./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1269389853 <...> Warning: Permanently added '10.128.1.109' (ED25519) to the list of known hosts. execve("./syz-executor1269389853", ["./syz-executor1269389853"], 0x7ffecf026030 /* 10 vars */) = 0 brk(NULL) = 0x555565cde000 brk(0x555565cdee00) = 0x555565cdee00 arch_prctl(ARCH_SET_FS, 0x555565cde480) = 0 set_tid_address(0x555565cde750) = 282 set_robust_list(0x555565cde760, 24) = 0 rseq(0x555565cdeda0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1269389853", 4096) = 28 getrandom("\x8e\x67\x9e\xa2\x46\xc9\xcb\x75", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555565cdee00 brk(0x555565cffe00) = 0x555565cffe00 brk(0x555565d00000) = 0x555565d00000 mprotect(0x7f12c89eb000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 chmod("/dev/raw-gadget", 0666) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f12c8940f70, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f12c894a020}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f12c8940f70, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f12c894a020}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 283 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 284 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 285 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 286 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 287 ./strace-static-x86_64: Process 287 attached [pid 287] set_robust_list(0x555565cde760, 24) = 0 [pid 287] mkdir("./syzkaller.bEXaAG", 0700) = 0 ./strace-static-x86_64: Process 283 attached [pid 283] set_robust_list(0x555565cde760, 24) = 0 [pid 283] mkdir("./syzkaller.oIdAV1", 0700) = 0 [pid 283] chmod("./syzkaller.oIdAV1", 0777) = 0 [pid 283] chdir("./syzkaller.oIdAV1") = 0 [pid 283] unshare(CLONE_NEWPID) = 0 [pid 287] chmod("./syzkaller.bEXaAG", 0777) = 0 [pid 287] chdir("./syzkaller.bEXaAG") = 0 [pid 287] unshare(CLONE_NEWPID) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... clone resumed>, child_tidptr=0x555565cde750) = 288 [pid 283] <... clone resumed>, child_tidptr=0x555565cde750) = 289 ./strace-static-x86_64: Process 288 attached [pid 288] set_robust_list(0x555565cde760, 24) = 0 [pid 288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 288] getppid() = 0 [pid 288] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 288] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 288] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 288] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 288] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 288] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 288] unshare(CLONE_NEWNS) = 0 [pid 288] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 288] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 288] unshare(CLONE_NEWCGROUP) = 0 [pid 288] unshare(CLONE_NEWUTS) = 0 [pid 288] unshare(CLONE_SYSVSEM) = 0 [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 288] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 288] getpid() = 1 [pid 288] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 286] set_robust_list(0x555565cde760, 24 [pid 285] set_robust_list(0x555565cde760, 24 [pid 284] set_robust_list(0x555565cde760, 24 [pid 288] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 288] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 288] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 288] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 288] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 288] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 288] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 288] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 288] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 288] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 288] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 288] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 288] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 288] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 288] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 288] chdir("/") = 0 [pid 288] umount2("./pivot", MNT_DETACH [pid 289] <... set_robust_list resumed>) = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] getppid() = 0 [pid 289] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 289] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 289] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 289] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 289] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 289] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 289] unshare(CLONE_NEWNS) = 0 [pid 289] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 289] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 289] unshare(CLONE_NEWCGROUP) = 0 [pid 289] unshare(CLONE_NEWUTS) = 0 [pid 289] unshare(CLONE_SYSVSEM) = 0 [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 289] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 289] getpid() = 1 [pid 289] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 288] <... umount2 resumed>) = 0 [pid 286] <... set_robust_list resumed>) = 0 [pid 285] <... set_robust_list resumed>) = 0 [pid 284] <... set_robust_list resumed>) = 0 [pid 288] chroot("./newroot") = 0 [pid 288] chdir("/") = 0 [pid 288] mkdir("/dev/gadgetfs", 0777) = 0 [ 25.046091][ T24] audit: type=1400 audit(1750999989.740:66): avc: denied { mounton } for pid=288 comm="syz-executor126" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 25.067793][ T24] audit: type=1400 audit(1750999989.770:67): avc: denied { mounton } for pid=288 comm="syz-executor126" path="/root/syzkaller.bEXaAG/syz-tmp" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 288] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 286] mkdir("./syzkaller.bVO7n4", 0700 [pid 285] mkdir("./syzkaller.O6zUYa", 0700 [pid 284] mkdir("./syzkaller.Z57OOG", 0700 [pid 289] <... unshare resumed>) = 0 [pid 289] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "0 65535", 7) = 7 [pid 289] close(3) = 0 [pid 289] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "100000", 6) = 6 [pid 289] close(3) = 0 [pid 289] mkdir("./syz-tmp", 0777) = 0 [pid 289] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 289] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 289] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 289] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 289] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 289] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 289] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 289] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 289] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 289] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 289] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 289] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 289] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 289] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 289] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 289] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 289] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 289] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 289] chdir("/") = 0 [pid 289] umount2("./pivot", MNT_DETACH [pid 288] <... mount resumed>) = -1 ENODEV (No such device) [pid 288] mkdir("/dev/binderfs", 0777 [pid 289] <... umount2 resumed>) = 0 [pid 289] chroot("./newroot") = 0 [pid 286] <... mkdir resumed>) = 0 [pid 289] chdir("/") = 0 [pid 285] <... mkdir resumed>) = 0 [pid 289] mkdir("/dev/gadgetfs", 0777 [pid 286] chmod("./syzkaller.bVO7n4", 0777 [pid 285] chmod("./syzkaller.O6zUYa", 0777 [pid 284] <... mkdir resumed>) = 0 [pid 289] <... mkdir resumed>) = -1 EEXIST (File exists) [ 25.092784][ T24] audit: type=1400 audit(1750999989.770:68): avc: denied { mount } for pid=288 comm="syz-executor126" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 25.096134][ T288] request_module fs-gadgetfs succeeded, but still no fs? [ 25.116566][ T24] audit: type=1400 audit(1750999989.770:69): avc: denied { mounton } for pid=288 comm="syz-executor126" path="/root/syzkaller.bEXaAG/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [pid 289] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device) [pid 289] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 289] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 289] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 289] mkdir("./0", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 2 [pid 288] <... mkdir resumed>) = 0 [pid 288] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 288] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 288] mkdir("./0", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] <... chmod resumed>) = 0 [pid 285] <... chmod resumed>) = 0 [pid 284] chmod("./syzkaller.Z57OOG", 0777 [pid 286] chdir("./syzkaller.bVO7n4" [pid 285] chdir("./syzkaller.O6zUYa" [pid 284] <... chmod resumed>) = 0 [pid 286] <... chdir resumed>) = 0 [pid 285] <... chdir resumed>) = 0 [pid 284] chdir("./syzkaller.Z57OOG" [pid 286] unshare(CLONE_NEWPID [pid 285] unshare(CLONE_NEWPID [pid 284] <... chdir resumed>) = 0 [pid 286] <... unshare resumed>) = 0 [pid 285] <... unshare resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] unshare(CLONE_NEWPID) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] <... clone resumed>, child_tidptr=0x555565cde750) = 292 [pid 285] <... clone resumed>, child_tidptr=0x555565cde750) = 293 [pid 284] <... clone resumed>, child_tidptr=0x555565cde750) = 294 [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 2 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x555565cde760, 24) = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] getppid(./strace-static-x86_64: Process 293 attached ./strace-static-x86_64: Process 292 attached ) = 0 [pid 293] set_robust_list(0x555565cde760, 24 [pid 292] set_robust_list(0x555565cde760, 24 [pid 293] <... set_robust_list resumed>) = 0 [pid 292] <... set_robust_list resumed>) = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 293] getppid( [pid 292] <... prctl resumed>) = 0 [pid 293] <... getppid resumed>) = 0 [pid 292] getppid( [pid 293] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 292] <... getppid resumed>) = 0 [pid 293] <... prlimit64 resumed>NULL) = 0 [pid 293] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 292] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 293] <... prlimit64 resumed>NULL) = 0 [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 293] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 292] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, [pid 293] <... prlimit64 resumed>NULL) = 0 [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 293] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 292] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 293] <... prlimit64 resumed>NULL) = 0 [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 293] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 292] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, [pid 293] <... prlimit64 resumed>NULL) = 0 [pid 293] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 293] <... prlimit64 resumed>NULL) = 0 [pid 292] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, [pid 293] unshare(CLONE_NEWNS [pid 292] <... prlimit64 resumed>NULL) = 0 ./strace-static-x86_64: Process 290 attached [pid 293] <... unshare resumed>) = 0 [pid 292] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, [pid 293] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 292] <... prlimit64 resumed>NULL) = 0 [pid 293] <... mount resumed>) = 0 [pid 292] unshare(CLONE_NEWNS [pid 293] unshare(CLONE_NEWIPC [pid 294] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, [pid 293] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 292] <... unshare resumed>) = 0 [pid 293] unshare(CLONE_NEWCGROUP [pid 292] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL [pid 293] <... unshare resumed>) = 0 [pid 293] unshare(CLONE_NEWUTS [pid 292] <... mount resumed>) = 0 [pid 293] <... unshare resumed>) = 0 [pid 292] unshare(CLONE_NEWIPC [pid 293] unshare(CLONE_SYSVSEM [pid 292] <... unshare resumed>) = -1 EINVAL (Invalid argument) [pid 293] <... unshare resumed>) = 0 [pid 292] unshare(CLONE_NEWCGROUP [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 292] <... unshare resumed>) = 0 [pid 290] set_robust_list(0x555565cde760, 24 [pid 294] <... prlimit64 resumed>NULL) = 0 [pid 294] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 293] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] unshare(CLONE_NEWUTS [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 292] <... unshare resumed>) = 0 [pid 293] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] unshare(CLONE_SYSVSEM [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 292] <... unshare resumed>) = 0 [pid 293] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC [pid 293] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 293] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 293] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC [pid 293] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 293] getpid( [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 293] <... getpid resumed>) = 1 [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 293] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC [pid 293] <... capget resumed>{effective=1<) = -1 ENOENT (No such file or directory) [pid 293] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC [pid 293] <... capset resumed>) = 0 [pid 293] unshare(CLONE_NEWNET [pid 292] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 290] <... set_robust_list resumed>) = 0 [pid 294] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, [pid 292] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 290] chdir("./0" [pid 294] <... prlimit64 resumed>NULL) = 0 [pid 294] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 294] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 290] <... chdir resumed>) = 0 [pid 294] unshare(CLONE_NEWNS) = 0 [pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 290] setpgid(0, 0) = 0 [pid 292] getpid( [pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 292] <... getpid resumed>) = 1 [pid 292] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<) = 3 [pid 292] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 294] unshare(CLONE_NEWIPC) = -1 EINVAL (Invalid argument) [pid 294] unshare(CLONE_NEWCGROUP) = 0 [pid 294] unshare(CLONE_NEWUTS) = 0 [pid 294] unshare(CLONE_SYSVSEM) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 295 attached [pid 290] write(3, "1000", 4 [pid 295] set_robust_list(0x555565cde760, 24 [pid 290] <... write resumed>) = 4 [pid 294] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 290] close(3 [pid 295] <... set_robust_list resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 295] chdir("./0" [pid 290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] <... chdir resumed>) = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] <... prctl resumed>) = 0 [pid 295] setpgid(0, 0executing program ) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 294] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 290] write(1, "executing program\n", 18) = 18 [pid 290] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 295] <... openat resumed>) = 3 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 290] <... openat resumed>) = 3 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3 [pid 294] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC [pid 295] <... close resumed>) = 0 [pid 294] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 295] symlink("/dev/binderfs", "./binderfs" [pid 294] getpid( [pid 295] <... symlink resumed>) = 0 [pid 294] <... getpid resumed>) = 1 [pid 290] ioctl(3, VHOST_SET_OWNERexecuting program [pid 295] write(1, "executing program\n", 18 [pid 294] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, [pid 295] <... write resumed>) = 18 [pid 294] <... capget resumed>{effective=1< [pid 294] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 295] <... openat resumed>) = 3 [pid 294] <... capset resumed>) = 0 [pid 294] unshare(CLONE_NEWNET [pid 295] ioctl(3, VHOST_SET_OWNER [pid 292] <... unshare resumed>) = 0 [ 25.149365][ T24] audit: type=1400 audit(1750999989.780:70): avc: denied { mount } for pid=288 comm="syz-executor126" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [pid 290] <... ioctl resumed>, 0) = 0 [pid 290] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 290] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 290] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 290] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 290] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 290] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 290] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 290] memfd_create("syzkaller", 0) = 5 [pid 290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 290] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 290] munmap(0x7f12c0537000, 138412032) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 290] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 290] close(5) = 0 [pid 290] close(6 [pid 292] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 292] write(3, "0 65535", 7) = 7 [pid 292] close(3) = 0 [pid 295] <... ioctl resumed>, 0) = 0 [pid 290] <... close resumed>) = 0 [pid 292] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 292] write(3, "100000", 6) = 6 [pid 292] close(3) = 0 [pid 292] mkdir("./syz-tmp", 0777 [pid 295] ioctl(3, VHOST_SET_VRING_ADDR [pid 290] mkdir("./file0", 0777 [pid 295] <... ioctl resumed>, 0x200000000300) = 0 [pid 295] ioctl(3, VHOST_SET_MEM_TABLE [pid 290] <... mkdir resumed>) = 0 [pid 295] <... ioctl resumed>, 0x200000003380) = 0 [pid 295] eventfd2(118, EFD_SEMAPHORE [pid 292] <... mkdir resumed>) = 0 [pid 292] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 295] <... eventfd2 resumed>) = 4 [pid 295] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 295] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 292] <... mount resumed>) = 0 [pid 292] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 292] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 292] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 292] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 292] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 292] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 292] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [ 25.207957][ T24] audit: type=1400 audit(1750999989.780:71): avc: denied { mounton } for pid=288 comm="syz-executor126" path="/root/syzkaller.bEXaAG/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [pid 292] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 295] memfd_create("syzkaller", 0 [pid 290] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... memfd_create resumed>) = 5 [pid 295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 292] <... mount resumed>) = 0 [pid 292] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 292] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 292] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 295] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 292] <... mount resumed>) = 0 [pid 292] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 292] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 292] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 292] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 292] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 292] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 292] chdir("/") = 0 [pid 292] umount2("./pivot", MNT_DETACH) = 0 [pid 292] chroot("./newroot") = 0 [pid 292] chdir("/") = 0 [pid 292] mkdir("/dev/gadgetfs", 0777) = -1 EEXIST (File exists) [pid 292] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device) [pid 292] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 292] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 292] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 292] mkdir("./0", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 2 [pid 295] <... write resumed>) = 1048576 [pid 295] munmap(0x7f12c0537000, 138412032) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [ 25.241155][ T24] audit: type=1400 audit(1750999989.780:72): avc: denied { mounton } for pid=288 comm="syz-executor126" path="/root/syzkaller.bEXaAG/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=14026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [pid 295] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 295] close(5) = 0 [pid 295] close(6./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555565cde760, 24) = 0 [pid 301] chdir("./0" [pid 293] <... unshare resumed>) = 0 [pid 290] <... mount resumed>) = 0 [pid 301] <... chdir resumed>) = 0 [pid 290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 293] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 290] <... openat resumed>) = 5 [pid 293] <... openat resumed>) = 3 [pid 301] setpgid(0, 0) = 0 [pid 290] chdir("./file0" [pid 293] write(3, "0 65535", 7 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 290] <... chdir resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 293] <... write resumed>) = 7 [pid 301] write(3, "1000", 4 [pid 293] close(3 [pid 301] <... write resumed>) = 4 [pid 293] <... close resumed>) = 0 [pid 301] close(3) = 0 [pid 293] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 301] symlink("/dev/binderfs", "./binderfs" [pid 293] <... openat resumed>) = 3 [pid 301] <... symlink resumed>) = 0 [pid 293] write(3, "100000", 6 [pid 301] write(1, "executing program\n", 18 [pid 293] <... write resumed>) = 6 executing program [pid 301] <... write resumed>) = 18 [pid 293] close(3 [pid 301] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 293] <... close resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 293] mkdir("./syz-tmp", 0777 [pid 301] ioctl(3, VHOST_SET_OWNER [pid 293] <... mkdir resumed>) = 0 [pid 293] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 