./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2515637005 <...> Warning: Permanently added '10.128.0.79' (ED25519) to the list of known hosts. execve("./syz-executor2515637005", ["./syz-executor2515637005"], 0x7ffee3d0f470 /* 10 vars */) = 0 brk(NULL) = 0x555566680000 brk(0x555566680d00) = 0x555566680d00 arch_prctl(ARCH_SET_FS, 0x555566680380) = 0 set_tid_address(0x555566680650) = 282 set_robust_list(0x555566680660, 24) = 0 rseq(0x555566680ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2515637005", 4096) = 28 getrandom("\xcb\x53\xad\xc2\x29\x78\xbf\x95", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555566680d00 brk(0x5555666a1d00) = 0x5555666a1d00 brk(0x5555666a2000) = 0x5555666a2000 mprotect(0x7f743df4a000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.r1VvyW", 0700) = 0 chmod("./syzkaller.r1VvyW", 0777) = 0 chdir("./syzkaller.r1VvyW") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 283 ./strace-static-x86_64: Process 283 attached [pid 283] set_robust_list(0x555566680660, 24) = 0 [pid 283] chdir("./0") = 0 [pid 283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 283] setpgid(0, 0) = 0 [pid 283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 283] write(3, "1000", 4) = 4 [pid 283] close(3) = 0 [pid 283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 283] write(1, "executing program\n", 18executing program ) = 18 [pid 283] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 283] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 283] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 283] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 283] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 283] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 283] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 283] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 283] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 283] memfd_create("syzkaller", 0) = 5 [pid 283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 283] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 283] munmap(0x7f7435a97000, 138412032) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 283] ioctl(6, LOOP_SET_FD, 5) = 0 [ 21.521902][ T24] audit: type=1400 audit(1750217697.210:64): avc: denied { execmem } for pid=282 comm="syz-executor251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.527627][ T24] audit: type=1400 audit(1750217697.220:65): avc: denied { read write } for pid=282 comm="syz-executor251" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.531583][ T24] audit: type=1400 audit(1750217697.220:66): avc: denied { open } for pid=282 comm="syz-executor251" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.535520][ T24] audit: type=1400 audit(1750217697.220:67): avc: denied { ioctl } for pid=282 comm="syz-executor251" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.546321][ T24] audit: type=1400 audit(1750217697.230:68): avc: denied { read write } for pid=283 comm="syz-executor251" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [pid 283] close(5) = 0 [pid 283] close(6) = 0 [pid 283] mkdir("./file0", 0777) = 0 [ 21.570850][ T24] audit: type=1400 audit(1750217697.230:69): avc: denied { open } for pid=283 comm="syz-executor251" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 21.595588][ T24] audit: type=1400 audit(1750217697.230:70): avc: denied { ioctl } for pid=283 comm="syz-executor251" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 21.621406][ T24] audit: type=1400 audit(1750217697.260:71): avc: denied { mounton } for pid=283 comm="syz-executor251" path="/root/syzkaller.r1VvyW/0/file0" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 283] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 283] chdir("./file0") = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 283] ioctl(6, LOOP_CLR_FD) = 0 [pid 283] close(6) = 0 [ 21.658491][ T283] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 21.678424][ T24] audit: type=1400 audit(1750217697.370:72): avc: denied { mount } for pid=283 comm="syz-executor251" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 283] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 283] write(6, "#! ./file1\n", 11) = 11 [pid 283] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 283] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=283, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 21.707565][ T24] audit: type=1400 audit(1750217697.400:73): avc: denied { write } for pid=283 comm="syz-executor251" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.731040][ T285] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-283: bg 0: block 234: padding at end of block bitmap is not set umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 289 ./strace-static-x86_64: Process 289 attached [pid 289] set_robust_list(0x555566680660, 24) = 0 [pid 289] chdir("./1") = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] setpgid(0, 0) = 0 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "1000", 4) = 4 [pid 289] close(3) = 0 [pid 289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 289] write(1, "executing program\n", 18executing program ) = 18 [pid 289] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 289] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 289] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 289] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 289] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 289] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 289] memfd_create("syzkaller", 0) = 5 [pid 289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 289] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 289] munmap(0x7f7435a97000, 138412032) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 289] close(5) = 0 [pid 289] close(6) = 0 [pid 289] mkdir("./file0", 0777) = 0 [pid 289] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 289] chdir("./file0") = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_CLR_FD) = 0 [pid 289] close(6) = 0 [pid 289] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 289] write(6, "#! ./file1\n", 11) = 11 [pid 289] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 289] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=289, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 21.848085][ T289] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 21.876887][ T290] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-289: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 294 attached , child_tidptr=0x555566680650) = 294 [pid 294] set_robust_list(0x555566680660, 24) = 0 [pid 294] chdir("./2") = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setpgid(0, 0) = 0 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "1000", 4) = 4 [pid 294] close(3) = 0 [pid 294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 294] write(1, "executing program\n", 18executing program ) = 18 [pid 294] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 294] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 294] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 294] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 294] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 294] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 294] memfd_create("syzkaller", 0) = 5 [pid 294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 294] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 294] munmap(0x7f7435a97000, 138412032) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 294] close(5) = 0 [pid 294] close(6) = 0 [pid 294] mkdir("./file0", 0777) = 0 [pid 294] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 294] chdir("./file0") = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_CLR_FD) = 0 [pid 294] close(6) = 0 [pid 294] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 294] write(6, "#! ./file1\n", 11) = 11 [pid 294] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 294] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=294, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 21.978239][ T294] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.007562][ T295] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-294: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555566680660, 24) = 0 [pid 299] chdir("./3" [pid 282] <... clone resumed>, child_tidptr=0x555566680650) = 299 [pid 299] <... chdir resumed>) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 299] write(1, "executing program\n", 18) = 18 [pid 299] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 299] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 299] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 299] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 299] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 299] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 299] memfd_create("syzkaller", 0) = 5 [pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 299] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 299] munmap(0x7f7435a97000, 138412032) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 299] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 299] close(5) = 0 [pid 299] close(6) = 0 [pid 299] mkdir("./file0", 0777) = 0 [pid 299] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 299] chdir("./file0") = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 299] ioctl(6, LOOP_CLR_FD) = 0 [pid 299] close(6) = 0 [pid 299] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 299] write(6, "#! ./file1\n", 11) = 11 [pid 299] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 299] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=299, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 22.118026][ T299] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.147145][ T300] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-299: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555566680660, 24) = 0 [pid 304] chdir("./4") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] write(1, "executing program\n", 18executing program ) = 18 [pid 304] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 304] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 304] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 304] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 304] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 304] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 304] memfd_create("syzkaller", 0) = 5 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 304] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 304] munmap(0x7f7435a97000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 304] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 304] close(5) = 0 [pid 304] close(6) = 0 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 304] chdir("./file0") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 304] ioctl(6, LOOP_CLR_FD) = 0 [pid 304] close(6) = 0 [pid 304] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 304] write(6, "#! ./file1\n", 11) = 11 [pid 304] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 304] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 22.268076][ T304] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.295558][ T305] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-304: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555566680660, 24) = 0 [pid 309] chdir("./5") = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 [pid 309] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 309] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 309] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 309] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 309] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 309] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 309] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 309] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 309] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 309] memfd_create("syzkaller", 0) = 5 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 309] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 309] munmap(0x7f7435a97000, 138412032) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 309] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 309] close(5) = 0 [pid 309] close(6) = 0 [pid 309] mkdir("./file0", 0777) = 0 [pid 309] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 309] chdir("./file0") = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 309] ioctl(6, LOOP_CLR_FD) = 0 [pid 309] close(6) = 0 [pid 309] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 309] write(6, "#! ./file1\n", 11) = 11 [pid 309] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 309] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 309] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=309, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 22.438131][ T309] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.466364][ T310] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-309: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 314 ./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x555566680660, 24) = 0 [pid 314] chdir("./6") = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 314] write(1, "executing program\n", 18executing program ) = 18 [pid 314] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 314] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 314] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 314] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 314] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 314] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 314] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 314] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 314] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 314] memfd_create("syzkaller", 0) = 5 [pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 314] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 314] munmap(0x7f7435a97000, 138412032) = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 314] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 314] close(5) = 0 [pid 314] close(6) = 0 [pid 314] mkdir("./file0", 0777) = 0 [pid 314] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 314] chdir("./file0") = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 314] ioctl(6, LOOP_CLR_FD) = 0 [pid 314] close(6) = 0 [pid 314] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 314] write(6, "#! ./file1\n", 11) = 11 [pid 314] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 314] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 314] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=314, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 22.639756][ T314] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.662077][ T314] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555566680660, 24) = 0 [pid 319] chdir("./7") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] write(1, "executing program\n", 18executing program ) = 18 [pid 319] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 319] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 319] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 319] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 319] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 319] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 319] memfd_create("syzkaller", 0) = 5 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 319] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 319] munmap(0x7f7435a97000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 319] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 319] close(5) = 0 [pid 319] close(6) = 0 [pid 319] mkdir("./file0", 0777) = 0 [pid 319] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 319] chdir("./file0") = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 319] ioctl(6, LOOP_CLR_FD) = 0 [pid 319] close(6) = 0 [pid 319] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 319] write(6, "#! ./file1\n", 11) = 11 [pid 319] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 319] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 319] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=319, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 22.798025][ T319] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.827281][ T320] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-319: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555566680660, 24) = 0 [pid 324] chdir("./8") = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 324] write(1, "executing program\n", 18) = 18 executing program [pid 324] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 324] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 324] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 324] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 324] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 324] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 324] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 324] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 324] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 324] memfd_create("syzkaller", 0) = 5 [pid 324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 324] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 324] munmap(0x7f7435a97000, 138412032) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 324] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 324] close(5) = 0 [pid 324] close(6) = 0 [pid 324] mkdir("./file0", 0777) = 0 [pid 324] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 324] chdir("./file0") = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 324] ioctl(6, LOOP_CLR_FD) = 0 [pid 324] close(6) = 0 [pid 324] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 324] write(6, "#! ./file1\n", 11) = 11 [pid 324] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 324] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 324] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=324, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 22.998024][ T324] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.027584][ T325] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-324: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555566680650) = 329 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x555566680660, 24) = 0 [pid 329] chdir("./9") = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 329] write(1, "executing program\n", 18) = 18 [pid 329] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 329] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 329] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 329] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 329] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 329] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 329] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 329] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 329] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 329] memfd_create("syzkaller", 0) = 5 [pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 329] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 329] munmap(0x7f7435a97000, 138412032) = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 329] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 329] close(5) = 0 [pid 329] close(6) = 0 [pid 329] mkdir("./file0", 0777) = 0 [pid 329] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 329] chdir("./file0") = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 329] ioctl(6, LOOP_CLR_FD) = 0 [pid 329] close(6) = 0 [pid 329] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 329] write(6, "#! ./file1\n", 11) = 11 [pid 329] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 329] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 329] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=329, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 23.288169][ T329] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.314948][ T329] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555566680660, 24) = 0 [pid 334] chdir("./10") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 334] write(1, "executing program\n", 18executing program ) = 18 [pid 334] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 334] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 334] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 334] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 334] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 334] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 334] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 334] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 334] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 334] memfd_create("syzkaller", 0) = 5 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 334] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 334] munmap(0x7f7435a97000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 334] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 334] close(5) = 0 [pid 334] close(6) = 0 [pid 334] mkdir("./file0", 0777) = 0 [pid 334] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 334] chdir("./file0") = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 334] ioctl(6, LOOP_CLR_FD) = 0 [pid 334] close(6) = 0 [pid 334] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 334] write(6, "#! ./file1\n", 11) = 11 [pid 334] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 334] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 334] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=334, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 23.527898][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.552199][ T334] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555566680660, 24) = 0 [pid 339] chdir("./11") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18executing program ) = 18 [pid 339] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 339] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 339] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 339] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 339] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 339] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 339] memfd_create("syzkaller", 0) = 5 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 339] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 339] munmap(0x7f7435a97000, 138412032) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 339] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 339] close(5) = 0 [pid 339] close(6) = 0 [pid 339] mkdir("./file0", 0777) = 0 [pid 339] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 339] chdir("./file0") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 339] ioctl(6, LOOP_CLR_FD) = 0 [pid 339] close(6) = 0 [pid 339] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 339] write(6, "#! ./file1\n", 11) = 11 [pid 339] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 339] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 339] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=339, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 23.647967][ T339] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.670822][ T339] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555566680650) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x555566680660, 24) = 0 [pid 344] chdir("./12") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] write(1, "executing program\n", 18) = 18 [pid 344] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 344] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 344] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 344] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 344] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 344] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 344] memfd_create("syzkaller", 0) = 5 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 344] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 344] munmap(0x7f7435a97000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 344] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 344] close(5) = 0 [pid 344] close(6) = 0 [pid 344] mkdir("./file0", 0777) = 0 [pid 344] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 344] chdir("./file0") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 344] ioctl(6, LOOP_CLR_FD) = 0 [pid 344] close(6) = 0 [pid 344] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 344] write(6, "#! ./file1\n", 11) = 11 [pid 344] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 344] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=344, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 23.887908][ T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.918726][ T344] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x555566680660, 24) = 0 [pid 349] chdir("./13") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(1, "executing program\n", 18executing program ) = 18 [pid 349] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 349] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 349] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 349] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 349] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 349] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 349] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 349] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 349] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 349] memfd_create("syzkaller", 0) = 5 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 349] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 349] munmap(0x7f7435a97000, 138412032) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 349] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 349] close(5) = 0 [pid 349] close(6) = 0 [pid 349] mkdir("./file0", 0777) = 0 [pid 349] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 349] chdir("./file0") = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 349] ioctl(6, LOOP_CLR_FD) = 0 [pid 349] close(6) = 0 [pid 349] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 349] write(6, "#! ./file1\n", 11) = 11 [pid 349] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 349] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=349, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 24.048093][ T349] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.076135][ T350] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-349: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 354 ./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x555566680660, 24) = 0 executing program [pid 354] chdir("./14") = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] write(1, "executing program\n", 18) = 18 [pid 354] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 354] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 354] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 354] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 354] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 354] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 354] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 354] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 354] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 354] memfd_create("syzkaller", 0) = 5 [pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 354] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 354] munmap(0x7f7435a97000, 138412032) = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 354] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 354] close(5) = 0 [pid 354] close(6) = 0 [pid 354] mkdir("./file0", 0777) = 0 [pid 354] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 354] chdir("./file0") = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 354] ioctl(6, LOOP_CLR_FD) = 0 [pid 354] close(6) = 0 [pid 354] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 354] write(6, "#! ./file1\n", 11) = 11 [pid 354] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 354] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=354, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 24.269967][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.298847][ T354] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 359 attached , child_tidptr=0x555566680650) = 359 [pid 359] set_robust_list(0x555566680660, 24) = 0 [pid 359] chdir("./15") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] write(1, "executing program\n", 18executing program ) = 18 [pid 359] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 359] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 359] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 359] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 359] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 359] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 359] memfd_create("syzkaller", 0) = 5 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 359] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 359] munmap(0x7f7435a97000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 359] close(5) = 0 [pid 359] close(6) = 0 [pid 359] mkdir("./file0", 0777) = 0 [pid 359] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 359] chdir("./file0") = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_CLR_FD) = 0 [pid 359] close(6) = 0 [pid 359] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 359] write(6, "#! ./file1\n", 11) = 11 [ 24.407706][ T359] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 359] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 359] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=359, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 24.448360][ T360] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-359: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 364 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x555566680660, 24) = 0 [pid 364] chdir("./16") = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 364] write(1, "executing program\n", 18executing program ) = 18 [pid 364] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 364] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 364] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 364] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 364] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 364] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 364] memfd_create("syzkaller", 0) = 5 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 364] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 364] munmap(0x7f7435a97000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 364] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 364] close(5) = 0 [pid 364] close(6) = 0 [pid 364] mkdir("./file0", 0777) = 0 [pid 364] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 364] chdir("./file0") = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 364] ioctl(6, LOOP_CLR_FD) = 0 [pid 364] close(6) = 0 [pid 364] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 364] write(6, "#! ./file1\n", 11) = 11 [pid 364] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 364] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 364] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=364, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 24.567638][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.595827][ T365] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-364: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555566680650) = 369 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555566680660, 24) = 0 [pid 369] chdir("./17") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 369] write(1, "executing program\n", 18) = 18 [pid 369] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 369] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 369] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 369] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 369] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 369] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 369] memfd_create("syzkaller", 0) = 5 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 369] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 369] munmap(0x7f7435a97000, 138412032) = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 369] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 369] close(5) = 0 [pid 369] close(6) = 0 [pid 369] mkdir("./file0", 0777) = 0 [pid 369] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 369] chdir("./file0") = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 369] ioctl(6, LOOP_CLR_FD) = 0 [pid 369] close(6) = 0 [pid 369] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 369] write(6, "#! ./file1\n", 11) = 11 [pid 369] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 369] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 369] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=369, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 24.867873][ T369] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.898417][ T370] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-369: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x555566680660, 24) = 0 [pid 375] chdir("./18") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 375] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 375] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 375] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 375] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 375] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 375] memfd_create("syzkaller", 0) = 5 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 375] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 375] munmap(0x7f7435a97000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 375] close(5) = 0 [pid 375] close(6) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_CLR_FD) = 0 [pid 375] close(6) = 0 [pid 375] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 375] write(6, "#! ./file1\n", 11) = 11 [pid 375] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 375] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=375, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 25.178184][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.209150][ T376] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-375: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 380 attached , child_tidptr=0x555566680650) = 380 [pid 380] set_robust_list(0x555566680660, 24) = 0 [pid 380] chdir("./19") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 380] write(1, "executing program\n", 18) = 18 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] memfd_create("syzkaller", 0) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7f7435a97000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] write(6, "#! ./file1\n", 11) = 11 [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 25.377679][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.401038][ T380] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x555566680660, 24) = 0 [pid 385] chdir("./20") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18executing program ) = 18 [pid 385] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 385] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 385] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 385] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 385] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 385] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 385] memfd_create("syzkaller", 0) = 5 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 385] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 385] munmap(0x7f7435a97000, 138412032) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 385] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 385] close(5) = 0 [pid 385] close(6) = 0 [pid 385] mkdir("./file0", 0777) = 0 [pid 385] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 385] chdir("./file0") = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 385] ioctl(6, LOOP_CLR_FD) = 0 [pid 385] close(6) = 0 [pid 385] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 385] write(6, "#! ./file1\n", 11) = 11 [pid 385] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 385] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=385, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 25.498182][ T385] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.522469][ T385] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 390 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x555566680660, 24) = 0 [pid 390] chdir("./21") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 390] write(1, "executing program\n", 18executing program ) = 18 [pid 390] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 390] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 390] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 390] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 390] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 390] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 390] memfd_create("syzkaller", 0) = 5 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 390] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 390] munmap(0x7f7435a97000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 390] close(5) = 0 [pid 390] close(6) = 0 [pid 390] mkdir("./file0", 0777) = 0 [pid 390] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 390] chdir("./file0") = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_CLR_FD) = 0 [pid 390] close(6) = 0 [pid 390] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 390] write(6, "#! ./file1\n", 11) = 11 [pid 390] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 390] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=390, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 25.638066][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.672033][ T391] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-390: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x555566680660, 24) = 0 [pid 395] chdir("./22") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] write(1, "executing program\n", 18executing program ) = 18 [pid 395] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 395] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 395] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 395] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 395] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 395] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 395] memfd_create("syzkaller", 0) = 5 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 395] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 395] munmap(0x7f7435a97000, 138412032) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 395] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 395] close(5) = 0 [pid 395] close(6) = 0 [pid 395] mkdir("./file0", 0777) = 0 [pid 395] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 395] chdir("./file0") = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 395] ioctl(6, LOOP_CLR_FD) = 0 [pid 395] close(6) = 0 [pid 395] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 395] write(6, "#! ./file1\n", 11) = 11 [pid 395] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 395] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 25.797738][ T395] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.826604][ T396] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-395: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 400 attached , child_tidptr=0x555566680650) = 400 [pid 400] set_robust_list(0x555566680660, 24) = 0 [pid 400] chdir("./23") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 400] write(1, "executing program\n", 18executing program ) = 18 [pid 400] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 400] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 400] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 400] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 400] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 400] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 400] memfd_create("syzkaller", 0) = 5 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 400] munmap(0x7f7435a97000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 400] close(5) = 0 [pid 400] close(6) = 0 [pid 400] mkdir("./file0", 0777) = 0 [pid 400] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_CLR_FD) = 0 [pid 400] close(6) = 0 [pid 400] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 400] write(6, "#! ./file1\n", 11) = 11 [pid 400] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 400] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=400, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 25.928475][ T400] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.953015][ T400] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x555566680660, 24) = 0 [pid 405] chdir("./24") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 405] write(1, "executing program\n", 18executing program ) = 18 [pid 405] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 405] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 405] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 405] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 405] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 405] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 405] memfd_create("syzkaller", 0) = 5 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 405] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 405] munmap(0x7f7435a97000, 138412032) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 405] close(5) = 0 [pid 405] close(6) = 0 [pid 405] mkdir("./file0", 0777) = 0 [pid 405] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 405] chdir("./file0") = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_CLR_FD) = 0 [pid 405] close(6) = 0 [pid 405] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 405] write(6, "#! ./file1\n", 11) = 11 [pid 405] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 405] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=405, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 26.257904][ T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.289020][ T406] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-405: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 410 ./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x555566680660, 24) = 0 [pid 410] chdir("./25") = 0 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] setpgid(0, 0) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3) = 0 [pid 410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 410] write(1, "executing program\n", 18executing program ) = 18 [pid 410] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 410] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 410] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 410] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 410] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 410] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 410] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 410] memfd_create("syzkaller", 0) = 5 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 410] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 410] munmap(0x7f7435a97000, 138412032) = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 410] close(5) = 0 [pid 410] close(6) = 0 [pid 410] mkdir("./file0", 0777) = 0 [pid 410] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 410] chdir("./file0") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_CLR_FD) = 0 [pid 410] close(6) = 0 [pid 410] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 410] write(6, "#! ./file1\n", 11) = 11 [pid 410] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 410] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=410, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 26.478132][ T410] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.506246][ T411] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-410: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x555566680660, 24) = 0 [pid 415] chdir("./26") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 415] write(1, "executing program\n", 18executing program ) = 18 [pid 415] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 415] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 415] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 415] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 415] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 415] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 415] memfd_create("syzkaller", 