, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 30.223060][ T483] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.254060][ T484] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-483: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 488 attached , child_tidptr=0x55558a0de690) = 488 [pid 488] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 488] chdir("./34") = 0 [pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 488] setpgid(0, 0) = 0 [pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 488] write(3, "1000", 4) = 4 [pid 488] close(3) = 0 [pid 488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 488] write(1, "executing program\n", 18executing program ) = 18 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 488] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 489 attached => {parent_tid=[489]}, 88) = 489 [pid 489] set_robust_list(0x7f694cdae9a0, 24 [pid 488] rt_sigprocmask(SIG_SETMASK, [], [pid 489] <... set_robust_list resumed>) = 0 [pid 488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 489] rt_sigprocmask(SIG_SETMASK, [], [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 489] <... futex resumed>) = 1 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 489] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 489] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 489] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 489] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 489] memfd_create("syzkaller", 0) = 5 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 489] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 489] munmap(0x7f694498e000, 138412032) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 489] close(5) = 0 [pid 489] close(6) = 0 [pid 489] mkdir("./file0", 0777) = 0 [pid 489] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 489] chdir("./file0") = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_CLR_FD) = 0 [pid 489] close(6) = 0 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 1 [pid 489] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 1 [pid 489] write(6, "#! ./file1\n", 11) = 11 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 1 [pid 489] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 489] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 1 [ 30.412163][ T489] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 489] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 488] <... futex resumed>) = ? [pid 489] +++ killed by SIGBUS +++ [pid 488] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=488, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 30.452954][ T489] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 494 ./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 494] chdir("./35") = 0 [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 494] setpgid(0, 0) = 0 [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 494] write(3, "1000", 4) = 4 [pid 494] close(3) = 0 [pid 494] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 494] write(1, "executing program\n", 18) = 18 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 494] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[495]}, 88) = 495 [pid 494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 495] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 495] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] eventfd2(118, EFD_SEMAPHORE [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... eventfd2 resumed>) = 4 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_KICK [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... ioctl resumed>, 0x200000000000) = 0 [pid 494] <... futex resumed>) = 0 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 0 [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... ioctl resumed>, 0x200000000140) = 0 [pid 494] <... futex resumed>) = 0 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 0 [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] memfd_create("syzkaller", 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... memfd_create resumed>) = 5 [pid 494] <... futex resumed>) = 0 [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 495] <... mmap resumed>) = 0x7f694498e000 [pid 495] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 495] munmap(0x7f694498e000, 138412032) = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 495] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 495] close(5) = 0 [pid 495] close(6) = 0 [pid 495] mkdir("./file0", 0777) = 0 [pid 495] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 495] chdir("./file0") = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 495] ioctl(6, LOOP_CLR_FD) = 0 [pid 495] close(6) = 0 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] write(6, "#! ./file1\n", 11) = 11 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 495] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 494] <... futex resumed>) = ? [pid 495] +++ killed by SIGBUS +++ [pid 494] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=494, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 30.642224][ T495] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.669645][ T495] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 500 ./strace-static-x86_64: Process 500 attached [pid 500] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 500] chdir("./36") = 0 [pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 500] setpgid(0, 0) = 0 [pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 500] write(3, "1000", 4) = 4 [pid 500] close(3) = 0 [pid 500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 500] write(1, "executing program\n", 18executing program ) = 18 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 500] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 500] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 500] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 501 attached [pid 501] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] <... clone3 resumed> => {parent_tid=[501]}, 88) = 501 [pid 500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 500] <... futex resumed>) = 1 [pid 501] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... openat resumed>) = 3 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] ioctl(3, VHOST_SET_OWNER [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... ioctl resumed>, 0) = 0 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 500] <... futex resumed>) = 1 [pid 501] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 500] <... futex resumed>) = 1 [pid 501] eventfd2(118, EFD_SEMAPHORE [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... eventfd2 resumed>) = 4 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 500] <... futex resumed>) = 1 [pid 501] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] ioctl(3, VHOST_SET_VRING_ADDR [pid 500] <... futex resumed>) = 0 [pid 501] <... ioctl resumed>, 0x200000000240) = 0 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 500] <... futex resumed>) = 1 [pid 501] ioctl(3, VHOST_SET_VRING_KICK [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... ioctl resumed>, 0x200000000000) = 0 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 500] <... futex resumed>) = 1 [pid 501] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... ioctl resumed>, 0x200000000140) = 0 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 500] <... futex resumed>) = 1 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 501] memfd_create("syzkaller", 0) = 5 [pid 501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 501] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 501] munmap(0x7f694498e000, 138412032) = 0 [pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 501] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 501] close(5) = 0 [pid 501] close(6) = 0 [pid 501] mkdir("./file0", 0777) = 0 [pid 501] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 501] chdir("./file0") = 0 [pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 501] ioctl(6, LOOP_CLR_FD) = 0 [pid 501] close(6) = 0 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 501] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 501] write(6, "#! ./file1\n", 11) = 11 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 501] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 501] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 501] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 500] <... futex resumed>) = ? [pid 501] +++ killed by SIGBUS +++ [pid 500] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=500, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 30.822474][ T501] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.851581][ T502] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-501: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 506 ./strace-static-x86_64: Process 506 attached [pid 506] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 506] chdir("./37") = 0 [pid 506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 506] setpgid(0, 0) = 0 [pid 506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 506] write(3, "1000", 4) = 4 [pid 506] close(3) = 0 [pid 506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 506] write(1, "executing program\n", 18) = 18 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 506] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[507]}, 88) = 507 [pid 506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 507 attached [pid 507] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 507] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 506] <... futex resumed>) = 0 [pid 507] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 507] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 506] <... futex resumed>) = 1 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 0 [pid 507] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 507] memfd_create("syzkaller", 0) = 5 [pid 507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 507] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 507] munmap(0x7f694498e000, 138412032) = 0 [pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 507] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 507] close(5) = 0 [pid 507] close(6) = 0 [pid 507] mkdir("./file0", 0777) = 0 [pid 507] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 507] chdir("./file0") = 0 [pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 507] ioctl(6, LOOP_CLR_FD) = 0 [pid 507] close(6) = 0 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] write(6, "#! ./file1\n", 11) = 11 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 507] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 506] <... futex resumed>) = ? [pid 507] +++ killed by SIGBUS +++ [pid 506] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=506, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 31.022197][ T507] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.047145][ T507] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 512 attached , child_tidptr=0x55558a0de690) = 512 [pid 512] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 512] chdir("./38") = 0 [pid 512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 512] setpgid(0, 0) = 0 [pid 512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 512] write(3, "1000", 4) = 4 [pid 512] close(3) = 0 [pid 512] symlink("/dev/binderfs", "./binderfs") = 0 [pid 512] write(1, "executing program\n", 18executing program ) = 18 [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 512] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 512] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 512] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 513 attached => {parent_tid=[513]}, 88) = 513 [pid 513] set_robust_list(0x7f694cdae9a0, 24 [pid 512] rt_sigprocmask(SIG_SETMASK, [], [pid 513] <... set_robust_list resumed>) = 0 [pid 512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 513] rt_sigprocmask(SIG_SETMASK, [], [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = 1 [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] ioctl(3, VHOST_SET_OWNER [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... ioctl resumed>, 0) = 0 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 513] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 0 [pid 513] ioctl(3, VHOST_SET_MEM_TABLE [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... ioctl resumed>, 0x200000003380) = 0 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 513] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 0 [pid 513] eventfd2(118, EFD_SEMAPHORE [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... eventfd2 resumed>) = 4 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 513] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 0 [pid 513] ioctl(3, VHOST_SET_VRING_ERR [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 513] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 0 [pid 513] ioctl(3, VHOST_SET_VRING_ADDR [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... ioctl resumed>, 0x200000000240) = 0 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 513] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 0 [pid 513] ioctl(3, VHOST_SET_VRING_KICK [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... ioctl resumed>, 0x200000000000) = 0 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 513] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 0 [pid 513] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... ioctl resumed>, 0x200000000140) = 0 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 513] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 513] memfd_create("syzkaller", 0) = 5 [pid 513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 513] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 513] munmap(0x7f694498e000, 138412032) = 0 [pid 513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 513] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 513] close(5) = 0 [pid 513] close(6) = 0 [pid 513] mkdir("./file0", 0777) = 0 [pid 513] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 513] chdir("./file0") = 0 [pid 513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 513] ioctl(6, LOOP_CLR_FD) = 0 [pid 513] close(6) = 0 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] write(6, "#! ./file1\n", 11) = 11 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 513] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 512] <... futex resumed>) = ? [pid 513] +++ killed by SIGBUS +++ [pid 512] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=512, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 31.172298][ T513] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.202066][ T514] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-513: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 518 ./strace-static-x86_64: Process 518 attached [pid 518] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 518] chdir("./39") = 0 [pid 518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 518] setpgid(0, 0) = 0 [pid 518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 518] write(3, "1000", 4) = 4 [pid 518] close(3) = 0 [pid 518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 518] write(1, "executing program\n", 18executing program ) = 18 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 518] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 518] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 519 attached => {parent_tid=[519]}, 88) = 519 [pid 518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 519] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 519] memfd_create("syzkaller", 0) = 5 [pid 519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 519] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 519] munmap(0x7f694498e000, 138412032) = 0 [pid 519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 519] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 519] close(5) = 0 [pid 519] close(6) = 0 [pid 519] mkdir("./file0", 0777) = 0 [pid 519] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 519] chdir("./file0") = 0 [pid 519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 519] ioctl(6, LOOP_CLR_FD) = 0 [pid 519] close(6) = 0 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] write(6, "#! ./file1\n", 11) = 11 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 519] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... futex resumed>) = 0 [pid 518] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 518] <... futex resumed>) = ? [pid 519] +++ killed by SIGBUS +++ [pid 518] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=518, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 31.309529][ T519] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.338171][ T520] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-519: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 524 ./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 524] chdir("./40") = 0 [pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 524] setpgid(0, 0) = 0 [pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 524] write(3, "1000", 4) = 4 [pid 524] close(3) = 0 [pid 524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 524] write(1, "executing program\n", 18) = 18 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 524] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[525]}, 88) = 525 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 525] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 525] memfd_create("syzkaller", 0) = 5 [pid 525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 525] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 525] munmap(0x7f694498e000, 138412032) = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 525] close(5) = 0 [pid 525] close(6) = 0 [pid 525] mkdir("./file0", 0777) = 0 [pid 525] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 525] chdir("./file0") = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_CLR_FD) = 0 [pid 525] close(6) = 0 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] write(6, "#! ./file1\n", 11) = 11 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 525] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 31.442227][ T525] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 524] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 524] <... futex resumed>) = ? [pid 525] +++ killed by SIGBUS +++ [pid 524] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=524, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 31.482982][ T525] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 530 ./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 530] chdir("./41") = 0 [pid 530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 530] setpgid(0, 0) = 0 [pid 530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 530] write(3, "1000", 4) = 4 [pid 530] close(3) = 0 [pid 530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 530] write(1, "executing program\n", 18executing program ) = 18 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 530] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 530] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 530] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 531 attached => {parent_tid=[531]}, 88) = 531 [pid 531] set_robust_list(0x7f694cdae9a0, 24 [pid 530] rt_sigprocmask(SIG_SETMASK, [], [pid 531] <... set_robust_list resumed>) = 0 [pid 530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 531] rt_sigprocmask(SIG_SETMASK, [], [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 531] eventfd2(118, EFD_SEMAPHORE [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... eventfd2 resumed>) = 4 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 531] ioctl(3, VHOST_SET_VRING_KICK [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... ioctl resumed>, 0x200000000000) = 0 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 531] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 0 [pid 531] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 531] memfd_create("syzkaller", 0) = 5 [pid 531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 531] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 531] munmap(0x7f694498e000, 138412032) = 0 [pid 531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 531] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 531] close(5) = 0 [pid 531] close(6) = 0 [pid 531] mkdir("./file0", 0777) = 0 [pid 531] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 531] chdir("./file0") = 0 [pid 531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 531] ioctl(6, LOOP_CLR_FD) = 0 [pid 531] close(6) = 0 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] write(6, "#! ./file1\n", 11) = 11 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 531] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 530] <... futex resumed>) = ? [pid 531] +++ killed by SIGBUS +++ [pid 530] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=530, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 31.662045][ T531] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.684717][ T531] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 536 ./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 536] chdir("./42") = 0 [pid 536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 536] setpgid(0, 0) = 0 [pid 536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 536] write(3, "1000", 4) = 4 [pid 536] close(3) = 0 [pid 536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 536] write(1, "executing program\n", 18) = 18 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 536] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[537]}, 88) = 537 [pid 536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 537 attached [pid 537] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 537] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [pid 537] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 537] memfd_create("syzkaller", 0) = 5 [pid 537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 537] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 537] munmap(0x7f694498e000, 138412032) = 0 [pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 537] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 537] close(5) = 0 [pid 537] close(6) = 0 [pid 537] mkdir("./file0", 0777) = 0 [pid 537] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 537] chdir("./file0") = 0 [pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 537] ioctl(6, LOOP_CLR_FD) = 0 [pid 537] close(6) = 0 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [pid 537] write(6, "#! ./file1\n", 11) = 11 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [pid 537] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 537] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [pid 537] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 536] <... futex resumed>) = ? [pid 537] +++ killed by SIGBUS +++ [pid 536] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=536, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 31.812220][ T537] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.842002][ T537] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 542 ./strace-static-x86_64: Process 542 attached [pid 542] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 542] chdir("./43") = 0 [pid 542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 542] setpgid(0, 0) = 0 [pid 542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 542] write(3, "1000", 4) = 4 [pid 542] close(3) = 0 [pid 542] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 542] write(1, "executing program\n", 18) = 18 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 542] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 543 attached => {parent_tid=[543]}, 88) = 543 [pid 543] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 542] rt_sigprocmask(SIG_SETMASK, [], [pid 543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 543] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 543] <... futex resumed>) = 0 [pid 543] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... openat resumed>) = 3 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 543] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 543] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 543] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 543] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 543] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 543] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 543] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 542] <... futex resumed>) = 1 [pid 543] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... ioctl resumed>, 0x200000000140) = 0 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 543] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 543] memfd_create("syzkaller", 0) = 5 [pid 543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 543] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 543] munmap(0x7f694498e000, 138412032) = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 543] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 543] close(5) = 0 [pid 543] close(6) = 0 [pid 543] mkdir("./file0", 0777) = 0 [pid 543] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 543] chdir("./file0") = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 543] ioctl(6, LOOP_CLR_FD) = 0 [pid 543] close(6) = 0 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... futex resumed>) = 1 [pid 543] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... futex resumed>) = 1 [pid 543] write(6, "#! ./file1\n", 11) = 11 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... futex resumed>) = 1 [pid 543] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 543] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... futex resumed>) = 1 [pid 543] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 542] <... futex resumed>) = ? [pid 543] +++ killed by SIGBUS +++ [pid 542] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=542, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 32.021805][ T543] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.046504][ T543] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 548 ./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 548] chdir("./44") = 0 [pid 548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 548] setpgid(0, 0) = 0 [pid 548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 548] write(3, "1000", 4) = 4 [pid 548] close(3) = 0 [pid 548] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 548] write(1, "executing program\n", 18) = 18 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 548] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[549]}, 88) = 549 [pid 548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 549 attached [pid 549] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 549] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] <... futex resumed>) = 1 [pid 549] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 549] eventfd2(118, EFD_SEMAPHORE [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] <... eventfd2 resumed>) = 4 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 549] ioctl(3, VHOST_SET_VRING_ADDR [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] <... ioctl resumed>, 0x200000000240) = 0 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 549] ioctl(3, VHOST_SET_VRING_KICK [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] <... ioctl resumed>, 0x200000000000) = 0 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 548] <... futex resumed>) = 0 [pid 549] <... futex resumed>) = 1 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 549] memfd_create("syzkaller", 0) = 5 [pid 549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 549] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 549] munmap(0x7f694498e000, 138412032) = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 549] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 549] close(5) = 0 [pid 549] close(6) = 0 [pid 549] mkdir("./file0", 0777) = 0 [pid 549] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 549] chdir("./file0") = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 549] ioctl(6, LOOP_CLR_FD) = 0 [pid 549] close(6) = 0 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] write(6, "#! ./file1\n", 11) = 11 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] <... futex resumed>) = 1 [pid 549] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 549] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 549] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] <... futex resumed>) = 0 [pid 549] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 548] <... futex resumed>) = ? [pid 549] +++ killed by SIGBUS +++ [pid 548] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=548, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 32.142519][ T549] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.171972][ T550] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-549: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 554 ./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 554] chdir("./45") = 0 [pid 554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 554] setpgid(0, 0) = 0 [pid 554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 554] write(3, "1000", 4) = 4 [pid 554] close(3) = 0 [pid 554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 554] write(1, "executing program\n", 18executing program ) = 18 [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 554] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 555 attached => {parent_tid=[555]}, 88) = 555 [pid 555] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = 0 [pid 554] <... futex resumed>) = 1 [pid 555] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 555] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 554] <... futex resumed>) = 0 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 554] <... futex resumed>) = 0 [pid 555] ioctl(3, VHOST_SET_VRING_KICK [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 555] <... ioctl resumed>, 0x200000000000) = 0 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] <... futex resumed>) = 0 [pid 555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 554] <... futex resumed>) = 0 [pid 555] <... ioctl resumed>, 0x200000000140) = 0 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 555] <... futex resumed>) = 0 [pid 554] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = 0 [pid 554] <... futex resumed>) = 1 [pid 555] memfd_create("syzkaller", 0 [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 555] <... memfd_create resumed>) = 5 [pid 555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 555] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 555] munmap(0x7f694498e000, 138412032) = 0 [pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 555] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 555] close(5) = 0 [pid 555] close(6) = 0 [pid 555] mkdir("./file0", 0777) = 0 [pid 555] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 555] chdir("./file0") = 0 [pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 555] ioctl(6, LOOP_CLR_FD) = 0 [pid 555] close(6) = 0 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 555] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 555] write(6, "#! ./file1\n", 11) = 11 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 32.422238][ T555] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 555] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 555] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 554] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 555] <... futex resumed>) = 0 [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 554] <... futex resumed>) = ? [pid 555] +++ killed by SIGBUS +++ [pid 554] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=554, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 32.464806][ T556] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-555: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 560 ./strace-static-x86_64: Process 560 attached [pid 560] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 560] chdir("./46") = 0 [pid 560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 560] setpgid(0, 0) = 0 [pid 560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 560] write(3, "1000", 4) = 4 [pid 560] close(3) = 0 [pid 560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 560] write(1, "executing program\n", 18executing program ) = 18 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 560] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 560] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[561]}, 88) = 561 [pid 560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 561 attached [pid 561] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 561] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] <... futex resumed>) = 1 [pid 561] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 561] memfd_create("syzkaller", 0) = 5 [pid 561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 561] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 561] munmap(0x7f694498e000, 138412032) = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 561] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 561] close(5) = 0 [pid 561] close(6) = 0 [pid 561] mkdir("./file0", 0777) = 0 [pid 561] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 561] chdir("./file0") = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 561] ioctl(6, LOOP_CLR_FD) = 0 [pid 561] close(6) = 0 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] <... futex resumed>) = 1 [pid 561] write(6, "#! ./file1\n", 11) = 11 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] <... futex resumed>) = 1 [pid 561] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 561] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 561] <... futex resumed>) = 1 [pid 561] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 560] <... futex resumed>) = ? [pid 561] +++ killed by SIGBUS +++ [pid 560] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=560, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 32.592296][ T561] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.622967][ T562] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-561: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 566 ./strace-static-x86_64: Process 566 attached [pid 566] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 566] chdir("./47") = 0 [pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 566] setpgid(0, 0) = 0 [pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 566] write(3, "1000", 4) = 4 [pid 566] close(3) = 0 [pid 566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 566] write(1, "executing program\n", 18executing program ) = 18 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 566] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 567 attached => {parent_tid=[567]}, 88) = 567 [pid 567] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 567] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] <... openat resumed>) = 3 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 567] ioctl(3, VHOST_SET_OWNER [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] <... ioctl resumed>, 0) = 0 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 567] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] <... futex resumed>) = 1 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 567] ioctl(3, VHOST_SET_MEM_TABLE [pid 566] <... futex resumed>) = 1 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] <... ioctl resumed>, 0x200000003380) = 0 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 566] <... futex resumed>) = 1 [pid 567] eventfd2(118, EFD_SEMAPHORE [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] <... eventfd2 resumed>) = 4 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 567] ioctl(3, VHOST_SET_VRING_ERR [pid 566] <... futex resumed>) = 0 [pid 567] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 567] ioctl(3, VHOST_SET_VRING_ADDR [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] <... ioctl resumed>, 0x200000000240) = 0 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 567] ioctl(3, VHOST_SET_VRING_KICK [pid 566] <... futex resumed>) = 0 [pid 567] <... ioctl resumed>, 0x200000000000) = 0 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 566] <... futex resumed>) = 1 [pid 567] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 566] <... futex resumed>) = 1 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 567] memfd_create("syzkaller", 0) = 5 [pid 567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 567] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 567] munmap(0x7f694498e000, 138412032) = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 567] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 567] close(5) = 0 [pid 567] close(6) = 0 [pid 567] mkdir("./file0", 0777) = 0 [pid 567] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 567] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 567] chdir("./file0") = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 567] ioctl(6, LOOP_CLR_FD) = 0 [pid 567] close(6) = 0 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] write(6, "#! ./file1\n", 11) = 11 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] <... mmap resumed>) = 0x200000000000 [pid 567] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 566] <... futex resumed>) = ? [pid 567] +++ killed by SIGBUS +++ [pid 566] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=566, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 32.722224][ T567] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.752478][ T568] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-567: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 572 ./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 572] chdir("./48") = 0 [pid 572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 572] setpgid(0, 0) = 0 [pid 572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 572] write(3, "1000", 4) = 4 [pid 572] close(3) = 0 [pid 572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 572] write(1, "executing program\n", 18executing program ) = 18 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 572] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 573 attached [pid 573] set_robust_list(0x7f694cdae9a0, 24 [pid 572] <... clone3 resumed> => {parent_tid=[573]}, 88) = 573 [pid 573] <... set_robust_list resumed>) = 0 [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 573] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 573] ioctl(3, VHOST_SET_OWNER [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] <... ioctl resumed>, 0) = 0 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 573] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 573] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 573] ioctl(3, VHOST_SET_VRING_ERR [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 572] <... futex resumed>) = 0 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] <... futex resumed>) = 0 [pid 572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] ioctl(3, VHOST_SET_VRING_ADDR [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... ioctl resumed>, 0x200000000240) = 0 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... futex resumed>) = 0 [pid 573] <... futex resumed>) = 0 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] <... futex resumed>) = 0 [pid 573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 572] <... futex resumed>) = 0 [pid 573] <... ioctl resumed>, 0x200000000140) = 0 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] memfd_create("syzkaller", 0 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 573] <... memfd_create resumed>) = 5 [pid 573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 573] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 573] munmap(0x7f694498e000, 138412032) = 0 [pid 573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 573] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 573] close(5) = 0 [pid 573] close(6) = 0 [pid 573] mkdir("./file0", 0777) = 0 [pid 573] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 573] chdir("./file0") = 0 [pid 573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 573] ioctl(6, LOOP_CLR_FD) = 0 [pid 573] close(6) = 0 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] <... futex resumed>) = 0 [pid 573] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] write(6, "#! ./file1\n", 11) = 11 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 573] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 573] <... futex resumed>) = 0 [pid 573] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 572] <... futex resumed>) = ? [pid 573] +++ killed by SIGBUS +++ [pid 572] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=572, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 32.882244][ T573] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.912898][ T574] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-573: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 578 ./strace-static-x86_64: Process 578 attached [pid 578] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 578] chdir("./49") = 0 [pid 578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 578] setpgid(0, 0) = 0 [pid 578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 578] write(3, "1000", 4) = 4 [pid 578] close(3) = 0 [pid 578] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 578] write(1, "executing program\n", 18) = 18 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 578] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 578] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 578] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[579]}, 88) = 579 [pid 578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 579] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... futex resumed>) = 1 [pid 579] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 579] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] ioctl(3, VHOST_SET_VRING_ADDR [pid 578] <... futex resumed>) = 0 [pid 579] <... ioctl resumed>, 0x200000000300) = 0 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] <... futex resumed>) = 0 [pid 579] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] <... futex resumed>) = 0 [pid 579] ioctl(3, VHOST_SET_MEM_TABLE [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... ioctl resumed>, 0x200000003380) = 0 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 579] <... futex resumed>) = 1 [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] eventfd2(118, EFD_SEMAPHORE [pid 578] <... futex resumed>) = 0 [pid 579] <... eventfd2 resumed>) = 4 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... futex resumed>) = 0 [pid 578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = 0 [pid 578] <... futex resumed>) = 1 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 579] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] ioctl(3, VHOST_SET_VRING_ADDR [pid 578] <... futex resumed>) = 0 [pid 579] <... ioctl resumed>, 0x200000000240) = 0 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... futex resumed>) = 0 [pid 578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_KICK [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... ioctl resumed>, 0x200000000000) = 0 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... futex resumed>) = 1 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 579] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 579] <... futex resumed>) = 0 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 579] memfd_create("syzkaller", 0) = 5 [pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 579] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 579] munmap(0x7f694498e000, 138412032) = 0 [pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 579] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 579] close(5) = 0 [pid 579] close(6) = 0 [pid 579] mkdir("./file0", 0777) = 0 [pid 579] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 579] chdir("./file0") = 0 [pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 579] ioctl(6, LOOP_CLR_FD) = 0 [pid 579] close(6) = 0 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 579] <... futex resumed>) = 1 [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... openat resumed>) = 6 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] write(6, "#! ./file1\n", 11) = 11 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 579] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 579] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... futex resumed>) = 0 [pid 579] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 578] <... futex resumed>) = ? [pid 579] +++ killed by SIGBUS +++ [pid 578] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=578, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 33.032129][ T579] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.063701][ T580] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-579: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 584 ./strace-static-x86_64: Process 584 attached [pid 584] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 584] chdir("./50") = 0 [pid 584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 584] setpgid(0, 0executing program ) = 0 [pid 584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 584] write(3, "1000", 4) = 4 [pid 584] close(3) = 0 [pid 584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 584] write(1, "executing program\n", 18) = 18 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 584] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 585 attached => {parent_tid=[585]}, 88) = 585 [pid 585] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 585] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 584] <... futex resumed>) = 1 [pid 585] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... openat resumed>) = 3 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 584] <... futex resumed>) = 1 [pid 585] ioctl(3, VHOST_SET_OWNER [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... ioctl resumed>, 0) = 0 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 585] memfd_create("syzkaller", 0) = 5 [pid 585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 585] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 585] munmap(0x7f694498e000, 138412032) = 0 [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 585] close(5) = 0 [pid 585] close(6) = 0 [pid 585] mkdir("./file0", 0777) = 0 [pid 585] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 585] chdir("./file0") = 0 [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_CLR_FD) = 0 [pid 585] close(6) = 0 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... futex resumed>) = 1 [pid 585] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... futex resumed>) = 1 [pid 585] write(6, "#! ./file1\n", 11) = 11 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... futex resumed>) = 1 [pid 585] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 585] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 584] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 584] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 585] <... futex resumed>) = 1 [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 584] <... futex resumed>) = ? [pid 585] +++ killed by SIGBUS +++ [pid 584] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=584, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 33.219805][ T585] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.243211][ T585] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 590 ./strace-static-x86_64: Process 590 attached [pid 590] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 590] chdir("./51") = 0 [pid 590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 590] setpgid(0, 0) = 0 [pid 590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 590] write(3, "1000", 4) = 4 [pid 590] close(3) = 0 [pid 590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 590] write(1, "executing program\n", 18) = 18 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 590] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[591]}, 88) = 591 [pid 590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 591 attached [pid 591] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 591] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] <... futex resumed>) = 1 [pid 591] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 591] ioctl(3, VHOST_SET_VRING_ADDR [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] <... ioctl resumed>, 0x200000000300) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 591] eventfd2(118, EFD_SEMAPHORE [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] <... eventfd2 resumed>) = 4 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 591] ioctl(3, VHOST_SET_VRING_ERR [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 590] <... futex resumed>) = 0 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 591] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 591] ioctl(3, VHOST_SET_VRING_KICK [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... ioctl resumed>, 0x200000000000) = 0 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... futex resumed>) = 0 [pid 591] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 590] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] <... ioctl resumed>, 0x200000000140) = 0 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 591] <... futex resumed>) = 1 [pid 591] memfd_create("syzkaller", 0) = 5 [pid 591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 591] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 591] munmap(0x7f694498e000, 138412032) = 0 [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 591] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 591] close(5) = 0 [pid 591] close(6) = 0 [pid 591] mkdir("./file0", 0777) = 0 [pid 591] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 591] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 591] chdir("./file0") = 0 [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 591] ioctl(6, LOOP_CLR_FD) = 0 [pid 591] close(6) = 0 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 590] <... futex resumed>) = 1 [pid 591] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] <... openat resumed>) = 6 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] write(6, "#! ./file1\n", 11) = 11 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 591] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] <... futex resumed>) = 0 [pid 590] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] <... futex resumed>) = 0 [pid 591] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 590] <... futex resumed>) = ? [pid 591] +++ killed by SIGBUS +++ [pid 590] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=590, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 33.343379][ T591] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.373589][ T592] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-591: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 596 ./strace-static-x86_64: Process 596 attached [pid 596] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 596] chdir("./52") = 0 [pid 596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 596] setpgid(0, 0) = 0 [pid 596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 596] write(3, "1000", 4) = 4 [pid 596] close(3) = 0 [pid 596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 596] write(1, "executing program\n", 18) = 18 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 596] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[597]}, 88) = 597 [pid 596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 597 attached [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 597] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 597] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 597] <... futex resumed>) = 0 [pid 597] ioctl(3, VHOST_SET_OWNER [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] <... ioctl resumed>, 0) = 0 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 597] memfd_create("syzkaller", 0) = 5 [pid 597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 597] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 597] munmap(0x7f694498e000, 138412032) = 0 [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 597] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 597] close(5) = 0 [pid 597] close(6) = 0 [pid 597] mkdir("./file0", 0777) = 0 [pid 597] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 597] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 597] chdir("./file0") = 0 [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 597] ioctl(6, LOOP_CLR_FD) = 0 [pid 597] close(6) = 0 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] <... futex resumed>) = 1 [pid 597] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] <... futex resumed>) = 1 [pid 597] write(6, "#! ./file1\n", 11) = 11 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] <... futex resumed>) = 1 [pid 597] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 597] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] <... futex resumed>) = 1 [pid 597] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 596] <... futex resumed>) = ? [pid 597] +++ killed by SIGBUS +++ [pid 596] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=596, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 33.532214][ T597] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.554745][ T597] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 602 ./strace-static-x86_64: Process 602 attached [pid 602] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 602] chdir("./53") = 0 [pid 602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 602] setpgid(0, 0) = 0 [pid 602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 602] write(3, "1000", 4) = 4 [pid 602] close(3) = 0 [pid 602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 602] write(1, "executing program\n", 18executing program ) = 18 [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 602] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 602] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 603 attached [pid 603] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] <... clone3 resumed> => {parent_tid=[603]}, 88) = 603 [pid 602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] ioctl(3, VHOST_SET_OWNER [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 603] <... ioctl resumed>, 0) = 0 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 602] <... futex resumed>) = 1 [pid 603] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 602] <... futex resumed>) = 1 [pid 603] ioctl(3, VHOST_SET_VRING_KICK [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 603] <... ioctl resumed>, 0x200000000000) = 0 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] <... futex resumed>) = 0 [pid 603] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... ioctl resumed>, 0x200000000140) = 0 [pid 602] <... futex resumed>) = 0 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 603] <... futex resumed>) = 0 [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 603] memfd_create("syzkaller", 0 [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... memfd_create resumed>) = 5 [pid 602] <... futex resumed>) = 0 [pid 603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 603] <... mmap resumed>) = 0x7f694498e000 [pid 603] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 603] munmap(0x7f694498e000, 138412032) = 0 [pid 603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 603] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 603] close(5) = 0 [pid 603] close(6) = 0 [pid 603] mkdir("./file0", 0777) = 0 [pid 603] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 603] chdir("./file0") = 0 [pid 603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 603] ioctl(6, LOOP_CLR_FD) = 0 [pid 603] close(6) = 0 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] <... futex resumed>) = 0 [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 603] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] <... futex resumed>) = 0 [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 603] write(6, "#! ./file1\n", 11) = 11 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] <... futex resumed>) = 0 [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 603] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 603] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 603] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] <... futex resumed>) = 0 [pid 602] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 33.832289][ T603] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 602] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 603] <... futex resumed>) = 0 [pid 603] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 602] <... futex resumed>) = ? [pid 603] +++ killed by SIGBUS +++ [pid 602] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=602, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 33.875121][ T604] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-603: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 608 ./strace-static-x86_64: Process 608 attached [pid 608] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 608] chdir("./54") = 0 [pid 608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 608] setpgid(0, 0) = 0 [pid 608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 608] write(3, "1000", 4) = 4 [pid 608] close(3) = 0 [pid 608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 608] write(1, "executing program\n", 18) = 18 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 608] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[609]}, 88) = 609 [pid 608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 609 attached [pid 609] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 609] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] memfd_create("syzkaller", 0) = 5 [pid 609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 609] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 609] munmap(0x7f694498e000, 138412032) = 0 [pid 609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 609] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 609] close(5) = 0 [pid 609] close(6) = 0 [pid 609] mkdir("./file0", 0777) = 0 [pid 609] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 609] chdir("./file0") = 0 [pid 609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 609] ioctl(6, LOOP_CLR_FD) = 0 [pid 609] close(6) = 0 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] write(6, "#! ./file1\n", 11) = 11 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 609] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] <... futex resumed>) = 1 [pid 609] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 608] <... futex resumed>) = ? [pid 609] +++ killed by SIGBUS +++ [pid 608] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=608, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 34.166202][ T609] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.193606][ T609] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 615 ./strace-static-x86_64: Process 615 attached [pid 615] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 615] chdir("./55") = 0 [pid 615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 615] setpgid(0, 0) = 0 [pid 615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 615] write(3, "1000", 4) = 4 [pid 615] close(3) = 0 [pid 615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 615] write(1, "executing program\n", 18) = 18 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 615] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 615] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[616]}, 88) = 616 [pid 615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 616 attached [pid 616] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 616] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] memfd_create("syzkaller", 0) = 5 [pid 616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 616] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 616] munmap(0x7f694498e000, 138412032) = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 616] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 616] close(5) = 0 [pid 616] close(6) = 0 [pid 616] mkdir("./file0", 0777) = 0 [pid 616] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 616] chdir("./file0") = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 616] ioctl(6, LOOP_CLR_FD) = 0 [pid 616] close(6) = 0 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 616] <... futex resumed>) = 1 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 616] write(6, "#! ./file1\n", 11 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... write resumed>) = 11 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 616] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 616] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 0 [pid 616] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 615] <... futex resumed>) = ? [pid 616] +++ killed by SIGBUS +++ [pid 615] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=615, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 34.412038][ T616] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.443051][ T617] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-616: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 621 ./strace-static-x86_64: Process 621 attached [pid 621] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 621] chdir("./56") = 0 [pid 621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 621] setpgid(0, 0) = 0 [pid 621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 621] write(3, "1000", 4) = 4 [pid 621] close(3) = 0 [pid 621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 621] write(1, "executing program\n", 18) = 18 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 621] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[622]}, 88) = 622 [pid 621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 622 attached [pid 622] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 622] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] memfd_create("syzkaller", 0) = 5 [pid 622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 622] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 622] munmap(0x7f694498e000, 138412032) = 0 [pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 622] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 622] close(5) = 0 [pid 622] close(6) = 0 [pid 622] mkdir("./file0", 0777) = 0 [pid 622] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 622] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 622] chdir("./file0") = 0 [pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 622] ioctl(6, LOOP_CLR_FD) = 0 [pid 622] close(6) = 0 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] write(6, "#! ./file1\n", 11) = 11 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 622] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 621] <... futex resumed>) = ? [pid 622] +++ killed by SIGBUS +++ [pid 621] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=621, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 34.562193][ T622] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.592766][ T623] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-622: bg 0: block 234: padding at end of block bitmap is not set umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 627 ./strace-static-x86_64: Process 627 attached [pid 627] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 627] chdir("./57") = 0 [pid 627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 627] setpgid(0, 0) = 0 [pid 627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 627] write(3, "1000", 4) = 4 [pid 627] close(3) = 0 [pid 627] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 627] write(1, "executing program\n", 18) = 18 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 627] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[628]}, 88) = 628 [pid 627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 628 attached [pid 628] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 628] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] memfd_create("syzkaller", 0) = 5 [pid 628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 628] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 628] munmap(0x7f694498e000, 138412032) = 0 [pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 628] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 628] close(5) = 0 [pid 628] close(6) = 0 [pid 628] mkdir("./file0", 0777) = 0 [pid 628] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 628] chdir("./file0") = 0 [pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 628] ioctl(6, LOOP_CLR_FD) = 0 [pid 628] close(6) = 0 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] write(6, "#! ./file1\n", 11) = 11 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 628] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 627] <... futex resumed>) = ? [pid 628] +++ killed by SIGBUS +++ [pid 627] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=627, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 34.722831][ T628] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.747595][ T628] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 633 ./strace-static-x86_64: Process 633 attached [pid 633] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 633] chdir("./58") = 0 [pid 633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 633] setpgid(0, 0) = 0 [pid 633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 633] write(3, "1000", 4) = 4 [pid 633] close(3) = 0 [pid 633] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 633] write(1, "executing program\n", 18) = 18 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 633] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[634]}, 88) = 634 [pid 633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 634 attached [pid 634] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 634] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] memfd_create("syzkaller", 0) = 5 [pid 634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 634] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 634] munmap(0x7f694498e000, 138412032) = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 634] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 634] close(5) = 0 [pid 634] close(6) = 0 [pid 634] mkdir("./file0", 0777) = 0 [pid 634] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 634] chdir("./file0") = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 634] ioctl(6, LOOP_CLR_FD) = 0 [pid 634] close(6) = 0 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 634] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 0 [pid 634] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] write(6, "#! ./file1\n", 11 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... write resumed>) = 11 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 634] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 634] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 633] <... futex resumed>) = ? [pid 634] +++ killed by SIGBUS +++ [pid 633] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=633, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 34.892236][ T634] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.923162][ T635] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-634: bg 0: block 234: padding at end of block bitmap is not set umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 639 ./strace-static-x86_64: Process 639 attached [pid 639] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 639] chdir("./59") = 0 [pid 639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 639] setpgid(0, 0) = 0 [pid 639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 639] write(3, "1000", 4) = 4 [pid 639] close(3) = 0 [pid 639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 639] write(1, "executing program\n", 18executing program ) = 18 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 639] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 639] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 640 attached => {parent_tid=[640]}, 88) = 640 [pid 640] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 640] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] <... futex resumed>) = 0 [pid 639] <... futex resumed>) = 1 [pid 640] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... openat resumed>) = 3 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] ioctl(3, VHOST_SET_OWNER [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... ioctl resumed>, 0) = 0 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 640] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 640] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 640] memfd_create("syzkaller", 0) = 5 [pid 640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 640] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 640] munmap(0x7f694498e000, 138412032) = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 640] close(5) = 0 [pid 640] close(6) = 0 [pid 640] mkdir("./file0", 0777) = 0 [pid 640] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 640] chdir("./file0") = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_CLR_FD) = 0 [pid 640] close(6) = 0 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] write(6, "#! ./file1\n", 11) = 11 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 640] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 639] <... futex resumed>) = ? [pid 640] +++ killed by SIGBUS +++ [pid 639] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=639, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 35.102211][ T640] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.133246][ T641] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-640: bg 0: block 234: padding at end of block bitmap is not set umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 645 ./strace-static-x86_64: Process 645 attached [pid 645] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 645] chdir("./60") = 0 [pid 645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 645] setpgid(0, 0) = 0 [pid 645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 645] write(3, "1000", 4) = 4 [pid 645] close(3) = 0 [pid 645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 645] write(1, "executing program\n", 18) = 18 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 645] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[646]}, 88) = 646 [pid 645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 646 attached [pid 646] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 646] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] memfd_create("syzkaller", 0) = 5 [pid 646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 646] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 646] munmap(0x7f694498e000, 138412032) = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 646] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 646] close(5) = 0 [pid 646] close(6) = 0 [pid 646] mkdir("./file0", 0777) = 0 [pid 646] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 646] chdir("./file0") = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 646] ioctl(6, LOOP_CLR_FD) = 0 [pid 646] close(6) = 0 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] write(6, "#! ./file1\n", 11) = 11 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... mmap resumed>) = 0x200000000000 [pid 646] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 35.272939][ T646] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 646] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 645] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 0 [pid 646] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 645] <... futex resumed>) = ? [pid 646] +++ killed by SIGBUS +++ [pid 645] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=645, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 35.315773][ T647] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-646: bg 0: block 234: padding at end of block bitmap is not set umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 651 attached , child_tidptr=0x55558a0de690) = 651 [pid 651] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 651] chdir("./61") = 0 [pid 651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 651] setpgid(0, 0) = 0 [pid 651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 651] write(3, "1000", 4) = 4 [pid 651] close(3) = 0 [pid 651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 651] write(1, "executing program\n", 18executing program ) = 18 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 651] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 652 attached => {parent_tid=[652]}, 88) = 652 [pid 652] set_robust_list(0x7f694cdae9a0, 24 [pid 651] rt_sigprocmask(SIG_SETMASK, [], [pid 652] <... set_robust_list resumed>) = 0 [pid 651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 652] rt_sigprocmask(SIG_SETMASK, [], [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 652] <... futex resumed>) = 1 [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] ioctl(3, VHOST_SET_OWNER [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... ioctl resumed>, 0) = 0 [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 652] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = 1 [pid 652] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = 1 [pid 652] ioctl(3, VHOST_SET_MEM_TABLE [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... ioctl resumed>, 0x200000003380) = 0 [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] <... futex resumed>) = 0 [pid 652] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] eventfd2(118, EFD_SEMAPHORE [pid 651] <... futex resumed>) = 0 [pid 652] <... eventfd2 resumed>) = 4 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] ioctl(3, VHOST_SET_VRING_ERR [pid 651] <... futex resumed>) = 0 [pid 652] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] ioctl(3, VHOST_SET_VRING_ADDR [pid 651] <... futex resumed>) = 0 [pid 652] <... ioctl resumed>, 0x200000000240) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] ioctl(3, VHOST_SET_VRING_KICK [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... ioctl resumed>, 0x200000000000) = 0 [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 652] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 651] <... futex resumed>) = 0 [pid 652] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... ioctl resumed>, 0x200000000140) = 0 [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 652] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 652] memfd_create("syzkaller", 0) = 5 [pid 652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 652] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 652] munmap(0x7f694498e000, 138412032) = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 652] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 652] close(5) = 0 [pid 652] close(6) = 0 [pid 652] mkdir("./file0", 0777) = 0 [pid 652] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 652] chdir("./file0") = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 652] ioctl(6, LOOP_CLR_FD) = 0 [pid 652] close(6) = 0 [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 1 [pid 652] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 1 [pid 652] write(6, "#! ./file1\n", 11) = 11 [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 1 [pid 652] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 652] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 1 [pid 652] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 651] <... futex resumed>) = ? [pid 652] +++ killed by SIGBUS +++ [pid 651] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=651, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 35.442320][ T652] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.472307][ T653] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-652: bg 0: block 234: padding at end of block bitmap is not set umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 657 ./strace-static-x86_64: Process 657 attached [pid 657] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 657] chdir("./62") = 0 [pid 657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 657] setpgid(0, 0) = 0 [pid 657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 657] write(3, "1000", 4) = 4 [pid 657] close(3) = 0 [pid 657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 657] write(1, "executing program\n", 18) = 18 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 657] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 657] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[658]}, 88) = 658 [pid 657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 658 attached [pid 658] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 658] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] memfd_create("syzkaller", 0) = 5 [pid 658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 658] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 658] munmap(0x7f694498e000, 138412032) = 0 [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 658] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 658] close(5) = 0 [pid 658] close(6) = 0 [pid 658] mkdir("./file0", 0777) = 0 [pid 658] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 658] chdir("./file0") = 0 [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 658] ioctl(6, LOOP_CLR_FD) = 0 [pid 658] close(6) = 0 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] write(6, "#! ./file1\n", 11) = 11 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 658] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] <... futex resumed>) = 0 [pid 657] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 658] <... futex resumed>) = 1 [pid 658] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 657] <... futex resumed>) = ? [pid 658] +++ killed by SIGBUS +++ [pid 657] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=657, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 35.692060][ T658] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.721405][ T659] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-658: bg 0: block 234: padding at end of block bitmap is not set umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 663 ./strace-static-x86_64: Process 663 attached [pid 663] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 663] chdir("./63") = 0 [pid 663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 663] setpgid(0, 0) = 0 [pid 663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 663] write(3, "1000", 4) = 4 [pid 663] close(3) = 0 [pid 663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 663] write(1, "executing program\n", 18) = 18 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 663] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 663] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[664]}, 88) = 664 [pid 663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 664 attached [pid 664] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 664] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] memfd_create("syzkaller", 0) = 5 [pid 664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 664] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 664] munmap(0x7f694498e000, 138412032) = 0 [pid 664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 664] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 664] close(5) = 0 [pid 664] close(6) = 0 [pid 664] mkdir("./file0", 0777) = 0 [pid 664] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 664] chdir("./file0") = 0 [pid 664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 664] ioctl(6, LOOP_CLR_FD) = 0 [pid 664] close(6) = 0 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] write(6, "#! ./file1\n", 11) = 11 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 664] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... futex resumed>) = 0 [pid 663] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 663] <... futex resumed>) = ? [pid 664] +++ killed by SIGBUS +++ [pid 663] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=663, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 35.902118][ T664] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.929690][ T664] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 669 ./strace-static-x86_64: Process 669 attached [pid 669] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 669] chdir("./64") = 0 [pid 669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 669] setpgid(0, 0) = 0 [pid 669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 669] write(3, "1000", 4) = 4 [pid 669] close(3) = 0 [pid 669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 669] write(1, "executing program\n", 18executing program ) = 18 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 669] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[670]}, 88) = 670 [pid 669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 670 attached [pid 670] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 670] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] <... futex resumed>) = 1 [pid 670] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 670] <... futex resumed>) = 1 [pid 670] memfd_create("syzkaller", 0) = 5 [pid 670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 670] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 670] munmap(0x7f694498e000, 138412032) = 0 [pid 670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 670] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 