294] <... unshare resumed>) = 0 [pid 294] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC [pid 293] <... mount resumed>) = 0 [pid 293] mkdir("./syz-tmp/newroot", 0777 [pid 294] <... openat resumed>) = 3 [pid 294] write(3, "0 65535", 7 [pid 293] <... mkdir resumed>) = 0 [pid 294] <... write resumed>) = 7 [pid 294] close(3) = 0 [pid 293] mkdir("./syz-tmp/newroot/dev", 0700 [pid 294] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "100000", 6) = 6 [pid 294] close(3) = 0 [pid 294] mkdir("./syz-tmp", 0777 [pid 293] <... mkdir resumed>) = 0 [pid 293] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 293] mkdir("./syz-tmp/newroot/proc", 0700 [pid 294] <... mkdir resumed>) = 0 [pid 294] mount("", "./syz-tmp", "tmpfs", 0, NULL [pid 293] <... mkdir resumed>) = 0 [pid 293] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 294] <... mount resumed>) = 0 [pid 294] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 293] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 294] mkdir("./syz-tmp/newroot/dev", 0700 [pid 293] <... mkdir resumed>) = 0 [pid 293] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 293] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 293] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 293] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 293] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 294] <... mkdir resumed>) = 0 [pid 293] <... mount resumed>) = 0 [pid 294] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 293] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 293] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 294] <... mount resumed>) = 0 [pid 293] <... mount resumed>) = 0 [pid 293] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 294] mkdir("./syz-tmp/newroot/proc", 0700 [pid 293] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 294] <... mkdir resumed>) = 0 [pid 293] mkdir("./syz-tmp/pivot", 0777 [pid 295] <... close resumed>) = 0 [pid 293] <... mkdir resumed>) = 0 [pid 290] <... openat resumed>) = 6 [pid 295] mkdir("./file0", 0777) = 0 [pid 293] pivot_root("./syz-tmp", "./syz-tmp/pivot" [pid 290] ioctl(6, LOOP_CLR_FD [pid 295] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 293] <... pivot_root resumed>) = 0 [pid 294] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL [pid 293] chdir("/" [pid 301] <... ioctl resumed>, 0) = 0 [pid 294] <... mount resumed>) = 0 [pid 293] <... chdir resumed>) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_ADDR [pid 293] umount2("./pivot", MNT_DETACH [pid 301] <... ioctl resumed>, 0x200000000300) = 0 [pid 294] mkdir("./syz-tmp/newroot/selinux", 0700 [pid 301] ioctl(3, VHOST_SET_MEM_TABLE [pid 294] <... mkdir resumed>) = 0 [pid 294] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 293] <... umount2 resumed>) = 0 [pid 294] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 293] chroot("./newroot" [pid 294] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 293] <... chroot resumed>) = 0 [pid 301] <... ioctl resumed>, 0x200000003380) = 0 [pid 294] <... mount resumed>) = 0 [pid 293] chdir("/" [pid 301] eventfd2(118, EFD_SEMAPHORE [pid 293] <... chdir resumed>) = 0 [pid 301] <... eventfd2 resumed>) = 4 [pid 293] mkdir("/dev/gadgetfs", 0777 [pid 301] ioctl(3, VHOST_SET_VRING_ERR [pid 293] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 301] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 293] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL [pid 301] ioctl(3, VHOST_SET_VRING_ADDR [pid 293] <... mount resumed>) = -1 ENODEV (No such device) [pid 301] <... ioctl resumed>, 0x200000000240) = 0 [pid 293] mkdir("/dev/binderfs", 0777 [pid 301] ioctl(3, VHOST_SET_VRING_KICK [pid 294] mkdir("./syz-tmp/newroot/sys", 0700 [pid 301] <... ioctl resumed>, 0x200000000000) = 0 [pid 293] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 301] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 293] mount("binder", "/dev/binderfs", "binder", 0, NULL [pid 301] <... ioctl resumed>, 0x200000000140) = 0 [pid 294] <... mkdir resumed>) = 0 [pid 294] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 293] <... mount resumed>) = 0 [pid 294] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 301] memfd_create("syzkaller", 0 [pid 293] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL [pid 301] <... memfd_create resumed>) = 5 [pid 294] <... mount resumed>) = 0 [pid 293] <... mount resumed>) = -1 EBUSY (Device or resource busy) [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 294] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL [pid 293] mkdir("./0", 0777 [pid 301] <... mmap resumed>) = 0x7f12c0537000 [pid 294] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 293] <... mkdir resumed>) = 0 [pid 294] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 294] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0 [pid 294] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 294] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 294] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 294] chdir("/") = 0 [pid 294] umount2("./pivot", MNT_DETACH [pid 301] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 294] <... umount2 resumed>) = 0 [pid 294] chroot("./newroot") = 0 [pid 294] chdir("/") = 0 [pid 294] mkdir("/dev/gadgetfs", 0777) = -1 EEXIST (File exists) [pid 294] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device) [pid 294] mkdir("/dev/binderfs", 0777) = -1 EEXIST (File exists) [pid 294] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 294] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 294] mkdir("./0", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 301] <... write resumed>) = 1048576 [ 25.310710][ T290] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue executing program [pid 290] <... ioctl resumed>) = 0 [pid 294] <... openat resumed>) = 3 [pid 293] <... openat resumed>) = 3 [pid 290] close(6 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3 [pid 290] <... close resumed>) = 0 [pid 293] ioctl(3, LOOP_CLR_FD [pid 294] <... close resumed>) = 0 [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] close(3 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 2 [pid 293] <... close resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555565cde760, 24) = 0 [pid 306] chdir("./0") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 306] ioctl(3, VHOST_SET_OWNER [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 2 [pid 290] <... openat resumed>) = 6 [pid 290] write(6, "#! ./file1\n", 11) = 11 [pid 290] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 ./strace-static-x86_64: Process 305 attached [pid 306] <... ioctl resumed>, 0) = 0 [ 25.379566][ T24] audit: type=1400 audit(1750999989.780:73): avc: denied { unmount } for pid=288 comm="syz-executor126" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 301] munmap(0x7f12c0537000, 138412032 [pid 306] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 301] <... munmap resumed>) = 0 [pid 306] ioctl(3, VHOST_SET_MEM_TABLE [pid 305] set_robust_list(0x555565cde760, 24 [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 306] <... ioctl resumed>, 0x200000003380) = 0 [pid 305] <... set_robust_list resumed>) = 0 [pid 301] <... openat resumed>) = 6 [pid 306] eventfd2(118, EFD_SEMAPHORE [pid 305] chdir("./0" [pid 301] ioctl(6, LOOP_SET_FD, 5 [pid 306] <... eventfd2 resumed>) = 4 [pid 