0) = 5 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 415] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 415] munmap(0x7f7435a97000, 138412032) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 415] close(5) = 0 [pid 415] close(6) = 0 [pid 415] mkdir("./file0", 0777) = 0 [pid 415] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 415] chdir("./file0") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_CLR_FD) = 0 [pid 415] close(6) = 0 [pid 415] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 415] write(6, "#! ./file1\n", 11) = 11 [pid 415] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 415] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=415, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 26.648376][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.676709][ T416] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-415: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x555566680660, 24) = 0 [pid 420] chdir("./27") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] write(1, "executing program\n", 18executing program ) = 18 [pid 420] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 420] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 420] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 420] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 420] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 420] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 420] memfd_create("syzkaller", 0) = 5 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 420] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 420] munmap(0x7f7435a97000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 420] close(5) = 0 [pid 420] close(6) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 420] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 420] chdir("./file0") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_CLR_FD) = 0 [pid 420] close(6) = 0 [pid 420] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 420] write(6, "#! ./file1\n", 11) = 11 [pid 420] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 420] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=420, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 26.807761][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.836417][ T421] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-420: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 425 ./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x555566680660, 24) = 0 [pid 425] chdir("./28") = 0 [pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 425] setpgid(0, 0) = 0 [pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 425] write(3, "1000", 4) = 4 [pid 425] close(3) = 0 [pid 425] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 425] write(1, "executing program\n", 18) = 18 [pid 425] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 425] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 425] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 425] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 425] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 425] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 425] memfd_create("syzkaller", 0) = 5 [pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 425] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 425] munmap(0x7f7435a97000, 138412032) = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 425] close(5) = 0 [pid 425] close(6) = 0 [pid 425] mkdir("./file0", 0777) = 0 [pid 425] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 425] chdir("./file0") = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_CLR_FD) = 0 [pid 425] close(6) = 0 [pid 425] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 425] write(6, "#! ./file1\n", 11) = 11 [pid 425] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 425] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=425, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 26.968180][ T425] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.996446][ T426] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-425: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x555566680660, 24) = 0 [pid 430] chdir("./29") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 430] write(1, "executing program\n", 18) = 18 [pid 430] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 430] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 430] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 430] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 430] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 430] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 430] memfd_create("syzkaller", 0) = 5 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 430] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 430] munmap(0x7f7435a97000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 430] close(5) = 0 [pid 430] close(6) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 430] chdir("./file0") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_CLR_FD) = 0 [pid 430] close(6) = 0 [pid 430] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 430] write(6, "#! ./file1\n", 11) = 11 [pid 430] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 430] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=430, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 27.168223][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.202213][ T431] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-430: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x555566680660, 24) = 0 [pid 435] chdir("./30") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] write(1, "executing program\n", 18executing program ) = 18 [pid 435] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 435] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 435] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 435] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 435] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 435] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 435] memfd_create("syzkaller", 0) = 5 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 435] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 435] munmap(0x7f7435a97000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 435] close(5) = 0 [pid 435] close(6) = 0 [pid 435] mkdir("./file0", 0777) = 0 [pid 435] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_CLR_FD) = 0 [pid 435] close(6) = 0 [pid 435] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 435] write(6, "#! ./file1\n", 11) = 11 [pid 435] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 435] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=435, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 27.328169][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.352407][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 440 ./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x555566680660, 24) = 0 [pid 440] chdir("./31") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 440] write(1, "executing program\n", 18executing program ) = 18 [pid 440] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 440] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 440] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 440] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 440] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 440] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 440] memfd_create("syzkaller", 0) = 5 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 440] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7f7435a97000, 138412032) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 440] close(5) = 0 [pid 440] close(6) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 440] write(6, "#! ./file1\n", 11) = 11 [pid 440] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 440] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=440, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 27.468179][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.491819][ T440] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x555566680660, 24) = 0 [pid 445] chdir("./32") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18executing program ) = 18 [pid 445] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 445] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 445] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 445] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 445] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 445] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 445] memfd_create("syzkaller", 0) = 5 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 445] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 445] munmap(0x7f7435a97000, 138412032) = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 445] close(5) = 0 [pid 445] close(6) = 0 [pid 445] mkdir("./file0", 0777) = 0 [pid 445] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 445] chdir("./file0") = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_CLR_FD) = 0 [pid 445] close(6) = 0 [pid 445] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 445] write(6, "#! ./file1\n", 11) = 11 [pid 445] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 445] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=445, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 27.640192][ T445] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.667796][ T446] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-445: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 450 ./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x555566680660, 24) = 0 [pid 450] chdir("./33") = 0 [pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 450] setpgid(0, 0) = 0 [pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 450] write(3, "1000", 4) = 4 [pid 450] close(3) = 0 [pid 450] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 450] write(1, "executing program\n", 18) = 18 [pid 450] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 450] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 450] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 450] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 450] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 450] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 450] memfd_create("syzkaller", 0) = 5 [pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 450] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 450] munmap(0x7f7435a97000, 138412032) = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 450] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 450] close(5) = 0 [pid 450] close(6) = 0 [pid 450] mkdir("./file0", 0777) = 0 [pid 450] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 450] chdir("./file0") = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 450] ioctl(6, LOOP_CLR_FD) = 0 [pid 450] close(6) = 0 [pid 450] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 450] write(6, "#! ./file1\n", 11) = 11 [pid 450] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 450] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=450, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 