./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor53099569 <...> syzkaller syzkaller login: [ 18.206622][ T24] kauditd_printk_skb: 31 callbacks suppressed [ 18.206634][ T24] audit: type=1400 audit(1750110149.700:59): avc: denied { transition } for pid=217 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.221685][ T24] audit: type=1400 audit(1750110149.700:60): avc: denied { noatsecure } for pid=217 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.236381][ T24] audit: type=1400 audit(1750110149.700:61): avc: denied { write } for pid=217 comm="sh" path="pipe:[13063]" dev="pipefs" ino=13063 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 18.259892][ T24] audit: type=1400 audit(1750110149.700:62): avc: denied { rlimitinh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.281128][ T24] audit: type=1400 audit(1750110149.700:63): avc: denied { siginh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.90' (ED25519) to the list of known hosts. execve("./syz-executor53099569", ["./syz-executor53099569"], 0x7ffe01b03b80 /* 10 vars */) = 0 brk(NULL) = 0x555583e74000 brk(0x555583e74d00) = 0x555583e74d00 arch_prctl(ARCH_SET_FS, 0x555583e74380) = 0 set_tid_address(0x555583e74650) = 282 set_robust_list(0x555583e74660, 24) = 0 rseq(0x555583e74ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor53099569", 4096) = 26 getrandom("\x6c\x1e\x2e\x37\xb8\x7e\xc1\x5e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555583e74d00 brk(0x555583e95d00) = 0x555583e95d00 brk(0x555583e96000) = 0x555583e96000 mprotect(0x7f4e591e8000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.BukpLP", 0700) = 0 chmod("./syzkaller.BukpLP", 0777) = 0 chdir("./syzkaller.BukpLP") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 284 ./strace-static-x86_64: Process 284 attached [pid 284] set_robust_list(0x555583e74660, 24) = 0 [pid 284] chdir("./0") = 0 [pid 284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 284] setpgid(0, 0) = 0 [pid 284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 284] write(3, "1000", 4) = 4 [pid 284] close(3) = 0 [pid 284] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 284] write(1, "executing program\n", 18) = 18 [pid 284] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 284] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 284] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 284] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 284] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 284] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 284] memfd_create("syzkaller", 0) = 5 [pid 284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [ 28.140101][ T24] audit: type=1400 audit(1750110159.630:64): avc: denied { execmem } for pid=282 comm="syz-executor530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 28.163738][ T24] audit: type=1400 audit(1750110159.650:65): avc: denied { read write } for pid=282 comm="syz-executor530" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 284] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 284] munmap(0x7f4e50d35000, 138412032) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 284] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 284] close(5) = 0 [pid 284] close(6) = 0 [pid 284] mkdir("./file0", 0777) = 0 [ 28.191971][ T24] audit: type=1400 audit(1750110159.650:66): avc: denied { open } for pid=282 comm="syz-executor530" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 28.218951][ T24] audit: type=1400 audit(1750110159.650:67): avc: denied { ioctl } for pid=282 comm="syz-executor530" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 28.248793][ T24] audit: type=1400 audit(1750110159.660:68): avc: denied { read write } for pid=284 comm="syz-executor530" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 28.277064][ T24] audit: type=1400 audit(1750110159.660:69): avc: denied { open } for pid=284 comm="syz-executor530" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 28.303228][ T24] audit: type=1400 audit(1750110159.670:70): avc: denied { ioctl } for pid=284 comm="syz-executor530" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 28.332008][ T24] audit: type=1400 audit(1750110159.710:71): avc: denied { mounton } for pid=284 comm="syz-executor530" path="/root/syzkaller.BukpLP/0/file0" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 28.332690][ T284] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 284] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 284] chdir("./file0") = 0 [pid 284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 284] ioctl(6, LOOP_CLR_FD) = 0 [pid 284] close(6) = 0 [pid 284] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 284] write(6, "#! ./file1\n", 11) = 11 [pid 284] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.383746][ T24] audit: type=1400 audit(1750110159.870:72): avc: denied { mount } for pid=284 comm="syz-executor530" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 28.415084][ T284] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor530: bg 0: block 234: padding at end of block bitmap is not set [pid 284] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 284] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=284, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 28.417774][ T24] audit: type=1400 audit(1750110159.890:73): avc: denied { write } for pid=284 comm="syz-executor530" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 290 ./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x555583e74660, 24) = 0 [pid 290] chdir("./1") = 0 [pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 290] setpgid(0, 0) = 0 [pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 290] write(3, "1000", 4) = 4 [pid 290] close(3) = 0 [pid 290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] write(1, "executing program\n", 18) = 18 [pid 290] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 290] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 290] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 290] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 290] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 290] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 290] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 290] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 290] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 290] memfd_create("syzkaller", 0) = 5 [pid 290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 290] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 290] munmap(0x7f4e50d35000, 138412032) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 290] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 290] close(5) = 0 [pid 290] close(6) = 0 [pid 290] mkdir("./file0", 0777) = 0 [pid 290] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 290] chdir("./file0") = 0 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 290] ioctl(6, LOOP_CLR_FD) = 0 [pid 290] close(6) = 0 [pid 290] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 290] write(6, "#! ./file1\n", 11) = 11 [pid 290] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.577852][ T290] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 290] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 290] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=290, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 28.621345][ T291] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-290: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 295 attached , child_tidptr=0x555583e74650) = 295 [pid 295] set_robust_list(0x555583e74660, 24) = 0 [pid 295] chdir("./2") = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3) = 0 [pid 295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 295] write(1, "executing program\n", 18executing program ) = 18 [pid 295] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 295] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 295] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 295] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 295] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 295] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 295] memfd_create("syzkaller", 0) = 5 [pid 295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 295] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 295] munmap(0x7f4e50d35000, 138412032) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 295] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 295] close(5) = 0 [pid 295] close(6) = 0 [pid 295] mkdir("./file0", 0777) = 0 [pid 295] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 295] chdir("./file0") = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 295] ioctl(6, LOOP_CLR_FD) = 0 [pid 295] close(6) = 0 [pid 295] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 295] write(6, "#! ./file1\n", 11) = 11 [pid 295] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 295] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 295] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=295, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 28.763149][ T295] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.790827][ T295] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor530: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 300 attached , child_tidptr=0x555583e74650) = 300 [pid 300] set_robust_list(0x555583e74660, 24) = 0 [pid 300] chdir("./3") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 300] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 300] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 300] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 300] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 300] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 300] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 300] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 300] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 300] memfd_create("syzkaller", 0) = 5 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 300] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 300] munmap(0x7f4e50d35000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 300] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 300] close(5) = 0 [pid 300] close(6) = 0 [pid 300] mkdir("./file0", 0777) = 0 [pid 300] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 300] chdir("./file0") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 300] ioctl(6, LOOP_CLR_FD) = 0 [pid 300] close(6) = 0 [pid 300] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 300] write(6, "#! ./file1\n", 11) = 11 [pid 300] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 300] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 300] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=300, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 28.967256][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.996992][ T300] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor530: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555583e74660, 24) = 0 [pid 305] chdir("./4") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 305] write(1, "executing program\n", 18) = 18 [pid 305] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 305] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 305] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 305] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 305] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 305] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 305] memfd_create("syzkaller", 0) = 5 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 305] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 305] munmap(0x7f4e50d35000, 138412032) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 305] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 305] close(5) = 0 [pid 305] close(6) = 0 [pid 305] mkdir("./file0", 0777) = 0 [pid 305] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 305] chdir("./file0") = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 305] ioctl(6, LOOP_CLR_FD) = 0 [pid 305] close(6) = 0 [pid 305] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 305] write(6, "#! ./file1\n", 11) = 11 [pid 305] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.227132][ T305] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 305] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=305, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 29.267771][ T306] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-305: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 