306] ioctl(3, VHOST_SET_VRING_ERR [pid 305] <... chdir resumed>) = 0 [pid 295] <... mount resumed>) = 0 [pid 295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 295] chdir("./file0" [pid 306] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... chdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 306] ioctl(3, VHOST_SET_VRING_ADDR [pid 305] <... prctl resumed>) = 0 [pid 306] <... ioctl resumed>, 0x200000000240) = 0 [pid 305] setpgid(0, 0 [pid 306] ioctl(3, VHOST_SET_VRING_KICK [pid 305] <... setpgid resumed>) = 0 [pid 306] <... ioctl resumed>, 0x200000000000) = 0 [pid 306] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 306] <... ioctl resumed>, 0x200000000140) = 0 [pid 290] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 306] memfd_create("syzkaller", 0 [pid 305] <... openat resumed>) = 3 [ 25.415328][ T297] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-290: bg 0: block 234: padding at end of block bitmap is not set [ 25.432614][ T295] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 25.450169][ T290] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor126: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 306] <... memfd_create resumed>) = 5 [pid 305] write(3, "1000", 4 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 305] <... write resumed>) = 4 [pid 306] <... mmap resumed>) = 0x7f12c0537000 [pid 301] <... ioctl resumed>) = 0 [pid 295] <... openat resumed>) = 6 [pid 295] ioctl(6, LOOP_CLR_FD) = 0 [pid 295] close(6) = 0 [pid 295] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 295] write(6, "#! ./file1\n", 11) = 11 [pid 295] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 306] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 305] close(3 [pid 301] close(5 [pid 305] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs" [pid 301] close(6 [pid 305] <... symlink resumed>) = 0 [pid 301] <... close resumed>) = 0 executing program [pid 301] mkdir("./file0", 0777 [pid 305] write(1, "executing program\n", 18 [pid 301] <... mkdir resumed>) = 0 [pid 305] <... write resumed>) = 18 [pid 305] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 301] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 305] <... openat resumed>) = 3 [pid 305] ioctl(3, VHOST_SET_OWNER [pid 306] <... write resumed>) = 1048576 [pid 306] munmap(0x7f12c0537000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 305] <... ioctl resumed>, 0) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 305] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 306] ioctl(6, LOOP_SET_FD, 5 [pid 305] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 305] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 305] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 305] memfd_create("syzkaller", 0) = 5 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 305] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 306] <... ioctl resumed>) = 0 [pid 306] close(5) = 0 [ 25.450204][ T297] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-290: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.483238][ T295] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 25.508298][ T297] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-290: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 306] close(6 [pid 305] <... write resumed>) = 1048576 [pid 305] munmap(0x7f12c0537000, 138412032) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 295] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 295] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 290] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 295] close(3 [pid 290] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 290] close(3 [pid 295] <... close resumed>) = 0 [pid 295] close(4) = 0 [pid 295] close(5) = 0 [pid 295] close(6) = 0 [pid 295] close(7) = -1 EBADF (Bad file descriptor) [pid 295] close(8) = -1 EBADF (Bad file descriptor) [pid 295] close(9) = -1 EBADF (Bad file descriptor) [pid 295] close(10) = -1 EBADF (Bad file descriptor) [pid 295] close(11 [pid 301] <... mount resumed>) = 0 [pid 295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] close(12 [pid 301] <... openat resumed>) = 5 [pid 295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 301] chdir("./file0" [pid 295] close(13 [pid 301] <... chdir resumed>) = 0 [pid 295] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] close(14) = -1 EBADF (Bad file descriptor) [pid 295] close(15) = -1 EBADF (Bad file descriptor) [pid 295] close(16) = -1 EBADF (Bad file descriptor) [pid 295] close(17) = -1 EBADF (Bad file descriptor) [pid 295] close(18) = -1 EBADF (Bad file descriptor) [pid 295] close(19) = -1 EBADF (Bad file descriptor) [pid 295] close(20) = -1 EBADF (Bad file descriptor) [pid 295] close(21) = -1 EBADF (Bad file descriptor) [pid 295] close(22) = -1 EBADF (Bad file descriptor) [pid 295] close(23) = -1 EBADF (Bad file descriptor) [ 25.525163][ T297] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-290: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.560743][ T301] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 306] <... close resumed>) = 0 [pid 305] <... openat resumed>) = 6 [pid 306] mkdir("./file0", 0777 [pid 305] ioctl(6, LOOP_SET_FD, 5 [pid 306] <... mkdir resumed>) = 0 [pid 306] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] close(24) = -1 EBADF (Bad file descriptor) [pid 295] close(25) = -1 EBADF (Bad file descriptor) [pid 295] close(26) = -1 EBADF (Bad file descriptor) [pid 295] close(27) = -1 EBADF (Bad file descriptor) [pid 295] close(28) = -1 EBADF (Bad file descriptor) [pid 295] close(29) = -1 EBADF (Bad file descriptor) [pid 295] exit_group(0) = ? [pid 305] <... ioctl resumed>) = 0 [pid 305] close(5 [pid 295] +++ exited with 0 +++ [pid 305] <... close resumed>) = 0 [pid 305] close(6 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 301] <... openat resumed>) = 6 [pid 301] ioctl(6, LOOP_CLR_FD [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 306] <... mount resumed>) = 0 [pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 306] chdir("./file0" [pid 290] <... close resumed>) = 0 [pid 306] <... chdir resumed>) = 0 [pid 290] close(4 [pid 306] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 290] <... close resumed>) = 0 [pid 290] close(5) = 0 [pid 290] close(6) = 0 [pid 290] close(7) = -1 EBADF (Bad file descriptor) [pid 290] close(8) = -1 EBADF (Bad file descriptor) [pid 290] close(9) = -1 EBADF (Bad file descriptor) [pid 290] close(10) = -1 EBADF (Bad file descriptor) [pid 290] close(11) = -1 EBADF (Bad file descriptor) [pid 290] close(12) = -1 EBADF (Bad file descriptor) [pid 290] close(13 [pid 305] <... close resumed>) = 0 [pid 301] <... ioctl resumed>) = 0 [pid 290] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 290] close(14) = -1 EBADF (Bad file descriptor) [pid 290] close(15 [pid 305] mkdir("./file0", 0777 [pid 301] close(6 [pid 290] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 290] close(16 [pid 305] <... mkdir resumed>) = 0 [pid 290] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 290] close(17 [pid 305] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 290] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 290] close(18) = -1 EBADF (Bad file descriptor) [pid 290] close(19) = -1 EBADF (Bad file descriptor) [pid 290] close(20) = -1 EBADF (Bad file descriptor) [pid 290] close(21) = -1 EBADF (Bad file descriptor) [pid 