27.798182][ T450] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.826101][ T451] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-450: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 455 ./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x555566680660, 24) = 0 [pid 455] chdir("./34") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 455] write(1, "executing program\n", 18executing program ) = 18 [pid 455] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 455] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 455] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 455] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 455] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 455] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 455] memfd_create("syzkaller", 0) = 5 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 455] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 455] munmap(0x7f7435a97000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 455] close(5) = 0 [pid 455] close(6) = 0 [pid 455] mkdir("./file0", 0777) = 0 [pid 455] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 455] chdir("./file0") = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_CLR_FD) = 0 [pid 455] close(6) = 0 [pid 455] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 455] write(6, "#! ./file1\n", 11) = 11 [pid 455] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 455] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=455, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 27.998480][ T455] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.019929][ T455] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 460 ./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x555566680660, 24) = 0 [pid 460] chdir("./35") = 0 [pid 460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 460] setpgid(0, 0) = 0 [pid 460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 460] write(3, "1000", 4) = 4 [pid 460] close(3) = 0 executing program [pid 460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 460] write(1, "executing program\n", 18) = 18 [pid 460] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 460] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 460] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 460] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 460] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 460] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 460] memfd_create("syzkaller", 0) = 5 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 460] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 460] munmap(0x7f7435a97000, 138412032) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 460] close(5) = 0 [pid 460] close(6) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 460] chdir("./file0") = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_CLR_FD) = 0 [pid 460] close(6) = 0 [pid 460] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 460] write(6, "#! ./file1\n", 11) = 11 [pid 460] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 460] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=460, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 28.126900][ T460] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.158213][ T461] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-460: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x555566680660, 24) = 0 [pid 465] chdir("./36") = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 465] write(1, "executing program\n", 18executing program ) = 18 [pid 465] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 465] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 465] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 465] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 465] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 465] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 465] memfd_create("syzkaller", 0) = 5 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 465] munmap(0x7f7435a97000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 465] close(5) = 0 [pid 465] close(6) = 0 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] close(6) = 0 [pid 465] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 465] write(6, "#! ./file1\n", 11) = 11 [pid 465] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 465] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 28.287725][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.317607][ T466] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-465: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 470 ./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x555566680660, 24) = 0 [pid 470] chdir("./37") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 470] write(1, "executing program\n", 18) = 18 [pid 470] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 470] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 470] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 470] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 470] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 470] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 470] memfd_create("syzkaller", 0) = 5 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 470] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 470] munmap(0x7f7435a97000, 138412032) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 470] close(5) = 0 [pid 470] close(6) = 0 [pid 470] mkdir("./file0", 0777) = 0 [pid 470] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 470] chdir("./file0") = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_CLR_FD) = 0 [pid 470] close(6) = 0 [pid 470] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 470] write(6, "#! ./file1\n", 11) = 11 [pid 470] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 470] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=470, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 28.488298][ T470] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.516462][ T471] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-470: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 475 ./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x555566680660, 24) = 0 [pid 475] chdir("./38") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 475] write(1, "executing program\n", 18executing program ) = 18 [pid 475] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 475] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 475] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 475] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 475] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 475] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 475] memfd_create("syzkaller", 0) = 5 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 475] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 475] munmap(0x7f7435a97000, 138412032) = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 475] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 475] close(5) = 0 [pid 475] close(6) = 0 [pid 475] mkdir("./file0", 0777) = 0 [pid 475] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 475] chdir("./file0") = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 475] ioctl(6, LOOP_CLR_FD) = 0 [pid 475] close(6) = 0 [pid 475] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 475] write(6, "#! ./file1\n", 11) = 11 [pid 475] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 475] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=475, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 28.688031][ T475] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.712977][ T475] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 480 ./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x555566680660, 24) = 0 [pid 480] chdir("./39") = 0 [pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 480] setpgid(0, 0) = 0 [pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 480] write(3, "1000", 4) = 4 [pid 480] close(3) = 0 [pid 480] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 480] write(1, "executing program\n", 18) = 18 [pid 480] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 480] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 480] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 480] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 480] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 480] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 480] memfd_create("syzkaller", 0) = 5 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 480] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 480] munmap(0x7f7435a97000, 138412032) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 480] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 480] close(5) = 0 [pid 480] close(6) = 0 [pid 480] mkdir("./file0", 0777) = 0 [pid 480] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 480] chdir("./file0") = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 480] ioctl(6, LOOP_CLR_FD) = 0 [pid 480] close(6) = 0 [pid 480] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 480] write(6, "#! ./file1\n", 11) = 11 [pid 480] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 480] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=480, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 28.887676][ T480] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.915238][ T481] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-480: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 485 ./strace-static-x86_64: Process 485 attached [pid 485] set_robust_list(0x555566680660, 24) = 0 [pid 485] chdir("./40") = 0 [pid 485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 485] setpgid(0, 0) = 0 [pid 485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 485] write(3, "1000", 4) = 4 [pid 485] close(3) = 0 [pid 485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 485] write(1, "executing program\n", 18executing program ) = 18 [pid 485] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 485] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 485] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 485] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 485] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 485] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 485] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 485] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 485] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 485] memfd_create("syzkaller", 0) = 5 [pid 485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 485] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 485] munmap(0x7f7435a97000, 138412032) = 0 [pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 485] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 485] close(5) = 0 [pid 485] close(6) = 0 [pid 485] mkdir("./file0", 0777) = 0 [pid 485] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 485] chdir("./file0") = 0 [pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 485] ioctl(6, LOOP_CLR_FD) = 0 [pid 485] close(6) = 0 [pid 485] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 485] write(6, "#! ./file1\n", 