310 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x555583e74660, 24) = 0 [pid 310] chdir("./5") = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 310] write(1, "executing program\n", 18executing program ) = 18 [pid 310] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 310] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 310] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 310] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 310] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 310] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 310] memfd_create("syzkaller", 0) = 5 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 310] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 310] munmap(0x7f4e50d35000, 138412032) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 310] close(5) = 0 [pid 310] close(6) = 0 [pid 310] mkdir("./file0", 0777) = 0 [pid 310] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 310] chdir("./file0") = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_CLR_FD) = 0 [pid 310] close(6) = 0 [pid 310] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 310] write(6, "#! ./file1\n", 11) = 11 [pid 310] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 310] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=310, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 29.407140][ T310] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.435133][ T310] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor530: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555583e74660, 24) = 0 [pid 315] chdir("./6") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] write(1, "executing program\n", 18executing program ) = 18 [pid 315] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 315] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 315] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 315] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 315] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 315] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 315] memfd_create("syzkaller", 0) = 5 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 315] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 315] munmap(0x7f4e50d35000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 315] close(5) = 0 [pid 315] close(6) = 0 [pid 315] mkdir("./file0", 0777) = 0 [pid 315] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 315] chdir("./file0") = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_CLR_FD) = 0 [pid 315] close(6) = 0 [pid 315] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 315] write(6, "#! ./file1\n", 11) = 11 [pid 315] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.662081][ T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 315] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=315, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 29.708777][ T316] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-315: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555583e74660, 24) = 0 [pid 320] chdir("./7") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] write(1, "executing program\n", 18executing program ) = 18 [pid 320] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 320] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 320] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 320] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 320] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 320] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 320] memfd_create("syzkaller", 0) = 5 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 320] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 320] munmap(0x7f4e50d35000, 138412032) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 320] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 320] close(5) = 0 [pid 320] close(6) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 320] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 320] chdir("./file0") = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 320] ioctl(6, LOOP_CLR_FD) = 0 [pid 320] close(6) = 0 [pid 320] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 320] write(6, "#! ./file1\n", 11) = 11 [pid 320] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.857518][ T320] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 320] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=320, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 29.901187][ T321] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-320: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555583e74660, 24) = 0 [pid 325] chdir("./8") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] write(1, "executing program\n", 18) = 18 [pid 325] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 325] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 325] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 325] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 325] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 325] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 325] memfd_create("syzkaller", 0) = 5 [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 325] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 325] munmap(0x7f4e50d35000, 138412032) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 325] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 325] close(5) = 0 [pid 325] close(6) = 0 [pid 325] mkdir("./file0", 0777) = 0 [pid 325] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 325] chdir("./file0") = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 325] ioctl(6, LOOP_CLR_FD) = 0 [pid 325] close(6) = 0 [pid 325] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 325] write(6, "#! ./file1\n", 11) = 11 [pid 325] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 30.037896][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 325] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=325, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 30.088428][ T326] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-325: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 330 ./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x555583e74660, 24) = 0 [pid 