290] close(22) = -1 EBADF (Bad file descriptor) [pid 290] close(23) = -1 EBADF (Bad file descriptor) [pid 290] close(24) = -1 EBADF (Bad file descriptor) [pid 290] close(25) = -1 EBADF (Bad file descriptor) [pid 290] close(26) = -1 EBADF (Bad file descriptor) [pid 290] close(27) = -1 EBADF (Bad file descriptor) [pid 290] close(28) = -1 EBADF (Bad file descriptor) [pid 290] close(29) = -1 EBADF (Bad file descriptor) [pid 290] exit_group(0) = ? [pid 290] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 25.577859][ T297] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-290: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.615203][ T306] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 289] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = 0 [pid 306] <... openat resumed>) = 6 [pid 301] <... close resumed>) = 0 [pid 306] ioctl(6, LOOP_CLR_FD [pid 301] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 301] write(6, "#! ./file1\n", 11) = 11 [pid 301] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 288] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./0/file0") = 0 [pid 288] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./0/binderfs") = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./0") = 0 [pid 288] mkdir("./1", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] <... umount2 resumed>) = 0 [pid 306] <... ioctl resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 306] close(6 [pid 288] ioctl(3, LOOP_CLR_FD [pid 306] <... close resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 306] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 288] close(3 [pid 306] <... openat resumed>) = 6 [pid 288] <... close resumed>) = 0 [pid 306] write(6, "#! ./file1\n", 11 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 306] <... write resumed>) = 11 [pid 306] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 3 [ 25.701230][ T304] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-301: bg 0: block 234: padding at end of block bitmap is not set [ 25.729203][ T305] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 306] <... mmap resumed>) = 0x200000000000 [pid 289] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555565cde760, 24) = 0 [pid 322] chdir("./1" [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4 [pid 322] <... chdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 289] rmdir("./0/file0") = 0 [pid 289] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./0/binderfs") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] getdents64(3, [pid 322] <... prctl resumed>) = 0 [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 322] setpgid(0, 0) = 0 [pid 289] close(3) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 289] rmdir("./0" [pid 322] <... openat resumed>) = 3 [pid 289] <... rmdir resumed>) = 0 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 289] mkdir("./1", 0777 [pid 322] write(1, "executing program\n", 18) = 18 [pid 289] <... mkdir resumed>) = 0 [pid 322] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 322] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 322] ioctl(3, VHOST_SET_OWNER [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 3 [pid 322] <... ioctl resumed>, 0) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 322] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 322] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 322] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 322] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 322] memfd_create("syzkaller", 0) = 5 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 322] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555565cde760, 24) = 0 [pid 325] chdir("./1") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 325] write(1, "executing program\n", 18) = 18 [pid 325] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 325] ioctl(3, VHOST_SET_OWNER [pid 322] <... write resumed>) = 1048576 [pid 305] <... mount resumed>) = 0 [pid 322] munmap(0x7f12c0537000, 138412032 [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 322] <... munmap resumed>) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 305] chdir("./file0") = 0 [pid 322] <... openat resumed>) = 6 [pid 305] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 322] ioctl(6, LOOP_SET_FD, 5 [pid 305] <... openat resumed>) = 6 [pid 305] ioctl(6, LOOP_CLR_FD [pid 325] <... ioctl resumed>, 0) = 0 [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 325] ioctl(3, VHOST_SET_VRING_ADDR [pid 301] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 325] <... ioctl resumed>, 0x200000000300) = 0 [pid 301] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 325] ioctl(3, VHOST_SET_MEM_TABLE [ 25.751115][ T308] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm vhost-306: bg 0: block 234: padding at end of block bitmap is not set [pid 301] close(3) = 0 [pid 301] close(4 [pid 325] <... ioctl resumed>, 0x200000003380) = 0 [pid 301] <... close resumed>) = 0 [pid 325] eventfd2(118, EFD_SEMAPHORE [pid 301] close(5 [pid 325] <... eventfd2 resumed>) = 4 [pid 301] <... close resumed>) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_ERR [pid 301] close(6 [pid 325] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 301] <... close resumed>) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_ADDR [pid 301] close(7 [pid 325] <... ioctl resumed>, 0x200000000240) = 0 [pid 301] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 325] ioctl(3, VHOST_SET_VRING_KICK [pid 301] close(8 [pid 325] <... ioctl resumed>, 0x200000000000) = 0 [pid 301] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 325] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 301] close(9 [pid 325] <... ioctl resumed>, 0x200000000140) = 0 [pid 301] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 325] memfd_create("syzkaller", 0 [pid 301] close(10 [pid 325] <... memfd_create resumed>) = 5 [pid 301] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] close(11) = -1 EBADF (Bad file descriptor) [pid 325] <... mmap resumed>) = 0x7f12c0537000 [pid 301] close(12) = -1 EBADF (Bad file descriptor) [pid 325] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 301] close(13) = -1 EBADF (Bad file descriptor) [pid 301] close(14) = -1 EBADF (Bad file descriptor) [pid 301] close(15) = -1 EBADF (Bad file descriptor) [pid 301] close(16) = -1 EBADF (Bad file descriptor) [pid 301] close(17) = -1 EBADF (Bad file descriptor) [pid 301] close(18) = -1 EBADF (Bad file descriptor) [pid 301] close(19) = -1 EBADF (Bad file descriptor) [pid 301] close(20 [pid 322] <... ioctl resumed>) = 0 [pid 305] <... ioctl resumed>) = 0 [pid 301] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 322] close(5 [pid 305] close(6 [pid 301] close(21 [pid 322] <... close resumed>) = 0 [pid 305] <... close resumed>) = 0 [pid 301] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 322] close(6 [pid 305] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 301] close(22 [pid 305] <... openat resumed>) = 6 [pid 301] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 305] write(6, "#! ./file1\n", 11 [pid 301] close(23 [pid 305] <... write resumed>) = 11 [pid 301] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 305] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 301] close(24 [pid 305] <... mmap resumed>) = 0x200000000000 [pid 301] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 301] close(25) = -1 EBADF (Bad file descriptor) [pid 301] close(26) = -1 EBADF (Bad file descriptor) [pid 301] close(27) = -1 EBADF (Bad file descriptor) [pid 301] close(28) = -1 EBADF (Bad file descriptor) [pid 301] close(29) = -1 EBADF (Bad file descriptor) [pid 301] exit_group(0) = ? [pid 301] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 325] <... write resumed>) = 1048576 [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 306] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 306] close(3) = 0 [pid 306] close(4) = 0 [pid 306] close(5) = 0 [pid 306] close(6) = 0 [pid 306] close(7) = -1 EBADF (Bad file descriptor) [pid 306] close(8) = -1 EBADF (Bad file descriptor) [pid 306] close(9) = -1 EBADF (Bad file descriptor) [pid 306] close(10) = -1 EBADF (Bad file descriptor) [pid 306] close(11) = -1 EBADF (Bad file descriptor) [pid 306] close(12) = -1 EBADF (Bad file descriptor) [pid 306] close(13) = -1 EBADF (Bad file descriptor) [pid 306] close(14) = -1 EBADF (Bad file descriptor) [pid 306] close(15) = -1 EBADF (Bad file descriptor) [pid 306] close(16) = -1 EBADF (Bad file descriptor) [pid 306] close(17) = -1 EBADF (Bad file descriptor) [pid 306] close(18) = -1 EBADF (Bad file descriptor) [pid 306] close(19) = -1 EBADF (Bad file descriptor) [pid 306] close(20) = -1 EBADF (Bad file descriptor) [pid 306] close(21) = -1 EBADF (Bad file descriptor) [pid 306] close(22) = -1 EBADF (Bad file descriptor) [pid 306] close(23) = -1 EBADF (Bad file descriptor) [pid 306] close(24) = -1 EBADF (Bad file descriptor) [pid 306] close(25) = -1 EBADF (Bad file descriptor) [pid 306] close(26) = -1 EBADF (Bad file descriptor) [pid 306] close(27 [pid 292] <... restart_syscall resumed>) = 0 [pid 306] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 306] close(28) = -1 EBADF (Bad file descriptor) [pid 292] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 306] close(29 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 306] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 306] exit_group(0 [pid 292] <... openat resumed>) = 3 [pid 306] <... exit_group resumed>) = ? [pid 292] newfstatat(3, "", [pid 306] +++ exited with 0 +++ [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 325] munmap(0x7f12c0537000, 138412032) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 293] <... restart_syscall resumed>) = 0 [pid 293] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 305] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 305] close(3) = 0 [pid 305] close(4) = 0 [pid 305] close(5) = 0 [pid 305] close(6) = 0 [pid 305] close(7) = -1 EBADF (Bad file descriptor) [pid 305] close(8) = -1 EBADF (Bad file descriptor) [pid 305] close(9) = -1 EBADF (Bad file descriptor) [pid 305] close(10) = -1 EBADF (Bad file descriptor) [pid 305] close(11) = -1 EBADF (Bad file descriptor) [pid 305] close(12) = -1 EBADF (Bad file descriptor) [pid 305] close(13) = -1 EBADF (Bad file descriptor) [pid 305] close(14) = -1 EBADF (Bad file descriptor) [pid 305] close(15) = -1 EBADF (Bad file descriptor) [pid 305] close(16) = -1 EBADF (Bad file descriptor) [pid 305] close(17) = -1 EBADF (Bad file descriptor) [pid 305] close(18) = -1 EBADF (Bad file descriptor) [pid 305] close(19) = -1 EBADF (Bad file descriptor) [pid 305] close(20) = -1 EBADF (Bad file descriptor) [pid 305] close(21) = -1 EBADF (Bad file descriptor) [pid 305] close(22) = -1 EBADF (Bad file descriptor) [pid 305] close(23) = -1 EBADF (Bad file descriptor) [pid 305] close(24) = -1 EBADF (Bad file descriptor) [pid 305] close(25) = -1 EBADF (Bad file descriptor) [pid 305] close(26) = -1 EBADF (Bad file descriptor) [pid 305] close(27) = -1 EBADF (Bad file descriptor) [pid 305] close(28) = -1 EBADF (Bad file descriptor) [pid 305] close(29) = -1 EBADF (Bad file descriptor) [pid 305] exit_group(0) = ? [pid 305] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [ 25.822834][ T305] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 322] <... close resumed>) = 0 [pid 322] mkdir("./file0", 0777) = 0 [pid 322] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 325] <... openat resumed>) = 6 [pid 325] ioctl(6, LOOP_SET_FD, 5 [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/file0", [pid 325] <... ioctl resumed>) = 0 [pid 294] <... umount2 resumed>) = 0 [pid 293] <... umount2 resumed>) = 0 [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 325] close(5 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./0/file0", [pid 325] <... close resumed>) = 0 [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 325] close(6 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 325] <... close resumed>) = 0 [pid 293] <... openat resumed>) = 4 [pid 325] mkdir("./file0", 0777 [pid 293] newfstatat(4, "", [pid 325] <... mkdir resumed>) = 0 [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 325] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 293] getdents64(4, [pid 322] <... mount resumed>) = 0 [pid 293] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 293] getdents64(4, [pid 322] <... openat resumed>) = 5 [pid 293] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./0/file0") = 0 [pid 322] chdir("./file0" [pid 293] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 322] <... chdir resumed>) = 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 322] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 293] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 322] <... openat resumed>) = 6 [pid 293] unlink("./0/binderfs" [pid 322] ioctl(6, LOOP_CLR_FD [pid 293] <... unlink resumed>) = 0 [pid 322] <... ioctl resumed>) = 0 [pid 293] getdents64(3, [pid 322] close(6 [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 322] <... close resumed>) = 0 [pid 293] close(3 [pid 322] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 293] <... close resumed>) = 0 [pid 293] rmdir("./0") = 0 [pid 293] mkdir("./1", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 322] <... openat resumed>) = 6 [pid 293] <... openat resumed>) = 3 [pid 322] write(6, "#! ./file1\n", 11 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 322] <... write resumed>) = 11 [pid 322] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 3 [pid 322] <... mmap resumed>) = 0x200000000000 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 294] newfstatat(AT_FDCWD, "./0/file0", [pid 292] <... openat resumed>) = 4 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] newfstatat(4, "", [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] getdents64(4, [pid 294] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] <... openat resumed>) = 4 [pid 292] getdents64(4, [pid 294] newfstatat(4, "", [pid 292] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] close(4 [pid 294] getdents64(4, [pid 292] <... close resumed>) = 0 [pid 294] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] rmdir("./0/file0" [pid 294] getdents64(4, [pid 292] <... rmdir resumed>) = 0 [pid 294] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] close(4 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... close resumed>) = 0 [pid 292] newfstatat(AT_FDCWD, "./0/binderfs", [pid 294] rmdir("./0/file0" [pid 292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] <... rmdir resumed>) = 0 [pid 292] unlink("./0/binderfs" [pid 294] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... unlink resumed>) = 0 