11) = 11 [pid 485] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 485] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=485, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 29.078119][ T485] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.106279][ T486] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-485: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 490 ./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x555566680660, 24) = 0 [pid 490] chdir("./41") = 0 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 490] setpgid(0, 0) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 490] write(3, "1000", 4) = 4 [pid 490] close(3) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 490] write(1, "executing program\n", 18) = 18 [pid 490] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 490] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 490] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 490] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 490] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 490] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 490] memfd_create("syzkaller", 0) = 5 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 490] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 490] munmap(0x7f7435a97000, 138412032) = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 490] close(5) = 0 [pid 490] close(6) = 0 [pid 490] mkdir("./file0", 0777) = 0 [pid 490] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 490] chdir("./file0") = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_CLR_FD) = 0 [pid 490] close(6) = 0 [pid 490] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 490] write(6, "#! ./file1\n", 11) = 11 [pid 490] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 490] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=490, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 29.238246][ T490] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.266502][ T490] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 495 ./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x555566680660, 24) = 0 [pid 495] chdir("./42") = 0 [pid 495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 495] setpgid(0, 0) = 0 [pid 495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 495] write(3, "1000", 4) = 4 [pid 495] close(3) = 0 [pid 495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 495] write(1, "executing program\n", 18executing program ) = 18 [pid 495] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 495] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 495] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 495] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 495] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 495] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 495] memfd_create("syzkaller", 0) = 5 [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 495] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 495] munmap(0x7f7435a97000, 138412032) = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 495] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 495] close(5) = 0 [pid 495] close(6) = 0 [pid 495] mkdir("./file0", 0777) = 0 [pid 495] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 495] chdir("./file0") = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 495] ioctl(6, LOOP_CLR_FD) = 0 [pid 495] close(6) = 0 [pid 495] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 495] write(6, "#! ./file1\n", 11) = 11 [pid 495] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 495] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=495, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 29.408141][ T495] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.436703][ T496] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-495: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555566680650) = 500 ./strace-static-x86_64: Process 500 attached [pid 500] set_robust_list(0x555566680660, 24) = 0 [pid 500] chdir("./43") = 0 [pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 500] setpgid(0, 0) = 0 [pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 500] write(3, "1000", 4) = 4 [pid 500] close(3) = 0 [pid 500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 500] write(1, "executing program\n", 18) = 18 [pid 500] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 500] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 500] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 500] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 500] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 500] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 500] memfd_create("syzkaller", 0) = 5 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 500] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 500] munmap(0x7f7435a97000, 138412032) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 500] close(5) = 0 [pid 500] close(6) = 0 [pid 500] mkdir("./file0", 0777) = 0 [pid 500] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 500] chdir("./file0") = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_CLR_FD) = 0 [pid 500] close(6) = 0 [pid 500] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 500] write(6, "#! ./file1\n", 11) = 11 [pid 500] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 500] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=500, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 29.632431][ T500] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.656107][ T500] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x555566680660, 24) = 0 [pid 505] chdir("./44") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 505] write(1, "executing program\n", 18executing program ) = 18 [pid 505] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 505] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 505] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 505] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 505] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 505] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 505] memfd_create("syzkaller", 0) = 5 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 505] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 505] munmap(0x7f7435a97000, 138412032) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 505] close(5) = 0 [pid 505] close(6) = 0 [pid 505] mkdir("./file0", 0777) = 0 [pid 505] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 505] chdir("./file0") = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_CLR_FD) = 0 [pid 505] close(6) = 0 [pid 505] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 505] write(6, "#! ./file1\n", 11) = 11 [pid 505] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 505] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=505, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 29.778430][ T505] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.807423][ T506] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-505: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 510 ./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x555566680660, 24) = 0 [pid 510] chdir("./45") = 0 [pid 510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 510] setpgid(0, 0) = 0 [pid 510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 510] write(3, "1000", 4) = 4 [pid 510] close(3) = 0 [pid 510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 510] write(1, "executing program\n", 18) = 18 [pid 510] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 510] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 510] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 510] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 510] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 510] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 510] memfd_create("syzkaller", 0) = 5 [pid 510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 510] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 510] munmap(0x7f7435a97000, 138412032) = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 510] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 510] close(5) = 0 [pid 510] close(6) = 0 [pid 510] mkdir("./file0", 0777) = 0 [pid 510] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 510] chdir("./file0") = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 510] ioctl(6, LOOP_CLR_FD) = 0 [pid 510] close(6) = 0 [pid 510] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 510] write(6, "#! ./file1\n", 11) = 11 [ 29.949087][ T510] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 510] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 510] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=510, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 29.988747][ T511] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-510: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 515 ./strace-static-x86_64: Process 515 attached [pid 515] set_robust_list(0x555566680660, 24) = 0 [pid 515] chdir("./46") = 0 [pid 515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 515] setpgid(0, 0) = 0 [pid 515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 515] write(3, "1000", 4) = 4 [pid 515] close(3) = 0 [pid 515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 515] write(1, "executing program\n", 18executing program ) = 18 [pid 515] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 515] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 515] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 515] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 515] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 515] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 515] memfd_create("syzkaller", 0) = 5 [pid 515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 515] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 515] munmap(0x7f7435a97000, 138412032) = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 515] close(5) = 0 [pid 515] close(6) = 0 [pid 515] mkdir("./file0", 0777) = 0 [pid 515] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 515] chdir("./file0") = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_CLR_FD) = 0 [pid 515] close(6) = 0 [pid 515] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 515] write(6, "#! ./file1\n", 11) = 11 [pid 515] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 515] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=515, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 30.128104][ T515] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.156476][ T516] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-515: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x555566680660, 24) = 0 [pid 520] chdir("./47") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 282] <... clone resumed>, child_tidptr=0x555566680650) = 520 executing program [pid 520] <... openat resumed>) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] write(1, "executing program\n", 18) = 18 [pid 520] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 520] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 520] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 520] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 520] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 520] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 520] memfd_create("syzkaller", 0) = 5 [pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 520] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 520] munmap(0x7f7435a97000, 138412032) = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 520] close(5) = 0 [pid 520] close(6) = 0 [pid 520] mkdir("./file0", 0777) = 0 [pid 520] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 520] chdir("./file0") = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_CLR_FD) = 0 [pid 520] close(6) = 0 [pid 520] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 520] write(6, "#! ./file1\n", 11) = 11 [pid 520] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 30.347996][ T520] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 520] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=520, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 30.388545][ T521] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-520: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 525 ./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x555566680660, 24) = 0 [pid 525] chdir("./48") = 0 [pid 525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 525] setpgid(0, 0) = 0 [pid 525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 525] write(3, "1000", 4) = 4 [pid 525] close(3) = 0 [pid 525] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 525] write(1, "executing program\n", 18) = 18 [pid 525] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 525] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 525] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 525] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 525] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 525] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 525] memfd_create("syzkaller", 0) = 5 [pid 525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 525] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 525] munmap(0x7f7435a97000, 138412032) = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 525] close(5) = 0 [pid 525] close(6) = 0 [pid 525] mkdir("./file0", 0777) = 0 [pid 525] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 525] chdir("./file0") = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_CLR_FD) = 0 [pid 525] close(6) = 0 [pid 525] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 525] write(6, "#! ./file1\n", 11) = 11 [pid 525] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 525] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=525, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 30.558670][ T525] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.586673][ T526] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-525: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 530 ./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x555566680660, 24) = 0 [pid 530] chdir("./49") = 0 [pid 530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 530] setpgid(0, 0) = 0 [pid 530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 530] write(3, "1000", 4) = 4 [pid 530] close(3) = 0 [pid 530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 530] write(1, "executing program\n", 18executing program ) = 18 [pid 530] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 530] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 530] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 530] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 530] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 530] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 530] memfd_create("syzkaller", 0) = 5 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 530] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 530] munmap(0x7f7435a97000, 138412032) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 530] close(5) = 0 [pid 530] close(6) = 0 [pid 530] mkdir("./file0", 0777) = 0 [pid 530] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 530] chdir("./file0") = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_CLR_FD) = 0 [pid 530] close(6) = 0 [pid 530] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 530] write(6, "#! ./file1\n", 11) = 11 [pid 530] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 530] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=530, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 30.728172][ T530] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.756701][ T530] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor251: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566689730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566689730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x5555666816f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555566680650) = 535 ./strace-static-x86_64: Process 535 attached [pid 535] set_robust_list(0x555566680660, 24) = 0 [pid 535] chdir("./50") = 0 [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 535] setpgid(0, 0) = 0 [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 535] write(3, "1000", 4) = 4 [pid 535] close(3) = 0 [pid 535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 535] write(1, "executing program\n", 18executing program ) = 18 [pid 535] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 535] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 535] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 535] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 535] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 535] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 535] memfd_create("syzkaller", 0) = 5 [pid 535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7435a97000 [pid 535] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 535] munmap(0x7f7435a97000, 138412032) = 0 [pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 535] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 535] close(5) = 0 [pid 535] close(6) = 0 [pid 535] mkdir("./file0", 0777) = 0 [pid 535] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 535] chdir("./file0") = 0 [pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 535] ioctl(6, LOOP_CLR_FD) = 0 [pid 535] close(6) = 0 [pid 535] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 535] write(6, "#! ./file1\n", 11) = 11 [pid 535] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 535] ioctl(-1, KVM_SET_IRQCHIP, 0x200000000280) = -1 EBADF (Bad file descriptor) [pid 535] exit_group(0) = ? [pid 535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=535, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555666816f0 /* 4 entries */, 32768) = 112 [ 30.858075][ T535] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.886443][ T536] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-535: bg 0: block 234: padding at end of block bitmap is not set [ 30.912563][ T7] ------------[ cut here ]------------ [ 30.918194][ T7] kernel BUG at fs/ext4/inode.c:2778! [ 30.923609][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 30.929652][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 30.939504][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 30.949554][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 30.955514][ T7] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 30.961206][ T7] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 30.980784][ T7] RSP: 0018:ffffc90000077180 EFLAGS: 00010293 [ 30.986910][ T7] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810024bb40 [ 30.994851][ T7] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 31.002799][ T7] RBP: ffffc900000774f0 R08: dffffc0000000000 R09: ffffed10242c20c8 [ 31.010742][ T7] R10: ffffed10242c20c8 R11: 1ffff110242c20c7 R12: dffffc0000000000 [ 31.018709][ T7] R13: ffff888115ee3000 R14: 0000008000000000 R15: ffff888121610638 [ 31.026674][ T7] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 31.035760][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.042335][ T7] CR2: 00007f743df1efb8 CR3: 0000000106ffe000 CR4: 00000000003506a0 [ 31.050291][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.058344][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.066290][ T7] Call Trace: [ 31.069560][ T7] ? update_load_avg+0xdf5/0x14f0 [ 31.074557][ T7] ? ext4_readpage+0x220/0x220 [ 31.079291][ T7] ? enqueue_task_fair+0xac3/0x2250 [ 31.084466][ T7] ? update_load_avg+0x4dc/0x14f0 [ 31.089463][ T7] ? ext4_readpage+0x220/0x220 [ 31.094213][ T7] do_writepages+0x12a/0x270 [ 31.098789][ T7] ? __writepage+0x130/0x130 [ 31.103357][ T7] ? __kasan_check_write+0x14/0x20 [ 31.108447][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 31.113097][ T7] ? __kasan_check_write+0x14/0x20 [ 31.118173][ T7] __writeback_single_inode+0xd5/0xa20 [ 31.123613][ T7] ? wbc_attach_and_unlock_inode+0x385/0x590 [ 31.129565][ T7] writeback_sb_inodes+0x860/0x1400 [ 31.134738][ T7] ? queue_io+0x4c0/0x4c0 [ 31.139039][ T7] ? __kasan_check_read+0x11/0x20 [ 31.144035][ T7] ? queue_io+0x385/0x4c0 [ 31.148341][ T7] wb_writeback+0x3e3/0xb90 [ 31.152844][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 31.158451][ T7] ? set_worker_desc+0x155/0x1c0 [ 31.163356][ T7] ? update_load_avg+0x4dc/0x14f0 [ 31.168350][ T7] ? __kasan_check_write+0x14/0x20 [ 31.173441][ T7] wb_workfn+0x38f/0xe20 [ 31.177662][ T7] ? inode_wait_for_writeback+0x200/0x200 [ 31.183358][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.188542][ T7] ? finish_task_switch+0x12e/0x5a0 [ 31.193719][ T7] ? __switch_to_asm+0x34/0x60 [ 31.198458][ T7] ? __schedule+0xb4f/0x1310 [ 31.203020][ T7] ? __kasan_check_read+0x11/0x20 [ 31.208014][ T7] ? read_word_at_a_time+0x12/0x20 [ 31.213094][ T7] ? strscpy+0x9b/0x290 [ 31.217325][ T7] process_one_work+0x6e1/0xba0 [ 31.222159][ T7] worker_thread+0xa6a/0x13b0 [ 31.226832][ T7] kthread+0x346/0x3d0 [ 31.230888][ T7] ? worker_clr_flags+0x190/0x190 [ 31.235887][ T7] ? kthread_blkcg+0xd0/0xd0 [ 31.240452][ T7] ret_from_fork+0x1f/0x30 [ 31.244852][ T7] Modules linked in: [ 31.248967][ T7] ---[ end trace caf720a88d81056f ]--- [ 31.254599][ T7] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 31.260339][ T7] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 31.279954][ T7] RSP: 0018:ffffc90000077180 EFLAGS: 00010293 [ 31.286010][ T7] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810024bb40 [ 31.294009][ T7] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 31.301987][ T7] RBP: ffffc900000774f0 R08: dffffc0000000000 R09: ffffed10242c20c8 [ 31.309972][ T7] R10: ffffed10242c20c8 R11: 1ffff110242c20c7 R12: dffffc0000000000 [ 31.317943][ T7] R13: ffff888115ee3000 R14: 0000008000000000 R15: ffff888121610638 [ 31.325890][ T7] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 31.334928][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.341511][ T7] CR2: 00007f743df1efb8 CR3: 0000000106ffe000 CR4: 00000000003506a0 [ 31.349484][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.357540][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.365493][ T7] Kernel panic - not syncing: Fatal exception [ 31.371730][ T7] Kernel Offset: disabled [ 31.376041][ T7] Rebooting in 86400 seconds..