670] close(5) = 0 [pid 670] close(6) = 0 [pid 670] mkdir("./file0", 0777) = 0 [pid 670] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 670] chdir("./file0") = 0 [pid 670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 670] ioctl(6, LOOP_CLR_FD) = 0 [pid 670] close(6) = 0 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 670] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] <... futex resumed>) = 0 [pid 670] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 670] write(6, "#! ./file1\n", 11 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] <... write resumed>) = 11 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 670] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] <... mmap resumed>) = 0x200000000000 [pid 670] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] <... futex resumed>) = 1 [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 669] <... futex resumed>) = ? [pid 670] +++ killed by SIGBUS +++ [pid 669] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=669, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 36.062360][ T670] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.093605][ T671] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-670: bg 0: block 234: padding at end of block bitmap is not set umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 675 attached , child_tidptr=0x55558a0de690) = 675 [pid 675] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 675] chdir("./65") = 0 [pid 675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 675] setpgid(0, 0) = 0 [pid 675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 675] write(3, "1000", 4) = 4 [pid 675] close(3) = 0 [pid 675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 675] write(1, "executing program\n", 18executing program ) = 18 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 675] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 676 attached [pid 676] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 676] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 675] <... clone3 resumed> => {parent_tid=[676]}, 88) = 676 [pid 675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 676] <... futex resumed>) = 0 [pid 675] <... futex resumed>) = 1 [pid 676] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... openat resumed>) = 3 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 0 [pid 676] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 676] memfd_create("syzkaller", 0) = 5 [pid 676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 676] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 676] munmap(0x7f694498e000, 138412032) = 0 [pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 676] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 676] close(5) = 0 [pid 676] close(6) = 0 [pid 676] mkdir("./file0", 0777) = 0 [pid 676] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 676] chdir("./file0") = 0 [pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 676] ioctl(6, LOOP_CLR_FD) = 0 [pid 676] close(6) = 0 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] write(6, "#! ./file1\n", 11) = 11 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 676] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 675] <... futex resumed>) = ? [pid 676] +++ killed by SIGBUS +++ [pid 675] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=675, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 36.222263][ T676] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.252404][ T677] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-676: bg 0: block 234: padding at end of block bitmap is not set umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 681 ./strace-static-x86_64: Process 681 attached [pid 681] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 681] chdir("./66") = 0 [pid 681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 681] setpgid(0, 0) = 0 [pid 681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 681] write(3, "1000", 4) = 4 [pid 681] close(3) = 0 [pid 681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 681] write(1, "executing program\n", 18executing program ) = 18 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 681] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 681] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 681] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 681] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 682 attached => {parent_tid=[682]}, 88) = 682 [pid 682] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 682] rt_sigprocmask(SIG_SETMASK, [], [pid 681] rt_sigprocmask(SIG_SETMASK, [], [pid 682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 682] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 682] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... futex resumed>) = 0 [pid 681] <... futex resumed>) = 1 [pid 682] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... futex resumed>) = 0 [pid 681] <... futex resumed>) = 1 [pid 682] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 682] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 682] <... futex resumed>) = 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 681] <... futex resumed>) = 0 [pid 682] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... ioctl resumed>, 0x200000000140) = 0 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 682] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] <... futex resumed>) = 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... futex resumed>) = 0 [pid 681] <... futex resumed>) = 1 [pid 682] memfd_create("syzkaller", 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 682] <... memfd_create resumed>) = 5 [pid 682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 682] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 682] munmap(0x7f694498e000, 138412032) = 0 [pid 682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 682] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 682] close(5) = 0 [pid 682] close(6) = 0 [pid 682] mkdir("./file0", 0777) = 0 [pid 682] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 682] chdir("./file0") = 0 [pid 682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 682] ioctl(6, LOOP_CLR_FD) = 0 [pid 682] close(6) = 0 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... futex resumed>) = 0 [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] <... futex resumed>) = 1 [pid 682] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... futex resumed>) = 0 [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] <... futex resumed>) = 1 [pid 682] write(6, "#! ./file1\n", 11) = 11 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... futex resumed>) = 0 [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] <... futex resumed>) = 1 [pid 682] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 682] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... futex resumed>) = 0 [pid 681] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] <... futex resumed>) = 1 [pid 682] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 681] <... futex resumed>) = ? [pid 682] +++ killed by SIGBUS +++ [pid 681] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=681, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 36.412206][ T682] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.444047][ T683] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-682: bg 0: block 234: padding at end of block bitmap is not set umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 687 ./strace-static-x86_64: Process 687 attached [pid 687] set_robust_list(0x55558a0de6a0, 24) = 0 executing program [pid 687] chdir("./67") = 0 [pid 687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 687] setpgid(0, 0) = 0 [pid 687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 687] write(3, "1000", 4) = 4 [pid 687] close(3) = 0 [pid 687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 687] write(1, "executing program\n", 18) = 18 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 687] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 687] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 687] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 688 attached => {parent_tid=[688]}, 88) = 688 [pid 687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 688] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 688] ioctl(3, VHOST_SET_VRING_KICK [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... ioctl resumed>, 0x200000000000) = 0 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 688] memfd_create("syzkaller", 0) = 5 [pid 688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 688] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 688] munmap(0x7f694498e000, 138412032) = 0 [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 688] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 688] close(5) = 0 [pid 688] close(6) = 0 [pid 688] mkdir("./file0", 0777) = 0 [pid 688] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 688] chdir("./file0") = 0 [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 688] ioctl(6, LOOP_CLR_FD) = 0 [pid 688] close(6) = 0 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] write(6, "#! ./file1\n", 11) = 11 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 688] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 687] <... futex resumed>) = 0 [pid 687] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 687] <... futex resumed>) = ? [pid 688] +++ killed by SIGBUS +++ [pid 687] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=687, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 36.579518][ T688] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.602578][ T688] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 693 ./strace-static-x86_64: Process 693 attached [pid 693] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 693] chdir("./68") = 0 [pid 693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 693] setpgid(0, 0) = 0 [pid 693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 693] write(3, "1000", 4) = 4 [pid 693] close(3) = 0 [pid 693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 693] write(1, "executing program\n", 18executing program ) = 18 [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 693] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 693] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 693] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 693] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 693] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 694 attached => {parent_tid=[694]}, 88) = 694 [pid 694] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] <... futex resumed>) = 0 [pid 694] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] <... futex resumed>) = 0 [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = 0 [pid 693] <... futex resumed>) = 1 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] <... futex resumed>) = 0 [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = 0 [pid 693] <... futex resumed>) = 1 [pid 694] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] <... futex resumed>) = 0 [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] <... futex resumed>) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = 0 [pid 693] <... futex resumed>) = 1 [pid 694] ioctl(3, VHOST_SET_VRING_KICK [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... ioctl resumed>, 0x200000000000) = 0 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] <... futex resumed>) = 0 [pid 694] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... ioctl resumed>, 0x200000000140) = 0 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 693] <... futex resumed>) = 0 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] memfd_create("syzkaller", 0 [pid 693] <... futex resumed>) = 0 [pid 694] <... memfd_create resumed>) = 5 [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 694] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 694] munmap(0x7f694498e000, 138412032) = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 694] close(5) = 0 [pid 694] close(6) = 0 [pid 694] mkdir("./file0", 0777) = 0 [pid 694] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 694] chdir("./file0") = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_CLR_FD) = 0 [pid 694] close(6) = 0 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] write(6, "#! ./file1\n", 11) = 11 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 694] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 694] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] <... futex resumed>) = 0 [pid 693] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 36.982260][ T694] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 693] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 0 [pid 694] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 693] <... futex resumed>) = ? [pid 694] +++ killed by SIGBUS +++ [pid 693] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=693, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 37.024977][ T695] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-694: bg 0: block 234: padding at end of block bitmap is not set umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 699 ./strace-static-x86_64: Process 699 attached [pid 699] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 699] chdir("./69") = 0 [pid 699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 699] setpgid(0, 0) = 0 [pid 699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 699] write(3, "1000", 4) = 4 [pid 699] close(3) = 0 [pid 699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 699] write(1, "executing program\n", 18executing program ) = 18 [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 699] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 699] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 699] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 699] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 700 attached [pid 700] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] <... clone3 resumed> => {parent_tid=[700]}, 88) = 700 [pid 699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 700] <... futex resumed>) = 0 [pid 700] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... openat resumed>) = 3 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = 0 [pid 699] <... futex resumed>) = 1 [pid 700] ioctl(3, VHOST_SET_OWNER [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... ioctl resumed>, 0) = 0 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = 0 [pid 700] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 699] <... futex resumed>) = 1 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = 0 [pid 699] <... futex resumed>) = 1 [pid 700] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = 0 [pid 699] <... futex resumed>) = 1 [pid 700] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 700] <... futex resumed>) = 0 [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = 0 [pid 699] <... futex resumed>) = 1 [pid 700] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = 0 [pid 699] <... futex resumed>) = 1 [pid 700] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = 0 [pid 699] <... futex resumed>) = 1 [pid 700] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... ioctl resumed>, 0x200000000140) = 0 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 700] memfd_create("syzkaller", 0 [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... memfd_create resumed>) = 5 [pid 699] <... futex resumed>) = 0 [pid 700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 700] <... mmap resumed>) = 0x7f694498e000 [pid 700] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 700] munmap(0x7f694498e000, 138412032) = 0 [pid 700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 700] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 700] close(5) = 0 [pid 700] close(6) = 0 [pid 700] mkdir("./file0", 0777) = 0 [pid 700] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 700] chdir("./file0") = 0 [pid 700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 700] ioctl(6, LOOP_CLR_FD) = 0 [pid 700] close(6) = 0 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] write(6, "#! ./file1\n", 11) = 11 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 700] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 700] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] <... futex resumed>) = 0 [pid 699] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 699] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... futex resumed>) = 0 [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 699] <... futex resumed>) = ? [pid 700] +++ killed by SIGBUS +++ [pid 699] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=699, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 37.292197][ T700] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.327539][ T701] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-700: bg 0: block 234: padding at end of block bitmap is not set umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 705 ./strace-static-x86_64: Process 705 attached [pid 705] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 705] chdir("./70") = 0 [pid 705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 705] setpgid(0, 0) = 0 [pid 705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 705] write(3, "1000", 4) = 4 [pid 705] close(3) = 0 [pid 705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 705] write(1, "executing program\n", 18) = 18 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 705] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[706]}, 88) = 706 [pid 705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 706 attached [pid 706] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 706] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] memfd_create("syzkaller", 0) = 5 [pid 706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 706] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 706] munmap(0x7f694498e000, 138412032) = 0 [pid 706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 706] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 706] close(5) = 0 [pid 706] close(6) = 0 [pid 706] mkdir("./file0", 0777) = 0 [pid 706] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 706] chdir("./file0") = 0 [pid 706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 706] ioctl(6, LOOP_CLR_FD) = 0 [ 37.542145][ T706] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 706] close(6) = 0 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] write(6, "#! ./file1\n", 11) = 11 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 706] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 705] <... futex resumed>) = ? [pid 706] +++ killed by SIGBUS +++ [pid 705] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=705, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 37.583082][ T707] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-706: bg 0: block 234: padding at end of block bitmap is not set umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 711 ./strace-static-x86_64: Process 711 attached [pid 711] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 711] chdir("./71") = 0 [pid 711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 711] setpgid(0, 0) = 0 [pid 711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 711] write(3, "1000", 4) = 4 [pid 711] close(3) = 0 [pid 711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 711] write(1, "executing program\n", 18executing program ) = 18 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 711] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 711] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 712 attached => {parent_tid=[712]}, 88) = 712 [pid 711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 712] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] <... futex resumed>) = 1 [pid 712] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 712] memfd_create("syzkaller", 0) = 5 [pid 712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 712] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 712] munmap(0x7f694498e000, 138412032) = 0 [pid 712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 712] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 712] close(5) = 0 [pid 712] close(6) = 0 [pid 712] mkdir("./file0", 0777) = 0 [pid 712] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 712] chdir("./file0") = 0 [pid 712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 712] ioctl(6, LOOP_CLR_FD) = 0 [pid 712] close(6) = 0 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] <... futex resumed>) = 1 [pid 712] write(6, "#! ./file1\n", 11) = 11 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] <... futex resumed>) = 1 [pid 712] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 712] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 712] <... futex resumed>) = 1 [pid 712] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 711] <... futex resumed>) = ? [pid 712] +++ killed by SIGBUS +++ [pid 711] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=711, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 37.742419][ T712] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.772176][ T712] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 717 ./strace-static-x86_64: Process 717 attached [pid 717] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 717] chdir("./72") = 0 [pid 717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 717] setpgid(0, 0) = 0 [pid 717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 717] write(3, "1000", 4) = 4 [pid 717] close(3) = 0 [pid 717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 717] write(1, "executing program\n", 18executing program ) = 18 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 717] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 718 attached => {parent_tid=[718]}, 88) = 718 [pid 718] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 718] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 718] <... futex resumed>) = 0 [pid 718] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] <... openat resumed>) = 3 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 718] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 718] <... futex resumed>) = 0 [pid 717] <... futex resumed>) = 1 [pid 718] ioctl(3, VHOST_SET_OWNER [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] <... ioctl resumed>, 0) = 0 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 718] memfd_create("syzkaller", 0) = 5 [pid 718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 718] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 718] munmap(0x7f694498e000, 138412032) = 0 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 718] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 718] close(5) = 0 [pid 718] close(6) = 0 [pid 718] mkdir("./file0", 0777) = 0 [pid 718] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 718] chdir("./file0") = 0 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 718] ioctl(6, LOOP_CLR_FD) = 0 [pid 718] close(6) = 0 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 718] write(6, "#! ./file1\n", 11 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 718] <... write resumed>) = 11 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 718] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] <... mmap resumed>) = 0x200000000000 [pid 718] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 717] <... futex resumed>) = 0 [pid 718] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 717] <... futex resumed>) = 0 [pid 717] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 717] <... futex resumed>) = ? [pid 718] +++ killed by SIGBUS +++ [pid 717] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=717, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 37.902418][ T718] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.937769][ T719] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-718: bg 0: block 234: padding at end of block bitmap is not set umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 723 attached [pid 723] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 723] chdir("./73" [pid 282] <... clone resumed>, child_tidptr=0x55558a0de690) = 723 [pid 723] <... chdir resumed>) = 0 [pid 723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 723] setpgid(0, 0) = 0 [pid 723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 723] write(3, "1000", 4) = 4 [pid 723] close(3) = 0 [pid 723] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 723] write(1, "executing program\n", 18) = 18 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 723] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[724]}, 88) = 724 [pid 723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 724 attached [pid 724] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 724] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... futex resumed>) = 1 [pid 724] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 0 [pid 724] <... futex resumed>) = 1 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 724] ioctl(3, VHOST_SET_VRING_ADDR [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... ioctl resumed>, 0x200000000300) = 0 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 0 [pid 724] <... futex resumed>) = 1 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] ioctl(3, VHOST_SET_MEM_TABLE [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... ioctl resumed>, 0x200000003380) = 0 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 0 [pid 724] <... futex resumed>) = 1 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] eventfd2(118, EFD_SEMAPHORE [pid 723] <... futex resumed>) = 0 [pid 724] <... eventfd2 resumed>) = 4 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 724] <... futex resumed>) = 0 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] ioctl(3, VHOST_SET_VRING_ERR [pid 723] <... futex resumed>) = 0 [pid 724] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 724] <... futex resumed>) = 0 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 724] ioctl(3, VHOST_SET_VRING_ADDR [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... ioctl resumed>, 0x200000000240) = 0 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 724] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 723] <... futex resumed>) = 0 [pid 724] ioctl(3, VHOST_SET_VRING_KICK [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... ioctl resumed>, 0x200000000000) = 0 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 0 [pid 724] <... futex resumed>) = 1 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... ioctl resumed>, 0x200000000140) = 0 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 0 [pid 724] <... futex resumed>) = 1 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 724] memfd_create("syzkaller", 0) = 5 [pid 724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 724] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 724] munmap(0x7f694498e000, 138412032) = 0 [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 724] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 724] close(5) = 0 [pid 724] close(6) = 0 [pid 724] mkdir("./file0", 0777) = 0 [pid 724] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 724] chdir("./file0") = 0 [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 724] ioctl(6, LOOP_CLR_FD) = 0 [pid 724] close(6) = 0 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 724] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... futex resumed>) = 0 [pid 724] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 724] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 723] <... futex resumed>) = 0 [pid 724] write(6, "#! ./file1\n", 11 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... write resumed>) = 11 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 724] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 723] <... futex resumed>) = 0 [pid 724] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... mmap resumed>) = 0x200000000000 [pid 724] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 724] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 724] <... futex resumed>) = 0 [pid 724] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 723] <... futex resumed>) = ? [pid 724] +++ killed by SIGBUS +++ [pid 723] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=723, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 38.094189][ T724] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.126358][ T725] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-724: bg 0: block 234: padding at end of block bitmap is not set umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 729 ./strace-static-x86_64: Process 729 attached [pid 729] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 729] chdir("./74") = 0 [pid 729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 729] setpgid(0, 0) = 0 [pid 729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 729] write(3, "1000", 4) = 4 [pid 729] close(3) = 0 [pid 729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 729] write(1, "executing program\n", 18executing program ) = 18 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 729] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 730 attached => {parent_tid=[730]}, 88) = 730 [pid 730] set_robust_list(0x7f694cdae9a0, 24 [pid 729] rt_sigprocmask(SIG_SETMASK, [], [pid 730] <... set_robust_list resumed>) = 0 [pid 729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 730] rt_sigprocmask(SIG_SETMASK, [], [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 730] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 729] <... futex resumed>) = 0 [pid 730] ioctl(3, VHOST_SET_OWNER [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] <... ioctl resumed>, 0) = 0 [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = 0 [pid 730] <... futex resumed>) = 1 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] ioctl(3, VHOST_SET_VRING_ADDR [pid 729] <... futex resumed>) = 0 [pid 730] <... ioctl resumed>, 0x200000000300) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 730] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] ioctl(3, VHOST_SET_MEM_TABLE [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] <... ioctl resumed>, 0x200000003380) = 0 [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = 0 [pid 730] <... futex resumed>) = 1 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] eventfd2(118, EFD_SEMAPHORE [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] <... eventfd2 resumed>) = 4 [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = 0 [pid 730] <... futex resumed>) = 1 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] ioctl(3, VHOST_SET_VRING_ERR [pid 729] <... futex resumed>) = 0 [pid 730] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 730] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] ioctl(3, VHOST_SET_VRING_ADDR [pid 729] <... futex resumed>) = 0 [pid 730] <... ioctl resumed>, 0x200000000240) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 730] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] ioctl(3, VHOST_SET_VRING_KICK [pid 729] <... futex resumed>) = 0 [pid 730] <... ioctl resumed>, 0x200000000000) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 730] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 729] <... futex resumed>) = 0 [pid 730] <... ioctl resumed>, 0x200000000140) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 730] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 730] memfd_create("syzkaller", 0) = 5 [pid 730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 730] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 730] munmap(0x7f694498e000, 138412032) = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 730] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 730] close(5) = 0 [pid 730] close(6) = 0 [pid 730] mkdir("./file0", 0777) = 0 [pid 730] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 730] chdir("./file0") = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 730] ioctl(6, LOOP_CLR_FD) = 0 [pid 730] close(6) = 0 [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] <... futex resumed>) = 0 [pid 729] <... futex resumed>) = 1 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] write(6, "#! ./file1\n", 11) = 11 [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] <... mmap resumed>) = 0x200000000000 [pid 730] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 730] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 729] <... futex resumed>) = ? [pid 730] +++ killed by SIGBUS +++ [pid 729] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=729, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 38.292184][ T730] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.322459][ T731] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-730: bg 0: block 234: padding at end of block bitmap is not set umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 735 ./strace-static-x86_64: Process 735 attached [pid 735] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 735] chdir("./75") = 0 [pid 735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 735] setpgid(0, 0) = 0 [pid 735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 735] write(3, "1000", 4) = 4 [pid 735] close(3) = 0 [pid 735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 735] write(1, "executing program\n", 18executing program ) = 18 [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 735] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 736 attached => {parent_tid=[736]}, 88) = 736 [pid 736] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] ioctl(3, VHOST_SET_OWNER [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 736] <... ioctl resumed>, 0) = 0 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 736] ioctl(3, VHOST_SET_VRING_ADDR [pid 735] <... futex resumed>) = 1 [pid 736] <... ioctl resumed>, 0x200000000240) = 0 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... futex resumed>) = 0 [pid 735] <... futex resumed>) = 1 [pid 736] memfd_create("syzkaller", 0) = 5 [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 736] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 736] munmap(0x7f694498e000, 138412032) = 0 [pid 736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 736] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 736] close(5) = 0 [pid 736] close(6) = 0 [pid 736] mkdir("./file0", 0777) = 0 [pid 736] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 736] chdir("./file0") = 0 [pid 736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 736] ioctl(6, LOOP_CLR_FD) = 0 [pid 736] close(6) = 0 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 735] <... futex resumed>) = 0 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 736] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 736] write(6, "#! ./file1\n", 11) = 11 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 736] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 736] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 38.562214][ T736] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 735] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 736] <... futex resumed>) = 0 [pid 736] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 735] <... futex resumed>) = ? [pid 736] +++ killed by SIGBUS +++ [pid 735] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=735, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 38.605110][ T737] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-736: bg 0: block 234: padding at end of block bitmap is not set umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 741 attached , child_tidptr=0x55558a0de690) = 741 [pid 741] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 741] chdir("./76") = 0 [pid 741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 741] setpgid(0, 0) = 0 [pid 741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 741] write(3, "1000", 4) = 4 [pid 741] close(3) = 0 [pid 741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 741] write(1, "executing program\n", 18executing program ) = 18 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 741] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 741] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 742 attached [pid 742] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... clone3 resumed> => {parent_tid=[742]}, 88) = 742 [pid 741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] <... futex resumed>) = 0 [pid 741] <... futex resumed>) = 1 [pid 742] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] <... futex resumed>) = 0 [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] <... futex resumed>) = 0 [pid 741] <... futex resumed>) = 1 [pid 742] ioctl(3, VHOST_SET_OWNER [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] <... ioctl resumed>, 0) = 0 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 742] <... futex resumed>) = 0 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] <... futex resumed>) = 0 [pid 742] ioctl(3, VHOST_SET_MEM_TABLE [pid 741] <... futex resumed>) = 1 [pid 742] <... ioctl resumed>, 0x200000003380) = 0 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 742] <... futex resumed>) = 0 [pid 742] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 742] <... futex resumed>) = 0 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 742] <... futex resumed>) = 0 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... futex resumed>) = 0 [pid 742] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] ioctl(3, VHOST_SET_VRING_KICK [pid 741] <... futex resumed>) = 0 [pid 742] <... ioctl resumed>, 0x200000000000) = 0 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 742] <... futex resumed>) = 0 [pid 742] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] <... ioctl resumed>, 0x200000000140) = 0 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 742] <... futex resumed>) = 0 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 742] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] memfd_create("syzkaller", 0 [pid 741] <... futex resumed>) = 0 [pid 742] <... memfd_create resumed>) = 5 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 742] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 742] munmap(0x7f694498e000, 138412032) = 0 [pid 742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 742] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 742] close(5) = 0 [pid 742] close(6) = 0 [pid 742] mkdir("./file0", 0777) = 0 [pid 742] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 742] chdir("./file0") = 0 [pid 742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 742] ioctl(6, LOOP_CLR_FD) = 0 [pid 742] close(6) = 0 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] <... futex resumed>) = 0 [pid 742] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] write(6, "#! ./file1\n", 11) = 11 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 742] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 742] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 741] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 742] <... futex resumed>) = 0 [pid 742] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 741] <... futex resumed>) = ? [pid 742] +++ killed by SIGBUS +++ [pid 741] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=741, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 38.732252][ T742] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.763991][ T743] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-742: bg 0: block 234: padding at end of block bitmap is not set umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 747 attached , child_tidptr=0x55558a0de690) = 747 [pid 747] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 747] chdir("./77") = 0 [pid 747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 747] setpgid(0, 0) = 0 [pid 747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 747] write(3, "1000", 4) = 4 [pid 747] close(3) = 0 [pid 747] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 747] write(1, "executing program\n", 18) = 18 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 747] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 747] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[748]}, 88) = 748 [pid 747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 748 attached [pid 748] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 748] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... futex resumed>) = 1 [pid 748] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 747] <... futex resumed>) = 0 [pid 748] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 748] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 747] <... futex resumed>) = 0 [pid 748] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 748] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 747] <... futex resumed>) = 0 [pid 748] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 747] <... futex resumed>) = 0 [pid 748] <... futex resumed>) = 0 [pid 748] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] <... futex resumed>) = 0 [pid 747] <... futex resumed>) = 1 [pid 748] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 748] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] <... futex resumed>) = 0 [pid 747] <... futex resumed>) = 1 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 748] memfd_create("syzkaller", 0) = 5 [pid 748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 748] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 748] munmap(0x7f694498e000, 138412032) = 0 [pid 748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 748] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 748] close(5) = 0 [pid 748] close(6) = 0 [pid 748] mkdir("./file0", 0777) = 0 [pid 748] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 748] chdir("./file0") = 0 [pid 748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 748] ioctl(6, LOOP_CLR_FD) = 0 [pid 748] close(6) = 0 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 748] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] <... futex resumed>) = 0 [pid 747] <... futex resumed>) = 1 [pid 748] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... openat resumed>) = 6 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 747] <... futex resumed>) = 0 [pid 748] <... futex resumed>) = 1 [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] write(6, "#! ./file1\n", 11 [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... write resumed>) = 11 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 748] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 748] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 747] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... futex resumed>) = 0 [pid 748] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 747] <... futex resumed>) = ? [pid 748] +++ killed by SIGBUS +++ [pid 747] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=747, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 38.912343][ T748] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.943117][ T749] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-748: bg 0: block 234: padding at end of block bitmap is not set umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 753 ./strace-static-x86_64: Process 753 attached [pid 753] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 753] chdir("./78") = 0 [pid 753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 753] setpgid(0, 0) = 0 [pid 753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 753] write(3, "1000", 4) = 4 [pid 753] close(3) = 0 [pid 753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 753] write(1, "executing program\n", 18) = 18 [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 753] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 753] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 754 attached => {parent_tid=[754]}, 88) = 754 [pid 754] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] <... futex resumed>) = 0 [pid 754] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] <... futex resumed>) = 0 [pid 754] ioctl(3, VHOST_SET_OWNER [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 754] <... ioctl resumed>, 0) = 0 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] <... futex resumed>) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] <... futex resumed>) = 0 [pid 754] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] <... futex resumed>) = 0 [pid 754] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] <... futex resumed>) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] <... futex resumed>) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] <... futex resumed>) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] <... futex resumed>) = 0 [pid 754] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] <... futex resumed>) = 0 [pid 753] <... futex resumed>) = 1 [pid 754] memfd_create("syzkaller", 0) = 5 [pid 754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 754] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 754] <... write resumed>) = 1048576 [pid 754] munmap(0x7f694498e000, 138412032) = 0 [pid 754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 754] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 754] close(5) = 0 [pid 754] close(6) = 0 [pid 754] mkdir("./file0", 0777) = 0 [pid 754] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 754] chdir("./file0") = 0 [pid 754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 754] ioctl(6, LOOP_CLR_FD) = 0 [pid 754] close(6) = 0 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] <... futex resumed>) = 0 [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] <... futex resumed>) = 0 [pid 753] <... futex resumed>) = 1 [pid 754] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 754] <... openat resumed>) = 6 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 753] <... futex resumed>) = 0 [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 754] write(6, "#! ./file1\n", 11) = 11 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 753] <... futex resumed>) = 0 [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 754] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 754] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 754] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] <... futex resumed>) = 0 [pid 753] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 753] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 754] <... futex resumed>) = 0 [pid 754] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 753] <... futex resumed>) = ? [pid 754] +++ killed by SIGBUS +++ [pid 753] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=753, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 39.052173][ T754] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.080373][ T755] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-754: bg 0: block 234: padding at end of block bitmap is not set umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0"executing program ) = 0 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 759 ./strace-static-x86_64: Process 759 attached [pid 759] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 759] chdir("./79") = 0 [pid 759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 759] setpgid(0, 0) = 0 [pid 759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 759] write(3, "1000", 4) = 4 [pid 759] close(3) = 0 [pid 759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 759] write(1, "executing program\n", 18) = 18 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 759] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 759] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 759] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[760]}, 88) = 760 [pid 759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 760 attached [pid 760] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 760] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... futex resumed>) = 1 [pid 760] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... futex resumed>) = 1 [pid 760] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... futex resumed>) = 1 [pid 760] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... futex resumed>) = 1 [pid 760] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... futex resumed>) = 1 [pid 760] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... futex resumed>) = 1 [pid 760] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... futex resumed>) = 1 [pid 760] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... futex resumed>) = 1 [pid 760] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 760] <... futex resumed>) = 1 [pid 760] memfd_create("syzkaller", 0) = 5 [pid 760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 760] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 760] munmap(0x7f694498e000, 138412032) = 0 [pid 760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 760] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 760] close(5) = 0 [pid 760] close(6) = 0 [pid 760] mkdir("./file0", 0777) = 0 [pid 760] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 760] chdir("./file0") = 0 [pid 760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 760] ioctl(6, LOOP_CLR_FD) = 0 [pid 760] close(6) = 0 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 759] <... futex resumed>) = 0 [pid 760] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 759] <... futex resumed>) = 0 [pid 760] write(6, "#! ./file1\n", 11 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... write resumed>) = 11 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 759] <... futex resumed>) = 0 [pid 760] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 759] <... futex resumed>) = 0 [pid 760] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... mmap resumed>) = 0x200000000000 [pid 760] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 39.252209][ T760] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 760] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 759] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... futex resumed>) = 0 [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 759] <... futex resumed>) = ? [pid 760] +++ killed by SIGBUS +++ [pid 759] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=759, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 39.294504][ T761] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-760: bg 0: block 234: padding at end of block bitmap is not set newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 766 ./strace-static-x86_64: Process 766 attached [pid 766] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 766] chdir("./80") = 0 [pid 766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 766] setpgid(0, 0) = 0 [pid 766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 766] write(3, "1000", 4) = 4 [pid 766] close(3) = 0 [pid 766] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 766] write(1, "executing program\n", 18) = 18 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 766] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[767]}, 88) = 767 [pid 766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 767 attached [pid 767] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 767] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 766] <... futex resumed>) = 0 [pid 767] ioctl(3, VHOST_SET_VRING_ADDR [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... ioctl resumed>, 0x200000000300) = 0 [pid 766] <... futex resumed>) = 0 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... futex resumed>) = 0 [pid 766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 767] ioctl(3, VHOST_SET_MEM_TABLE [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... ioctl resumed>, 0x200000003380) = 0 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 766] <... futex resumed>) = 0 [pid 767] eventfd2(118, EFD_SEMAPHORE [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... eventfd2 resumed>) = 4 [pid 766] <... futex resumed>) = 0 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... futex resumed>) = 0 [pid 766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 767] ioctl(3, VHOST_SET_VRING_ERR [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 766] <... futex resumed>) = 0 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... futex resumed>) = 0 [pid 766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 767] ioctl(3, VHOST_SET_VRING_ADDR [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... ioctl resumed>, 0x200000000240) = 0 [pid 766] <... futex resumed>) = 0 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... futex resumed>) = 0 [pid 766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 767] ioctl(3, VHOST_SET_VRING_KICK [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... ioctl resumed>, 0x200000000000) = 0 [pid 766] <... futex resumed>) = 0 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... futex resumed>) = 0 [pid 766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 767] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... ioctl resumed>, 0x200000000140) = 0 [pid 766] <... futex resumed>) = 0 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... futex resumed>) = 0 [pid 766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 767] memfd_create("syzkaller", 0 [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... memfd_create resumed>) = 5 [pid 766] <... futex resumed>) = 0 [pid 767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 767] <... mmap resumed>) = 0x7f694498e000 [pid 767] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 767] munmap(0x7f694498e000, 138412032) = 0 [pid 767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 767] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 767] close(5) = 0 [pid 767] close(6) = 0 [pid 767] mkdir("./file0", 0777) = 0 [pid 767] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 767] chdir("./file0") = 0 [pid 767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 767] ioctl(6, LOOP_CLR_FD) = 0 [pid 767] close(6) = 0 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] write(6, "#! ./file1\n", 11) = 11 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... mmap resumed>) = 0x200000000000 [pid 767] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 766] <... futex resumed>) = 0 [pid 767] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 766] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 766] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... futex resumed>) = 0 [pid 767] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 766] <... futex resumed>) = ? [pid 767] +++ killed by SIGBUS +++ [pid 766] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=766, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 39.392345][ T767] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.422769][ T768] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-767: bg 0: block 234: padding at end of block bitmap is not set umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 772 ./strace-static-x86_64: Process 772 attached [pid 772] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 772] chdir("./81") = 0 [pid 772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 772] setpgid(0, 0) = 0 [pid 772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 772] write(3, "1000", 4) = 4 [pid 772] close(3) = 0 [pid 772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 772] write(1, "executing program\n", 18executing program ) = 18 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 772] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[773]}, 88) = 773 [pid 772] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 773 attached NULL, 8) = 0 [pid 773] set_robust_list(0x7f694cdae9a0, 24 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 773] <... set_robust_list resumed>) = 0 [pid 772] <... futex resumed>) = 0 [pid 773] rt_sigprocmask(SIG_SETMASK, [], [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 773] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 773] memfd_create("syzkaller", 0) = 5 [pid 773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 773] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 773] munmap(0x7f694498e000, 138412032) = 0 [pid 773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 773] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 773] close(5) = 0 [pid 773] close(6) = 0 [pid 773] mkdir("./file0", 0777) = 0 [pid 773] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 773] chdir("./file0") = 0 [pid 773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 773] ioctl(6, LOOP_CLR_FD) = 0 [pid 773] close(6) = 0 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] <... futex resumed>) = 1 [pid 773] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] <... futex resumed>) = 1 [pid 773] write(6, "#! ./file1\n", 11) = 11 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] <... futex resumed>) = 1 [pid 773] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 773] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 773] <... futex resumed>) = 1 [pid 773] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 772] <... futex resumed>) = ? [pid 773] +++ killed by SIGBUS +++ [pid 772] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=772, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 39.539248][ T773] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.565749][ T773] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 778 ./strace-static-x86_64: Process 778 attached [pid 778] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 778] chdir("./82") = 0 [pid 778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 778] setpgid(0, 0) = 0 [pid 778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 778] write(3, "1000", 4) = 4 [pid 778] close(3) = 0 [pid 778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 778] write(1, "executing program\n", 18executing program ) = 18 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 778] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[779]}, 88) = 779 [pid 778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 779 attached [pid 779] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 779] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... futex resumed>) = 1 [pid 779] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... futex resumed>) = 1 [pid 779] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... futex resumed>) = 1 [pid 779] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... futex resumed>) = 1 [pid 779] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... futex resumed>) = 1 [pid 779] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... futex resumed>) = 1 [pid 779] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... futex resumed>) = 1 [pid 779] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... futex resumed>) = 1 [pid 779] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 779] <... futex resumed>) = 1 [pid 779] memfd_create("syzkaller", 0) = 5 [pid 779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 779] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 779] munmap(0x7f694498e000, 138412032) = 0 [pid 779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 779] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 779] close(5) = 0 [pid 779] close(6) = 0 [pid 779] mkdir("./file0", 0777) = 0 [pid 779] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 779] chdir("./file0") = 0 [pid 779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 779] ioctl(6, LOOP_CLR_FD) = 0 [pid 779] close(6) = 0 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 779] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... futex resumed>) = 0 [pid 779] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 779] write(6, "#! ./file1\n", 11 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... write resumed>) = 11 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 778] <... futex resumed>) = 0 [pid 779] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] <... mmap resumed>) = 0x200000000000 [pid 779] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 779] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 778] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 779] <... futex resumed>) = 0 [pid 778] <... futex resumed>) = 1 [pid 778] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 779] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 778] <... futex resumed>) = ? [pid 779] +++ killed by SIGBUS +++ [pid 778] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=778, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 39.672157][ T779] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.703408][ T780] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-779: bg 0: block 234: padding at end of block bitmap is not set umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 784 ./strace-static-x86_64: Process 784 attached [pid 784] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 784] chdir("./83") = 0 [pid 784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 784] setpgid(0, 0) = 0 [pid 784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 784] write(3, "1000", 4) = 4 [pid 784] close(3) = 0 [pid 784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 784] write(1, "executing program\n", 18executing program ) = 18 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 784] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[785]}, 88) = 785 [pid 784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 785 attached [pid 785] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 785] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] <... futex resumed>) = 1 [pid 785] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 785] <... futex resumed>) = 1 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 785] <... futex resumed>) = 1 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] <... futex resumed>) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 785] memfd_create("syzkaller", 0) = 5 [pid 785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 785] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 785] munmap(0x7f694498e000, 138412032) = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 785] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 785] close(5) = 0 [pid 785] close(6) = 0 [pid 785] mkdir("./file0", 0777) = 0 [pid 785] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 785] chdir("./file0") = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 785] ioctl(6, LOOP_CLR_FD) = 0 [pid 785] close(6) = 0 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] write(6, "#! ./file1\n", 11) = 11 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 785] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 784] <... futex resumed>) = ? [pid 785] +++ killed by SIGBUS +++ [pid 784] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=784, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 39.852325][ T785] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.881956][ T785] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 790 ./strace-static-x86_64: Process 790 attached [pid 790] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 790] chdir("./84") = 0 [pid 790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 790] setpgid(0, 0) = 0 [pid 790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 790] write(3, "1000", 4) = 4 [pid 790] close(3) = 0 [pid 790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 790] write(1, "executing program\n", 18executing program ) = 18 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 790] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 790] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 790] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 791 attached => {parent_tid=[791]}, 88) = 791 [pid 791] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 791] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 791] <... futex resumed>) = 0 [pid 791] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 791] <... futex resumed>) = 0 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 791] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 791] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 791] <... futex resumed>) = 0 [pid 790] <... futex resumed>) = 1 [pid 791] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 791] <... futex resumed>) = 0 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 791] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 791] <... futex resumed>) = 0 [pid 791] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 791] <... futex resumed>) = 0 [pid 791] ioctl(3, VHOST_SET_VRING_ERR [pid 790] <... futex resumed>) = 1 [pid 791] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 791] <... futex resumed>) = 0 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 791] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 791] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 791] <... futex resumed>) = 0 [pid 791] ioctl(3, VHOST_SET_VRING_KICK [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 791] <... ioctl resumed>, 0x200000000000) = 0 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 790] <... futex resumed>) = 0 [pid 791] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 791] <... ioctl resumed>, 0x200000000140) = 0 [pid 790] <... futex resumed>) = 0 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 791] <... futex resumed>) = 0 [pid 790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 791] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 791] <... futex resumed>) = 0 [pid 790] <... futex resumed>) = 1 [pid 791] memfd_create("syzkaller", 0 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 791] <... memfd_create resumed>) = 5 [pid 791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 791] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 791] munmap(0x7f694498e000, 138412032) = 0 [pid 791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 791] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 791] close(5) = 0 [pid 791] close(6) = 0 [pid 791] mkdir("./file0", 0777) = 0 [pid 791] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 791] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 791] chdir("./file0") = 0 [pid 791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 791] ioctl(6, LOOP_CLR_FD) = 0 [pid 791] close(6) = 0 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 791] <... futex resumed>) = 1 [pid 791] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 791] <... futex resumed>) = 1 [pid 791] write(6, "#! ./file1\n", 11) = 11 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 791] <... futex resumed>) = 1 [pid 791] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 791] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 791] <... futex resumed>) = 1 [pid 791] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 790] <... futex resumed>) = ? [pid 791] +++ killed by SIGBUS +++ [pid 790] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=790, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 40.061781][ T791] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.090452][ T792] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-791: bg 0: block 234: padding at end of block bitmap is not set umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 796 ./strace-static-x86_64: Process 796 attached [pid 796] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 796] chdir("./85") = 0 [pid 796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 796] setpgid(0, 0) = 0 [pid 796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 796] write(3, "1000", 4) = 4 [pid 796] close(3) = 0 [pid 796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 796] write(1, "executing program\n", 18) = 18 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 796] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 796] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 796] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[797]}, 88) = 797 [pid 796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 797 attached [pid 797] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 797] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] memfd_create("syzkaller", 0) = 5 [pid 797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 797] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 797] munmap(0x7f694498e000, 138412032) = 0 [pid 797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 797] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 797] close(5) = 0 [pid 797] close(6) = 0 [pid 797] mkdir("./file0", 0777) = 0 [pid 797] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 797] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 797] chdir("./file0") = 0 [pid 797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 797] ioctl(6, LOOP_CLR_FD) = 0 [pid 797] close(6) = 0 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] write(6, "#! ./file1\n", 11) = 11 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 797] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 1 [pid 797] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 796] <... futex resumed>) = ? [pid 797] +++ killed by SIGBUS +++ [pid 796] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=796, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 40.273125][ T797] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.303248][ T797] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 802 ./strace-static-x86_64: Process 802 attached [pid 802] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 802] chdir("./86") = 0 [pid 802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 802] setpgid(0, 0) = 0 [pid 802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 802] write(3, "1000", 4) = 4 [pid 802] close(3) = 0 [pid 802] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 802] write(1, "executing program\n", 18) = 18 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 802] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 802] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[803]}, 88) = 803 ./strace-static-x86_64: Process 803 attached [pid 803] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 803] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 802] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 803] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 803] ioctl(3, VHOST_SET_VRING_ADDR [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] <... ioctl resumed>, 0x200000000240) = 0 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] memfd_create("syzkaller", 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 803] <... memfd_create resumed>) = 5 [pid 803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 803] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 803] munmap(0x7f694498e000, 138412032) = 0 [pid 803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 803] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 803] close(5) = 0 [pid 803] close(6) = 0 [pid 803] mkdir("./file0", 0777) = 0 [pid 803] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 803] chdir("./file0") = 0 [pid 803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 803] ioctl(6, LOOP_CLR_FD) = 0 [pid 803] close(6) = 0 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] <... futex resumed>) = 1 [pid 803] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] <... futex resumed>) = 1 [pid 803] write(6, "#! ./file1\n", 11) = 11 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] <... futex resumed>) = 1 [pid 803] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 803] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] <... futex resumed>) = 1 [pid 803] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 802] <... futex resumed>) = ? [pid 803] +++ killed by SIGBUS +++ [pid 802] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=802, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 40.471822][ T803] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.501033][ T804] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-803: bg 0: block 234: padding at end of block bitmap is not set umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 808 attached , child_tidptr=0x55558a0de690) = 808 [pid 808] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 808] chdir("./87") = 0 [pid 808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 808] setpgid(0, 0) = 0 [pid 808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 808] write(3, "1000", 4) = 4 [pid 808] close(3) = 0 [pid 808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 808] write(1, "executing program\n", 18executing program ) = 18 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 808] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 808] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 808] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 809 attached => {parent_tid=[809]}, 88) = 809 [pid 809] set_robust_list(0x7f694cdae9a0, 24 [pid 808] rt_sigprocmask(SIG_SETMASK, [], [pid 809] <... set_robust_list resumed>) = 0 [pid 808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 809] rt_sigprocmask(SIG_SETMASK, [], [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 808] <... futex resumed>) = 0 [pid 809] <... futex resumed>) = 1 [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] ioctl(3, VHOST_SET_OWNER [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... ioctl resumed>, 0) = 0 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 809] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = 0 [pid 808] <... futex resumed>) = 1 [pid 809] ioctl(3, VHOST_SET_VRING_ADDR [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... ioctl resumed>, 0x200000000300) = 0 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 809] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 808] <... futex resumed>) = 0 [pid 809] ioctl(3, VHOST_SET_MEM_TABLE [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... ioctl resumed>, 0x200000003380) = 0 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 809] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 808] <... futex resumed>) = 0 [pid 809] eventfd2(118, EFD_SEMAPHORE [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... eventfd2 resumed>) = 4 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 809] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 809] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 809] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 808] <... futex resumed>) = 0 [pid 809] ioctl(3, VHOST_SET_VRING_ADDR [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... ioctl resumed>, 0x200000000240) = 0 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 809] ioctl(3, VHOST_SET_VRING_KICK [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] <... ioctl resumed>, 0x200000000000) = 0 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 809] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... ioctl resumed>, 0x200000000140) = 0 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 809] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 809] memfd_create("syzkaller", 0) = 5 [pid 809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 809] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 809] munmap(0x7f694498e000, 138412032) = 0 [pid 809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 809] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 809] close(5) = 0 [pid 809] close(6) = 0 [pid 809] mkdir("./file0", 0777) = 0 [pid 809] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 809] chdir("./file0") = 0 [pid 809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 809] ioctl(6, LOOP_CLR_FD) = 0 [pid 809] close(6) = 0 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... openat resumed>) = 6 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 808] <... futex resumed>) = 0 [pid 809] <... futex resumed>) = 1 [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] write(6, "#! ./file1\n", 11 [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... write resumed>) = 11 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... mmap resumed>) = 0x200000000000 [pid 809] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 809] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 808] <... futex resumed>) = 0 [pid 808] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 808] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... futex resumed>) = 0 [ 40.668982][ T809] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 808] <... futex resumed>) = ? [pid 809] +++ killed by SIGBUS +++ [pid 808] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=808, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 40.707192][ T810] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-809: bg 0: block 234: padding at end of block bitmap is not set umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 814 ./strace-static-x86_64: Process 814 attached [pid 814] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 814] chdir("./88") = 0 [pid 814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 814] setpgid(0, 0) = 0 [pid 814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 814] write(3, "1000", 4) = 4 [pid 814] close(3) = 0 [pid 814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 814] write(1, "executing program\n", 18) = 18 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 814] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[815]}, 88) = 815 [pid 814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 815 attached [pid 815] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 815] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] ioctl(3, VHOST_SET_OWNERexecuting program , 0) = 0 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 815] <... futex resumed>) = 1 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 814] <... futex resumed>) = 0 [pid 815] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 0 [pid 815] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] memfd_create("syzkaller", 0) = 5 [pid 815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 815] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 815] munmap(0x7f694498e000, 138412032) = 0 [pid 815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 815] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 815] close(5) = 0 [pid 815] close(6) = 0 [pid 815] mkdir("./file0", 0777) = 0 [pid 815] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 815] chdir("./file0") = 0 [pid 815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 815] ioctl(6, LOOP_CLR_FD) = 0 [pid 815] close(6) = 0 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] write(6, "#! ./file1\n", 11) = 11 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [pid 815] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 815] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = 0 [pid 814] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... futex resumed>) = 1 [ 40.792169][ T815] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 814] <... futex resumed>) = ? [pid 815] +++ killed by SIGBUS +++ [pid 814] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=814, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 40.833373][ T816] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-815: bg 0: block 234: padding at end of block bitmap is not set umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 820 ./strace-static-x86_64: Process 820 attached [pid 820] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 820] chdir("./89") = 0 [pid 820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 820] setpgid(0, 0) = 0 [pid 820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 820] write(3, "1000", 4) = 4 [pid 820] close(3) = 0 [pid 820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 820] write(1, "executing program\n", 18executing program ) = 18 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 820] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 820] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 821 attached [pid 821] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] <... clone3 resumed> => {parent_tid=[821]}, 88) = 821 [pid 820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 821] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] <... futex resumed>) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] <... futex resumed>) = 0 [pid 821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 820] <... futex resumed>) = 0 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] <... futex resumed>) = 0 [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 821] eventfd2(118, EFD_SEMAPHORE [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] <... eventfd2 resumed>) = 4 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] <... futex resumed>) = 0 [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 821] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] <... futex resumed>) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] <... futex resumed>) = 0 [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 821] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 821] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 821] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 821] memfd_create("syzkaller", 0) = 5 [pid 821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 821] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 821] munmap(0x7f694498e000, 138412032) = 0 [pid 821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 821] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 821] close(5) = 0 [pid 821] close(6) = 0 [pid 821] mkdir("./file0", 0777) = 0 [pid 821] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 821] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 821] chdir("./file0") = 0 [pid 821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 821] ioctl(6, LOOP_CLR_FD) = 0 [pid 821] close(6) = 0 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 820] <... futex resumed>) = 0 [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 820] <... futex resumed>) = 0 [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] <... futex resumed>) = 1 [pid 821] write(6, "#! ./file1\n", 11) = 11 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 820] <... futex resumed>) = 0 [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] <... futex resumed>) = 1 [pid 821] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 821] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 820] <... futex resumed>) = 0 [pid 820] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] <... futex resumed>) = 1 [pid 821] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 820] <... futex resumed>) = ? [pid 821] +++ killed by SIGBUS +++ [pid 820] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=820, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 40.982578][ T821] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.012429][ T822] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-821: bg 0: block 234: padding at end of block bitmap is not set umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 826 ./strace-static-x86_64: Process 826 attached [pid 826] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 826] chdir("./90") = 0 [pid 826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 826] setpgid(0, 0) = 0 [pid 826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 826] write(3, "1000", 4) = 4 [pid 826] close(3) = 0 [pid 826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 826] write(1, "executing program\n", 18executing program ) = 18 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 826] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 826] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[827]}, 88) = 827 [pid 826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 827 attached [pid 827] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 827] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... futex resumed>) = 1 [pid 827] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... futex resumed>) = 1 [pid 827] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... futex resumed>) = 1 [pid 827] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... futex resumed>) = 1 [pid 827] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... futex resumed>) = 1 [pid 827] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... futex resumed>) = 1 [pid 827] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... futex resumed>) = 1 [pid 827] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... futex resumed>) = 1 [pid 827] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 827] <... futex resumed>) = 1 [pid 827] memfd_create("syzkaller", 0) = 5 [pid 827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 827] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 827] munmap(0x7f694498e000, 138412032) = 0 [pid 827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 827] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 827] close(5) = 0 [pid 827] close(6) = 0 [pid 827] mkdir("./file0", 0777) = 0 [pid 827] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 827] chdir("./file0") = 0 [pid 827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 827] ioctl(6, LOOP_CLR_FD) = 0 [pid 827] close(6) = 0 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 827] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... futex resumed>) = 0 [pid 827] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 826] <... futex resumed>) = 0 [pid 827] write(6, "#! ./file1\n", 11 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... write resumed>) = 11 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 826] <... futex resumed>) = 0 [pid 827] <... futex resumed>) = 1 [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 826] <... futex resumed>) = 0 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] <... mmap resumed>) = 0x200000000000 [pid 827] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 826] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... futex resumed>) = 0 [pid 826] <... futex resumed>) = 1 [pid 826] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 827] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 826] <... futex resumed>) = ? [pid 827] +++ killed by SIGBUS +++ [pid 826] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=826, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 41.132327][ T827] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.163029][ T828] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-827: bg 0: block 234: padding at end of block bitmap is not set umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 832 ./strace-static-x86_64: Process 832 attached [pid 832] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 832] chdir("./91") = 0 [pid 832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 832] setpgid(0, 0) = 0 [pid 832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 832] write(3, "1000", 4) = 4 [pid 832] close(3) = 0 [pid 832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 832] write(1, "executing program\n", 18) = 18 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 832] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[833]}, 88) = 833 [pid 832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 833 attached [pid 833] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 833] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 833] <... futex resumed>) = 1 [pid 833] memfd_create("syzkaller", 0) = 5 [pid 833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 833] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 833] munmap(0x7f694498e000, 138412032) = 0 [pid 833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 833] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 833] close(5) = 0 [pid 833] close(6) = 0 [pid 833] mkdir("./file0", 0777) = 0 [pid 833] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 833] chdir("./file0") = 0 [pid 833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 833] ioctl(6, LOOP_CLR_FD) = 0 [pid 833] close(6) = 0 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 832] <... futex resumed>) = 0 [pid 833] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 832] <... futex resumed>) = 0 [pid 833] write(6, "#! ./file1\n", 11 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... write resumed>) = 11 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 832] <... futex resumed>) = 0 [pid 833] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 832] <... futex resumed>) = 0 [pid 833] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [ 41.342040][ T833] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] <... mmap resumed>) = 0x200000000000 [pid 833] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 833] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 832] <... futex resumed>) = 0 [pid 832] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 833] <... futex resumed>) = 0 [pid 832] <... futex resumed>) = 1 [pid 832] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 833] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 832] <... futex resumed>) = ? [pid 833] +++ killed by SIGBUS +++ [pid 832] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=832, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 41.383762][ T834] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-833: bg 0: block 234: padding at end of block bitmap is not set umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 838 ./strace-static-x86_64: Process 838 attached [pid 838] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 838] chdir("./92") = 0 [pid 838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 838] setpgid(0, 0) = 0 [pid 838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 838] write(3, "1000", 4) = 4 [pid 838] close(3) = 0 [pid 838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 838] write(1, "executing program\n", 18executing program ) = 18 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 838] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 839 attached => {parent_tid=[839]}, 88) = 839 [pid 839] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 839] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 839] <... futex resumed>) = 0 [pid 839] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 839] ioctl(3, VHOST_SET_OWNER [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... ioctl resumed>, 0) = 0 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 839] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 839] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 839] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 839] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 839] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 839] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 839] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 838] <... futex resumed>) = 1 [pid 839] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 839] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 838] <... futex resumed>) = 1 [pid 839] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 839] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 839] <... futex resumed>) = 0 [pid 839] memfd_create("syzkaller", 0) = 5 [pid 839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 839] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 839] munmap(0x7f694498e000, 138412032) = 0 [pid 839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 839] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 839] close(5) = 0 [pid 839] close(6) = 0 [pid 839] mkdir("./file0", 0777) = 0 [pid 839] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 839] chdir("./file0") = 0 [pid 839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 839] ioctl(6, LOOP_CLR_FD) = 0 [pid 839] close(6) = 0 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = 1 [pid 839] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = 1 [pid 839] write(6, "#! ./file1\n", 11) = 11 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = 1 [pid 839] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 839] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = 1 [pid 839] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 838] <... futex resumed>) = ? [pid 839] +++ killed by SIGBUS +++ [pid 838] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=838, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 41.522351][ T839] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.545193][ T839] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 844 ./strace-static-x86_64: Process 844 attached [pid 844] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 844] chdir("./93") = 0 [pid 844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 844] setpgid(0, 0) = 0 [pid 844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 844] write(3, "1000", 4) = 4 [pid 844] close(3) = 0 [pid 844] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 844] write(1, "executing program\n", 18) = 18 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 844] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[845]}, 88) = 845 [pid 844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 845 attached [pid 845] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 845] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] ioctl(3, VHOST_SET_OWNER [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] <... ioctl resumed>, 0) = 0 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 845] memfd_create("syzkaller", 0) = 5 [pid 845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 845] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 845] munmap(0x7f694498e000, 138412032) = 0 [pid 845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 845] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 845] close(5) = 0 [pid 845] close(6) = 0 [pid 845] mkdir("./file0", 0777) = 0 [pid 845] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 845] chdir("./file0") = 0 [pid 845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 845] ioctl(6, LOOP_CLR_FD) = 0 [pid 845] close(6) = 0 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 845] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] <... futex resumed>) = 0 [pid 845] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] <... futex resumed>) = 1 [pid 845] write(6, "#! ./file1\n", 11) = 11 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] <... futex resumed>) = 1 [pid 845] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 845] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 844] <... futex resumed>) = 0 [pid 844] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] <... futex resumed>) = 1 [pid 845] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 844] <... futex resumed>) = ? [pid 845] +++ killed by SIGBUS +++ [pid 844] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=844, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 41.722148][ T845] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.752888][ T845] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 850 ./strace-static-x86_64: Process 850 attached [pid 850] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 850] chdir("./94") = 0 [pid 850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 850] setpgid(0, 0) = 0 [pid 850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 850] write(3, "1000", 4) = 4 [pid 850] close(3) = 0 [pid 850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 850] write(1, "executing program\n", 18executing program ) = 18 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 850] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 850] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 850] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 850] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 850] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 851 attached => {parent_tid=[851]}, 88) = 851 [pid 851] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 851] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = 0 [pid 850] <... futex resumed>) = 1 [pid 851] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 851] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 851] <... futex resumed>) = 0 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 850] <... futex resumed>) = 0 [pid 851] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 851] ioctl(3, VHOST_SET_VRING_ADDR [pid 850] <... futex resumed>) = 0 [pid 851] <... ioctl resumed>, 0x200000000300) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] <... futex resumed>) = 0 [pid 851] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = 0 [pid 850] <... futex resumed>) = 1 [pid 851] ioctl(3, VHOST_SET_MEM_TABLE [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] <... ioctl resumed>, 0x200000003380) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 850] <... futex resumed>) = 0 [pid 851] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 851] eventfd2(118, EFD_SEMAPHORE [pid 850] <... futex resumed>) = 0 [pid 851] <... eventfd2 resumed>) = 4 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 850] <... futex resumed>) = 0 [pid 851] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 850] <... futex resumed>) = 0 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 850] <... futex resumed>) = 0 [pid 851] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 851] <... futex resumed>) = 0 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 850] <... futex resumed>) = 0 [pid 851] ioctl(3, VHOST_SET_VRING_KICK [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... ioctl resumed>, 0x200000000000) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 850] <... futex resumed>) = 0 [pid 851] <... futex resumed>) = 0 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 851] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 850] <... futex resumed>) = 0 [pid 851] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] <... ioctl resumed>, 0x200000000140) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 851] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] <... futex resumed>) = 0 [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 851] <... futex resumed>) = 0 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 851] memfd_create("syzkaller", 0) = 5 [pid 851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 851] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 851] munmap(0x7f694498e000, 138412032) = 0 [pid 851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 851] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 851] close(5) = 0 [pid 851] close(6) = 0 [pid 851] mkdir("./file0", 0777) = 0 [pid 851] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 851] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 851] chdir("./file0") = 0 [pid 851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 851] ioctl(6, LOOP_CLR_FD) = 0 [pid 851] close(6) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 850] <... futex resumed>) = 0 [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 850] <... futex resumed>) = 0 [pid 851] write(6, "#! ./file1\n", 11 [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... write resumed>) = 11 [pid 850] <... futex resumed>) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] <... futex resumed>) = 0 [pid 850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 851] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... mmap resumed>) = 0x200000000000 [pid 850] <... futex resumed>) = 0 [pid 851] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] <... futex resumed>) = 0 [pid 850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 850] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 850] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 850] <... futex resumed>) = ? [pid 851] +++ killed by SIGBUS +++ [pid 850] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=850, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 41.932264][ T851] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.962135][ T851] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 856 ./strace-static-x86_64: Process 856 attached [pid 856] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 856] chdir("./95") = 0 [pid 856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 856] setpgid(0, 0) = 0 [pid 856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 856] write(3, "1000", 4) = 4 [pid 856] close(3) = 0 [pid 856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 856] write(1, "executing program\n", 18executing program ) = 18 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 856] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 856] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 856] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 857 attached [pid 857] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 857] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 856] <... clone3 resumed> => {parent_tid=[857]}, 88) = 857 [pid 856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 857] <... futex resumed>) = 0 [pid 857] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 857] <... futex resumed>) = 0 [pid 857] ioctl(3, VHOST_SET_OWNER [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... ioctl resumed>, 0) = 0 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 857] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 857] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 857] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 857] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 857] memfd_create("syzkaller", 0) = 5 [pid 857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 857] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 857] munmap(0x7f694498e000, 138412032) = 0 [pid 857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 857] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 857] close(5) = 0 [pid 857] close(6) = 0 [pid 857] mkdir("./file0", 0777) = 0 [pid 857] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 857] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 857] chdir("./file0") = 0 [pid 857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 857] ioctl(6, LOOP_CLR_FD) = 0 [pid 857] close(6) = 0 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 856] <... futex resumed>) = 0 [pid 857] <... futex resumed>) = 1 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] write(6, "#! ./file1\n", 11) = 11 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 857] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... mmap resumed>) = 0x200000000000 [pid 857] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 856] <... futex resumed>) = ? [pid 857] +++ killed by SIGBUS +++ [pid 856] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=856, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 42.102198][ T857] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.133319][ T858] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-857: bg 0: block 234: padding at end of block bitmap is not set umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 862 ./strace-static-x86_64: Process 862 attached [pid 862] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 862] chdir("./96") = 0 [pid 862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 862] setpgid(0, 0) = 0 [pid 862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 862] write(3, "1000", 4) = 4 [pid 862] close(3) = 0 [pid 862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 862] write(1, "executing program\n", 18) = 18 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 862] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[863]}, 88) = 863 [pid 862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 863 attached [pid 863] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 863] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] memfd_create("syzkaller", 0) = 5 [pid 863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 863] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 863] munmap(0x7f694498e000, 138412032) = 0 [pid 863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 863] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 863] close(5) = 0 [pid 863] close(6) = 0 [pid 863] mkdir("./file0", 0777) = 0 [pid 863] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 863] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 863] chdir("./file0") = 0 [pid 863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 863] ioctl(6, LOOP_CLR_FD) = 0 [pid 863] close(6) = 0 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] write(6, "#! ./file1\n", 11) = 11 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 863] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 863] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 862] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 0 [pid 863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 862] <... futex resumed>) = ? [pid 863] +++ killed by SIGBUS +++ [pid 862] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=862, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 42.362152][ T863] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.395907][ T864] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-863: bg 0: block 234: padding at end of block bitmap is not set umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 868 ./strace-static-x86_64: Process 868 attached [pid 868] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 868] chdir("./97") = 0 [pid 868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 868] setpgid(0, 0) = 0 [pid 868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 868] write(3, "1000", 4) = 4 [pid 868] close(3) = 0 [pid 868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 868] write(1, "executing program\n", 18) = 18 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 868] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[869]}, 88) = 869 [pid 868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 869 attached [pid 869] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 869] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 869] <... futex resumed>) = 1 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 869] ioctl(3, VHOST_SET_VRING_ADDR [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... ioctl resumed>, 0x200000000240) = 0 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 868] <... futex resumed>) = 0 [pid 869] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 868] <... futex resumed>) = 0 [pid 869] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 869] <... futex resumed>) = 0 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 869] memfd_create("syzkaller", 0) = 5 [pid 869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 869] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 869] munmap(0x7f694498e000, 138412032) = 0 [pid 869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 869] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 869] close(5) = 0 [pid 869] close(6) = 0 [pid 869] mkdir("./file0", 0777) = 0 [pid 869] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 869] chdir("./file0") = 0 [pid 869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 869] ioctl(6, LOOP_CLR_FD) = 0 [pid 869] close(6) = 0 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] write(6, "#! ./file1\n", 11) = 11 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 869] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 868] <... futex resumed>) = ? [pid 869] +++ killed by SIGBUS +++ [pid 868] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=868, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 42.572191][ T869] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.597246][ T869] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 874 ./strace-static-x86_64: Process 874 attached [pid 874] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 874] chdir("./98") = 0 [pid 874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 874] setpgid(0, 0) = 0 [pid 874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 874] write(3, "1000", 4) = 4 [pid 874] close(3) = 0 [pid 874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 874] write(1, "executing program\n", 18executing program ) = 18 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 874] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 875 attached => {parent_tid=[875]}, 88) = 875 [pid 875] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 875] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 875] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 875] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 875] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 875] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 875] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 875] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 875] memfd_create("syzkaller", 0) = 5 [pid 875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 875] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 875] munmap(0x7f694498e000, 138412032) = 0 [pid 875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 875] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 875] close(5) = 0 [pid 875] close(6) = 0 [pid 875] mkdir("./file0", 0777) = 0 [pid 875] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 875] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 875] chdir("./file0") = 0 [pid 875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 875] ioctl(6, LOOP_CLR_FD) = 0 [pid 875] close(6) = 0 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] <... futex resumed>) = 1 [pid 875] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] <... futex resumed>) = 1 [pid 875] write(6, "#! ./file1\n", 11) = 11 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] <... futex resumed>) = 1 [pid 875] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 875] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 42.711210][ T875] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 874] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 875] <... futex resumed>) = 1 [pid 875] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 874] <... futex resumed>) = ? [pid 875] +++ killed by SIGBUS +++ [pid 874] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=874, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 42.754234][ T876] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-875: bg 0: block 234: padding at end of block bitmap is not set umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 880 ./strace-static-x86_64: Process 880 attached [pid 880] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 880] chdir("./99") = 0 [pid 880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 880] setpgid(0, 0) = 0 [pid 880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 880] write(3, "1000", 4) = 4 [pid 880] close(3) = 0 [pid 880] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 880] write(1, "executing program\n", 18) = 18 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 880] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 881 attached => {parent_tid=[881]}, 88) = 881 [pid 881] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 881] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 881] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 881] eventfd2(118, EFD_SEMAPHORE [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] <... eventfd2 resumed>) = 4 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 881] memfd_create("syzkaller", 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 881] <... memfd_create resumed>) = 5 [pid 881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 881] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 881] munmap(0x7f694498e000, 138412032) = 0 [pid 881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 881] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 881] close(5) = 0 [pid 881] close(6) = 0 [pid 881] mkdir("./file0", 0777) = 0 [pid 881] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 881] chdir("./file0") = 0 [pid 881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 881] ioctl(6, LOOP_CLR_FD) = 0 [pid 881] close(6) = 0 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] <... futex resumed>) = 1 [pid 881] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] <... futex resumed>) = 1 [pid 881] write(6, "#! ./file1\n", 11) = 11 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] <... futex resumed>) = 1 [pid 881] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 881] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] <... futex resumed>) = 1 [pid 881] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 880] <... futex resumed>) = ? [pid 881] +++ killed by SIGBUS +++ [pid 880] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=880, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 42.942262][ T881] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.967922][ T881] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor257: bg 0: block 234: padding at end of block bitmap is not set umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 886 ./strace-static-x86_64: Process 886 attached [pid 886] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 886] chdir("./100") = 0 [pid 886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 886] setpgid(0, 0) = 0 [pid 886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 886] write(3, "1000", 4) = 4 [pid 886] close(3) = 0 [pid 886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 886] write(1, "executing program\n", 18) = 18 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 886] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[887]}, 88) = 887 [pid 886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 887 attached [pid 887] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 887] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] memfd_create("syzkaller", 0) = 5 [pid 887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 887] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 887] munmap(0x7f694498e000, 138412032) = 0 [pid 887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 887] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 887] close(5) = 0 [pid 887] close(6) = 0 [pid 887] mkdir("./file0", 0777) = 0 [pid 887] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 887] chdir("./file0") = 0 [pid 887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 887] ioctl(6, LOOP_CLR_FD) = 0 [pid 887] close(6) = 0 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = 1 [pid 887] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] write(6, "#! ./file1\n", 11) = 11 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 887] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 43.172250][ T887] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 886] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 886] <... futex resumed>) = ? [pid 887] +++ killed by SIGBUS +++ [pid 886] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=886, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 43.214839][ T888] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-887: bg 0: block 234: padding at end of block bitmap is not set umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 892 ./strace-static-x86_64: Process 892 attached [pid 892] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 892] chdir("./101") = 0 [pid 892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 892] setpgid(0, 0) = 0 [pid 892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 892] write(3, "1000", 4) = 4 [pid 892] close(3) = 0 [pid 892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 892] write(1, "executing program\n", 18executing program ) = 18 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 892] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 892] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 893 attached [pid 893] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] <... clone3 resumed> => {parent_tid=[893]}, 88) = 893 [pid 892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 893] <... futex resumed>) = 0 [pid 893] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] <... openat resumed>) = 3 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 893] <... futex resumed>) = 0 [pid 893] ioctl(3, VHOST_SET_OWNER [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] <... ioctl resumed>, 0) = 0 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 893] <... futex resumed>) = 0 [pid 893] ioctl(3, VHOST_SET_VRING_ADDR [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] <... ioctl resumed>, 0x200000000300) = 0 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 893] <... futex resumed>) = 0 [pid 893] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 893] <... futex resumed>) = 0 [pid 893] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 893] <... futex resumed>) = 0 [pid 892] <... futex resumed>) = 1 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 892] <... futex resumed>) = 0 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 893] <... futex resumed>) = 0 [pid 892] <... futex resumed>) = 1 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 892] <... futex resumed>) = 0 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 892] <... futex resumed>) = 0 [pid 893] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 892] <... futex resumed>) = 0 [pid 893] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 893] <... ioctl resumed>, 0x200000000140) = 0 [pid 892] <... futex resumed>) = 0 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] <... futex resumed>) = 0 [pid 892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 893] memfd_create("syzkaller", 0 [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 893] <... memfd_create resumed>) = 5 [pid 893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 892] <... futex resumed>) = 0 [pid 893] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 893] <... write resumed>) = 1048576 [pid 893] munmap(0x7f694498e000, 138412032) = 0 [pid 893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 893] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 893] close(5) = 0 [pid 893] close(6) = 0 [pid 893] mkdir("./file0", 0777) = 0 [pid 893] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 893] chdir("./file0") = 0 [pid 893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 893] ioctl(6, LOOP_CLR_FD) = 0 [pid 893] close(6) = 0 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] <... futex resumed>) = 0 [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 893] <... futex resumed>) = 0 [pid 892] <... futex resumed>) = 1 [pid 893] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] <... openat resumed>) = 6 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... futex resumed>) = 0 [pid 893] <... futex resumed>) = 1 [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 893] write(6, "#! ./file1\n", 11 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] <... write resumed>) = 11 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... futex resumed>) = 0 [pid 893] <... futex resumed>) = 1 [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 893] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 892] <... futex resumed>) = 0 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] <... mmap resumed>) = 0x200000000000 [pid 893] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 893] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] <... futex resumed>) = 0 [pid 892] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 892] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 893] <... futex resumed>) = 0 [pid 893] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 892] <... futex resumed>) = ? [pid 893] +++ killed by SIGBUS +++ [pid 892] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=892, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 43.432165][ T893] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.461637][ T894] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-893: bg 0: block 234: padding at end of block bitmap is not set umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558a0de690) = 898 ./strace-static-x86_64: Process 898 attached [pid 898] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 898] chdir("./102") = 0 [pid 898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 898] setpgid(0, 0) = 0 [pid 898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 898] write(3, "1000", 4) = 4 [pid 898] close(3) = 0 [pid 898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 898] write(1, "executing program\n", 18) = 18 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 898] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[899]}, 88) = 899 [pid 898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 899 attached [pid 899] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 899] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] memfd_create("syzkaller", 0) = 5 [pid 899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 899] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 899] munmap(0x7f694498e000, 138412032) = 0 [pid 899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 899] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 899] close(5) = 0 [pid 899] close(6) = 0 [pid 899] mkdir("./file0", 0777) = 0 [pid 899] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 899] chdir("./file0") = 0 [pid 899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 899] ioctl(6, LOOP_CLR_FD) = 0 [pid 899] close(6) = 0 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] <... futex resumed>) = 1 [pid 899] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] write(6, "#! ./file1\n", 11) = 11 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 899] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 43.662153][ T899] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 898] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 899] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 898] <... futex resumed>) = ? [pid 899] +++ killed by SIGBUS +++ [pid 898] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=898, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 43.704711][ T900] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-899: bg 0: block 234: padding at end of block bitmap is not set umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 904 ./strace-static-x86_64: Process 904 attached [pid 904] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 904] chdir("./103") = 0 [pid 904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 904] setpgid(0, 0) = 0 [pid 904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 904] write(3, "1000", 4) = 4 [pid 904] close(3) = 0 [pid 904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 904] write(1, "executing program\n", 18) = 18 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 904] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[905]}, 88) = 905 [pid 904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 905 attached [pid 905] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 905] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] ioctl(3, VHOST_SET_VRING_ADDRexecuting program , 0x200000000300) = 0 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] memfd_create("syzkaller", 0) = 5 [pid 905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 905] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 905] munmap(0x7f694498e000, 138412032) = 0 [pid 905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 905] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 905] close(5) = 0 [pid 905] close(6) = 0 [pid 905] mkdir("./file0", 0777) = 0 [pid 905] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 905] chdir("./file0") = 0 [pid 905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 905] ioctl(6, LOOP_CLR_FD) = 0 [pid 905] close(6) = 0 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] write(6, "#! ./file1\n", 11) = 11 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 905] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 905] <... futex resumed>) = 1 [pid 905] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 904] <... futex resumed>) = ? [pid 905] +++ killed by SIGBUS +++ [pid 904] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=904, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 43.932142][ T905] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.963066][ T906] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-905: bg 0: block 234: padding at end of block bitmap is not set umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 910 ./strace-static-x86_64: Process 910 attached [pid 910] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 910] chdir("./104") = 0 [pid 910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 910] setpgid(0, 0) = 0 [pid 910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 910] write(3, "1000", 4) = 4 [pid 910] close(3) = 0 [pid 910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 910] write(1, "executing program\n", 18executing program ) = 18 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 910] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0}./strace-static-x86_64: Process 911 attached => {parent_tid=[911]}, 88) = 911 [pid 911] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 911] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 911] <... futex resumed>) = 0 [pid 911] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] <... openat resumed>) = 3 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 911] futex(0x7f694ce7a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... futex resumed>) = 0 [pid 910] <... futex resumed>) = 1 [pid 911] ioctl(3, VHOST_SET_OWNER [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] <... ioctl resumed>, 0) = 0 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] memfd_create("syzkaller", 0 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 911] <... memfd_create resumed>) = 5 [pid 911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 911] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 911] munmap(0x7f694498e000, 138412032) = 0 [pid 911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 911] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 911] close(5) = 0 [pid 911] close(6) = 0 [pid 911] mkdir("./file0", 0777) = 0 [pid 911] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 911] chdir("./file0") = 0 [pid 911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 911] ioctl(6, LOOP_CLR_FD) = 0 [pid 911] close(6) = 0 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] <... futex resumed>) = 1 [pid 911] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] <... futex resumed>) = 1 [pid 911] write(6, "#! ./file1\n", 11) = 11 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] <... futex resumed>) = 1 [pid 911] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 911] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 910] <... futex resumed>) = 0 [pid 910] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 910] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] <... futex resumed>) = 1 [pid 911] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000480} --- [pid 910] <... futex resumed>) = ? [pid 911] +++ killed by SIGBUS +++ [pid 910] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=910, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 44.092073][ T911] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.118354][ T912] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-911: bg 0: block 234: padding at end of block bitmap is not set umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558a0e7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558a0e7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 getdents64(3, 0x55558a0df730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a0de690) = 916 ./strace-static-x86_64: Process 916 attached [pid 916] set_robust_list(0x55558a0de6a0, 24) = 0 [pid 916] chdir("./105") = 0 [pid 916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 916] setpgid(0, 0) = 0 [pid 916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 916] write(3, "1000", 4) = 4 [pid 916] close(3) = 0 [pid 916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 916] write(1, "executing program\n", 18executing program ) = 18 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] rt_sigaction(SIGRT_1, {sa_handler=0x7f694ce18370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f694ce09520}, NULL, 8) = 0 [pid 916] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f694cd8e000 [pid 916] mprotect(0x7f694cd8f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f694cdae990, parent_tid=0x7f694cdae990, exit_signal=0, stack=0x7f694cd8e000, stack_size=0x20300, tls=0x7f694cdae6c0} => {parent_tid=[917]}, 88) = 917 [pid 916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 917 attached [pid 917] set_robust_list(0x7f694cdae9a0, 24) = 0 [pid 917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 917] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] memfd_create("syzkaller", 0) = 5 [pid 917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f694498e000 [pid 917] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 917] munmap(0x7f694498e000, 138412032) = 0 [pid 917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 917] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 917] close(5) = 0 [pid 917] close(6) = 0 [pid 917] mkdir("./file0", 0777) = 0 [pid 917] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 917] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 917] chdir("./file0") = 0 [pid 917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 917] ioctl(6, LOOP_CLR_FD) = 0 [pid 917] close(6) = 0 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 917] <... futex resumed>) = 1 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 917] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... openat resumed>) = 6 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 917] write(6, "#! ./file1\n", 11 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... write resumed>) = 11 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 917] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... mmap resumed>) = 0x200000000000 [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7f694ce7a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] futex(0x7f694ce7a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 917] <... futex resumed>) = 1 [pid 917] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=MSG_PROBE|MSG_CONFIRM|MSG_NOSIGNAL|MSG_MORE|MSG_BATCH|MSG_ZEROCOPY}, 0) = -1 EBADF (Bad file descriptor) [pid 917] futex(0x7f694ce7a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] exit_group(0) = ? [pid 917] <... futex resumed>) = ? [pid 917] +++ exited with 0 +++ [pid 916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=916, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558a0df730 /* 4 entries */, 32768) = 112 [ 44.332287][ T917] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.364188][ T918] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-917: bg 0: block 234: padding at end of block bitmap is not set [ 44.390483][ T112] ------------[ cut here ]------------ [ 44.396006][ T112] kernel BUG at fs/ext4/inode.c:2778! [ 44.401556][ T112] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 44.407627][ T112] CPU: 1 PID: 112 Comm: kworker/u4:2 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 44.417582][ T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.427645][ T112] Workqueue: writeback wb_workfn (flush-7:0) [ 44.433610][ T112] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 44.439306][ T112] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 44.458894][ T112] RSP: 0018:ffffc90000c07180 EFLAGS: 00010293 [ 44.464939][ T112] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810fb5e2c0 [ 44.472881][ T112] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 44.480821][ T112] RBP: ffffc90000c074f0 R08: dffffc0000000000 R09: ffffed10241a69a4 [ 44.488772][ T112] R10: ffffed10241a69a4 R11: 1ffff110241a69a3 R12: dffffc0000000000 [ 44.496722][ T112] R13: ffff88810619c000 R14: 0000008000000000 R15: ffff888120d34d18 [ 44.504671][ T112] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 44.513657][ T112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.520209][ T112] CR2: 0000000000000002 CR3: 000000011d270000 CR4: 00000000003506a0 [ 44.528152][ T112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.536092][ T112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.544030][ T112] Call Trace: [ 44.547300][ T112] ? __kasan_check_write+0x14/0x20 [ 44.552379][ T112] ? _raw_spin_lock+0x8e/0xe0 [ 44.557024][ T112] ? write_boundary_block+0x140/0x140 [ 44.562712][ T112] ? ext4_readpage+0x220/0x220 [ 44.567444][ T112] ? enqueue_task_fair+0xac3/0x2250 [ 44.572606][ T112] ? memset+0x35/0x40 [ 44.576552][ T112] ? ___update_load_sum+0x48e/0x7e0 [ 44.581722][ T112] ? update_load_avg+0x4dc/0x14f0 [ 44.586714][ T112] ? ext4_readpage+0x220/0x220 [ 44.591442][ T112] do_writepages+0x12a/0x270 [ 44.595997][ T112] ? __writepage+0x130/0x130 [ 44.600555][ T112] ? __kasan_check_write+0x14/0x20 [ 44.605660][ T112] ? _raw_spin_lock+0x8e/0xe0 [ 44.610305][ T112] ? __kasan_check_write+0x14/0x20 [ 44.615379][ T112] __writeback_single_inode+0xd5/0xa20 [ 44.620803][ T112] ? wbc_attach_and_unlock_inode+0x385/0x590 [ 44.626752][ T112] writeback_sb_inodes+0x860/0x1400 [ 44.631921][ T112] ? queue_io+0x4c0/0x4c0 [ 44.636219][ T112] ? __kasan_check_read+0x11/0x20 [ 44.641210][ T112] ? queue_io+0x385/0x4c0 [ 44.645514][ T112] wb_writeback+0x3e3/0xb90 [ 44.649985][ T112] ? wb_io_lists_depopulated+0x180/0x180 [ 44.655581][ T112] ? set_worker_desc+0x155/0x1c0 [ 44.660482][ T112] ? update_load_avg+0x4dc/0x14f0 [ 44.665473][ T112] ? __kasan_check_write+0x14/0x20 [ 44.670547][ T112] wb_workfn+0x38f/0xe20 [ 44.674757][ T112] ? inode_wait_for_writeback+0x200/0x200 [ 44.680444][ T112] ? _raw_spin_unlock_irq+0x4e/0x70 [ 44.685610][ T112] ? finish_task_switch+0x12e/0x5a0 [ 44.690773][ T112] ? switch_mm_irqs_off+0x763/0x9a0 [ 44.695938][ T112] ? __switch_to_asm+0x34/0x60 [ 44.700666][ T112] ? __schedule+0xb4f/0x1310 [ 44.705226][ T112] ? __kasan_check_read+0x11/0x20 [ 44.710213][ T112] ? read_word_at_a_time+0x12/0x20 [ 44.715289][ T112] ? strscpy+0x9b/0x290 [ 44.719408][ T112] process_one_work+0x6e1/0xba0 [ 44.724228][ T112] worker_thread+0xa6a/0x13b0 [ 44.728870][ T112] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 44.734294][ T112] ? __kasan_check_read+0x11/0x20 [ 44.739283][ T112] kthread+0x346/0x3d0 [ 44.743326][ T112] ? worker_clr_flags+0x190/0x190 [ 44.748352][ T112] ? kthread_blkcg+0xd0/0xd0 [ 44.752930][ T112] ret_from_fork+0x1f/0x30 [ 44.757320][ T112] Modules linked in: [ 44.761359][ T112] ---[ end trace 0a6936c1756e924c ]--- [ 44.766813][ T112] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 44.772858][ T112] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 44.792573][ T112] RSP: 0018:ffffc90000c07180 EFLAGS: 00010293 [ 44.798620][ T112] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810fb5e2c0 [ 44.806598][ T112] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 44.814564][ T112] RBP: ffffc90000c074f0 R08: dffffc0000000000 R09: ffffed10241a69a4 [ 44.822537][ T112] R10: ffffed10241a69a4 R11: 1ffff110241a69a3 R12: dffffc0000000000 [ 44.830490][ T112] R13: ffff88810619c000 R14: 0000008000000000 R15: ffff888120d34d18 [ 44.838475][ T112] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 44.847417][ T112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.854046][ T112] CR2: 0000000000000002 CR3: 000000011d270000 CR4: 00000000003506a0 [ 44.862135][ T112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.870179][ T112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.878221][ T112] Kernel panic - not syncing: Fatal exception [ 44.879111][ T24] kauditd_printk_skb: 6 callbacks suppressed [ 44.879120][ T24] audit: type=1400 audit(1750581521.879:80): avc: denied { read } for pid=76 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 44.884554][ T112] Kernel Offset: disabled [ 44.916378][ T112] Rebooting in 86400 seconds..