330] chdir("./9") = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 330] write(1, "executing program\n", 18executing program ) = 18 [pid 330] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 330] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 330] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 330] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 330] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 330] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 330] memfd_create("syzkaller", 0) = 5 [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 330] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 330] munmap(0x7f4e50d35000, 138412032) = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 330] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 330] close(5) = 0 [pid 330] close(6) = 0 [pid 330] mkdir("./file0", 0777) = 0 [pid 330] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 330] chdir("./file0") = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 330] ioctl(6, LOOP_CLR_FD) = 0 [pid 330] close(6) = 0 [pid 330] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 330] write(6, "#! ./file1\n", 11) = 11 [pid 330] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 30.257447][ T330] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 330] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=330, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 30.296305][ T331] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-330: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x555583e74660, 24) = 0 [pid 335] chdir("./10") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 335] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 335] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 335] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 335] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 335] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 335] memfd_create("syzkaller", 0) = 5 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 335] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 335] munmap(0x7f4e50d35000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 335] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 335] close(5) = 0 [pid 335] close(6) = 0 [pid 335] mkdir("./file0", 0777) = 0 [pid 335] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 335] chdir("./file0") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 335] ioctl(6, LOOP_CLR_FD) = 0 [pid 335] close(6) = 0 [pid 335] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 335] write(6, "#! ./file1\n", 11) = 11 [pid 335] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 30.427680][ T335] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 335] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=335, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 30.471668][ T335] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor530: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 340 attached , child_tidptr=0x555583e74650) = 340 [pid 340] set_robust_list(0x555583e74660, 24) = 0 [pid 340] chdir("./11") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 340] write(1, "executing program\n", 18executing program ) = 18 [pid 340] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 340] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 340] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 340] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 340] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 340] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 340] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 340] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 340] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 340] memfd_create("syzkaller", 0) = 5 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 340] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 340] munmap(0x7f4e50d35000, 138412032) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 340] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 340] close(5) = 0 [pid 340] close(6) = 0 [pid 340] mkdir("./file0", 0777) = 0 [pid 340] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 340] chdir("./file0") = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 340] ioctl(6, LOOP_CLR_FD) = 0 [pid 340] close(6) = 0 [pid 340] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 340] write(6, "#! ./file1\n", 11) = 11 [pid 340] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 340] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=340, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 30.597244][ T340] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.624349][ T340] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor530: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555583e74660, 24) = 0 [pid 345] chdir("./12") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 executing program [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] write(1, "executing program\n", 18) = 18 [pid 345] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 345] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 345] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 345] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 345] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 345] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 345] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 345] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 345] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 345] memfd_create("syzkaller", 0) = 5 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 345] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 345] munmap(0x7f4e50d35000, 138412032) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 345] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 345] close(5) = 0 [pid 345] close(6) = 0 [pid 345] mkdir("./file0", 0777) = 0 [pid 345] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 345] chdir("./file0") = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 345] ioctl(6, LOOP_CLR_FD) = 0 [pid 345] close(6) = 0 [pid 345] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 345] write(6, "#! ./file1\n", 11) = 11 [pid 345] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 345] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=345, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 30.757142][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.781085][ T345] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor530: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 350 ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x555583e74660, 24) = 0 [pid 350] chdir("./13") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 350] write(1, "executing program\n", 18) = 18 [pid 350] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 350] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 350] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 350] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 350] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 350] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 350] memfd_create("syzkaller", 0) = 5 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 350] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 350] munmap(0x7f4e50d35000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 350] close(5) = 0 [pid 350] close(6) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 350] chdir("./file0") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_CLR_FD) = 0 [pid 350] close(6) = 0 [pid 350] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 350] write(6, "#! ./file1\n", 11) = 11 [pid 350] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 350] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=350, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 30.987739][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.020025][ T351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-350: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x555583e74660, 24) = 0 [pid 355] chdir("./14") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18) = 18 [pid 355] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 355] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 355] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 355] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 355] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 355] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 355] memfd_create("syzkaller", 0) = 5 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 355] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 355] munmap(0x7f4e50d35000, 138412032) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 355] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 355] close(5) = 0 [pid 355] close(6) = 0 [pid 355] mkdir("./file0", 0777) = 0 [pid 355] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 355] chdir("./file0") = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 355] ioctl(6, LOOP_CLR_FD) = 0 [pid 355] close(6) = 0 [pid 355] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 355] write(6, "#! ./file1\n", 11) = 11 [pid 355] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 31.147220][ T355] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 355] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 31.188446][ T356] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-355: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555583e74660, 24) = 0 [pid 360] chdir("./15") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 360] write(1, "executing program\n", 18executing program ) = 18 [pid 360] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 360] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 360] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 360] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 360] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 360] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 360] memfd_create("syzkaller", 0) = 5 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 360] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 360] munmap(0x7f4e50d35000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 360] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 360] close(5) = 0 [pid 360] close(6) = 0 [pid 360] mkdir("./file0", 0777) = 0 [pid 360] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 360] chdir("./file0") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 360] ioctl(6, LOOP_CLR_FD) = 0 [pid 360] close(6) = 0 [pid 360] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 360] write(6, "#! ./file1\n", 11) = 11 [pid 360] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 360] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=360, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 31.397286][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.427315][ T361] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-360: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555583e74660, 24) = 0 [pid 365] chdir("./16") = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 365] write(1, "executing program\n", 18executing program ) = 18 [pid 365] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 365] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 365] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 365] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 365] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 365] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 365] memfd_create("syzkaller", 0) = 5 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 365] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 365] munmap(0x7f4e50d35000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 365] close(5) = 0 [pid 365] close(6) = 0 [pid 365] mkdir("./file0", 0777) = 0 [pid 365] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 365] chdir("./file0") = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_CLR_FD) = 0 [pid 365] close(6) = 0 [pid 365] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 365] write(6, "#! ./file1\n", 11) = 11 [pid 365] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 31.564425][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 365] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=365, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 31.599256][ T366] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-365: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583e7d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583e7d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555583e756f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583e74650) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x555583e74660, 24) = 0 [pid 370] chdir("./17") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] write(1, "executing program\n", 18) = 18 [pid 370] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 370] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 370] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 370] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 370] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 370] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 370] memfd_create("syzkaller", 0) = 5 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50d35000 [pid 370] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 370] munmap(0x7f4e50d35000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 370] close(5) = 0 [pid 370] close(6) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_CLR_FD) = 0 [pid 370] close(6) = 0 [pid 370] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 370] write(6, "#! ./file1\n", 11) = 11 [pid 370] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 370] ioctl(-1, KVM_SET_IRQCHIP, 0x200000000280) = -1 EBADF (Bad file descriptor) [ 31.869709][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 370] exit_group(0) = ? [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555583e756f0 /* 4 entries */, 32768) = 112 [ 31.918889][ T371] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-370: bg 0: block 234: padding at end of block bitmap is not set [ 31.946325][ T9] ------------[ cut here ]------------ [ 31.952345][ T9] kernel BUG at fs/ext4/inode.c:2778! [ 31.958556][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 31.965953][ T9] CPU: 0 PID: 9 Comm: kworker/u4:1 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 31.977000][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.988084][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 31.994398][ T9] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 32.000400][ T9] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 32.022870][ T9] RSP: 0018:ffffc90000097180 EFLAGS: 00010293 [ 32.029128][ T9] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810024bb40 [ 32.037785][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 32.047408][ T9] RBP: ffffc900000974f0 R08: dffffc0000000000 R09: ffffed102429b5f3 [ 32.057913][ T9] R10: ffffed102429b5f3 R11: 1ffff1102429b5f2 R12: dffffc0000000000 [ 32.068121][ T9] R13: ffff8881069ba000 R14: 0000008000000000 R15: ffff8881214daf90 [ 32.077646][ T9] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 32.087970][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.095069][ T9] CR2: 00007ffd750b8eb8 CR3: 00000001067c2000 CR4: 00000000003506b0 [ 32.103675][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.112641][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.121726][ T9] Call Trace: [ 32.125759][ T9] ? __kasan_check_write+0x14/0x20 [ 32.131896][ T9] ? _raw_spin_lock+0x8e/0xe0 [ 32.137630][ T9] ? __kasan_check_read+0x11/0x20 [ 32.143533][ T9] ? update_load_avg+0xdf5/0x14f0 [ 32.149944][ T9] ? write_boundary_block+0x140/0x140 [ 32.159562][ T9] ? ext4_readpage+0x220/0x220 [ 32.165762][ T9] ? enqueue_task_fair+0xac3/0x2250 [ 32.171558][ T9] ? __getblk_gfp+0x3b/0x780 [ 32.177134][ T9] ? update_load_avg+0x4dc/0x14f0 [ 32.182929][ T9] ? ext4_readpage+0x220/0x220 [ 32.188145][ T9] do_writepages+0x12a/0x270 [ 32.193306][ T9] ? __writepage+0x130/0x130 [ 32.198007][ T9] ? __kasan_check_write+0x14/0x20 [ 32.204289][ T9] ? _raw_spin_lock+0x8e/0xe0 [ 32.210549][ T9] ? __kasan_check_write+0x14/0x20 [ 32.216112][ T9] __writeback_single_inode+0xd5/0xa20 [ 32.222823][ T9] ? wbc_attach_and_unlock_inode+0x385/0x590 [ 32.229485][ T9] writeback_sb_inodes+0x860/0x1400 [ 32.235032][ T9] ? queue_io+0x4c0/0x4c0 [ 32.239790][ T9] ? __kasan_check_read+0x11/0x20 [ 32.244856][ T9] ? queue_io+0x385/0x4c0 [ 32.249353][ T9] wb_writeback+0x3e3/0xb90 [ 32.254627][ T9] ? wb_io_lists_depopulated+0x180/0x180 [ 32.260443][ T9] ? set_worker_desc+0x155/0x1c0 [ 32.265798][ T9] ? update_load_avg+0x4dc/0x14f0 [ 32.271645][ T9] ? __kasan_check_write+0x14/0x20 [ 32.277783][ T9] wb_workfn+0x38f/0xe20 [ 32.282283][ T9] ? inode_wait_for_writeback+0x200/0x200 [ 32.288289][ T9] ? _raw_spin_unlock_irq+0x4e/0x70 [ 32.294424][ T9] ? finish_task_switch+0x12e/0x5a0 [ 32.300638][ T9] ? switch_mm_irqs_off+0x34d/0x9a0 [ 32.306152][ T9] ? __switch_to_asm+0x34/0x60 [ 32.311657][ T9] ? __schedule+0xb4f/0x1310 [ 32.316816][ T9] ? __kasan_check_read+0x11/0x20 [ 32.322213][ T9] ? read_word_at_a_time+0x12/0x20 [ 32.327665][ T9] ? strscpy+0x9b/0x290 [ 32.332041][ T9] process_one_work+0x6e1/0xba0 [ 32.336922][ T9] worker_thread+0xa6a/0x13b0 [ 32.341922][ T9] kthread+0x346/0x3d0 [ 32.346079][ T9] ? worker_clr_flags+0x190/0x190 [ 32.351306][ T9] ? kthread_blkcg+0xd0/0xd0 [ 32.356170][ T9] ret_from_fork+0x1f/0x30 [ 32.360863][ T9] Modules linked in: [ 32.365059][ T9] ---[ end trace 61e1b2d930366859 ]--- [ 32.370637][ T9] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 32.377294][ T9] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 32.399275][ T9] RSP: 0018:ffffc90000097180 EFLAGS: 00010293 [ 32.405365][ T9] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810024bb40 [ 32.413620][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 32.422721][ T9] RBP: ffffc900000974f0 R08: dffffc0000000000 R09: ffffed102429b5f3 [ 32.433025][ T9] R10: ffffed102429b5f3 R11: 1ffff1102429b5f2 R12: dffffc0000000000 [ 32.442776][ T9] R13: ffff8881069ba000 R14: 0000008000000000 R15: ffff8881214daf90 [ 32.452212][ T9] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 32.461889][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.469001][ T9] CR2: 00007ffd750b8eb8 CR3: 00000001067c2000 CR4: 00000000003506b0 [ 32.477724][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.487267][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.495862][ T9] Kernel panic - not syncing: Fatal exception [ 32.503603][ T9] Kernel Offset: disabled [ 32.509128][ T9] Rebooting in 86400 seconds..