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] getdents64(3, [pid 294] newfstatat(AT_FDCWD, "./0/binderfs", [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] close(3 [pid 294] unlink("./0/binderfs" [pid 292] <... close resumed>) = 0 [pid 294] <... unlink resumed>) = 0 [pid 292] rmdir("./0" [pid 294] getdents64(3, [pid 292] <... rmdir resumed>) = 0 [pid 294] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] mkdir("./1", 0777 [pid 294] close(3 [pid 292] <... mkdir resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 294] rmdir("./0" [pid 292] <... openat resumed>) = 3 [pid 294] <... rmdir resumed>) = 0 [pid 292] ioctl(3, LOOP_CLR_FD [pid 294] mkdir("./1", 0777 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 294] <... mkdir resumed>) = 0 [pid 292] close(3./strace-static-x86_64: Process 331 attached [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 292] <... close resumed>) = 0 [pid 331] set_robust_list(0x555565cde760, 24 [pid 294] <... openat resumed>) = 3 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 331] <... set_robust_list resumed>) = 0 [pid 294] ioctl(3, LOOP_CLR_FD [pid 331] chdir("./1" [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 3 [pid 331] <... chdir resumed>) = 0 [pid 294] close(3./strace-static-x86_64: Process 332 attached [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] <... close resumed>) = 0 [pid 331] <... prctl resumed>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 331] setpgid(0, 0 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 3 [pid 331] <... setpgid resumed>) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 331] write(1, "executing program\n", 18) = 18 [pid 331] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 331] ioctl(3, VHOST_SET_OWNER./strace-static-x86_64: Process 333 attached [pid 332] set_robust_list(0x555565cde760, 24) = 0 [pid 332] chdir("./1") = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4 [pid 333] set_robust_list(0x555565cde760, 24 [pid 332] <... write resumed>) = 4 [pid 333] <... set_robust_list resumed>) = 0 [pid 332] close(3 [pid 333] chdir("./1" [pid 332] <... close resumed>) = 0 [pid 333] <... chdir resumed>) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 332] write(1, "executing program\n", 18 [pid 333] <... prctl resumed>) = 0 [pid 332] <... write resumed>) = 18 [pid 333] setpgid(0, 0 [pid 332] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 333] <... setpgid resumed>) = 0 [pid 332] <... openat resumed>) = 3 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 332] ioctl(3, VHOST_SET_OWNER [pid 331] <... ioctl resumed>, 0) = 0 [pid 333] <... openat resumed>) = 3 [pid 331] ioctl(3, VHOST_SET_VRING_ADDR [pid 333] write(3, "1000", 4 [pid 331] <... ioctl resumed>, 0x200000000300) = 0 [pid 333] <... write resumed>) = 4 [pid 331] ioctl(3, VHOST_SET_MEM_TABLE [pid 333] close(3 [pid 331] <... ioctl resumed>, 0x200000003380) = 0 [pid 333] <... close resumed>) = 0 [pid 331] eventfd2(118, EFD_SEMAPHORE [pid 333] symlink("/dev/binderfs", "./binderfs" [pid 331] <... eventfd2 resumed>) = 4 [pid 333] <... symlink resumed>) = 0 [pid 331] ioctl(3, VHOST_SET_VRING_ERRexecuting program [pid 333] write(1, "executing program\n", 18 [pid 331] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 333] <... write resumed>) = 18 [pid 331] ioctl(3, VHOST_SET_VRING_ADDR [pid 333] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 331] <... ioctl resumed>, 0x200000000240) = 0 [pid 333] <... openat resumed>) = 3 [pid 331] ioctl(3, VHOST_SET_VRING_KICK [pid 333] ioctl(3, VHOST_SET_OWNER [pid 331] <... ioctl resumed>, 0x200000000000) = 0 [pid 331] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 331] memfd_create("syzkaller", 0) = 5 [pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 331] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 332] <... ioctl resumed>, 0) = 0 [ 26.089417][ T322] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 26.104837][ T324] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-322: bg 0: block 234: padding at end of block bitmap is not set [pid 332] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 332] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 332] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 331] <... write resumed>) = 1048576 [pid 332] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 332] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 332] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 332] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 333] <... ioctl resumed>, 0) = 0 [pid 332] <... ioctl resumed>, 0x200000000140) = 0 [pid 333] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 333] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 333] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 333] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 333] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 333] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 333] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 333] memfd_create("syzkaller", 0 [pid 332] memfd_create("syzkaller", 0 [pid 333] <... memfd_create resumed>) = 5 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 332] <... memfd_create resumed>) = 5 [pid 333] <... mmap resumed>) = 0x7f12c0537000 [pid 333] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 333] <... write resumed>) = 1048576 [pid 333] munmap(0x7f12c0537000, 138412032 [pid 332] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 333] <... munmap resumed>) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 333] ioctl(6, LOOP_SET_FD, 5 [pid 332] <... write resumed>) = 1048576 [pid 332] munmap(0x7f12c0537000, 138412032 [pid 331] munmap(0x7f12c0537000, 138412032) = 0 [pid 331] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 333] <... ioctl resumed>) = 0 [pid 331] <... openat resumed>) = 6 [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 331] ioctl(6, LOOP_SET_FD, 5 [pid 325] <... mount resumed>) = 0 [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 333] close(5) = 0 [ 26.170919][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 333] close(6) = 0 [pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 322] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 333] mkdir("./file0", 0777) = 0 [pid 322] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 333] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 325] <... openat resumed>) = 5 [pid 322] close(3 [pid 325] chdir("./file0" [pid 322] <... close resumed>) = 0 [pid 325] <... chdir resumed>) = 0 [pid 322] close(4) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 322] close(5) = 0 [pid 322] close(6) = 0 [pid 322] close(7) = -1 EBADF (Bad file descriptor) [pid 322] close(8) = -1 EBADF (Bad file descriptor) [pid 322] close(9) = -1 EBADF (Bad file descriptor) [pid 322] close(10) = -1 EBADF (Bad file descriptor) [pid 322] close(11) = -1 EBADF (Bad file descriptor) [pid 332] <... munmap resumed>) = 0 [pid 322] close(12) = -1 EBADF (Bad file descriptor) [pid 332] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 322] close(13) = -1 EBADF (Bad file descriptor) [pid 322] close(14) = -1 EBADF (Bad file descriptor) [pid 322] close(15) = -1 EBADF (Bad file descriptor) [pid 322] close(16) = -1 EBADF (Bad file descriptor) [pid 322] close(17) = -1 EBADF (Bad file descriptor) [pid 322] close(18) = -1 EBADF (Bad file descriptor) [pid 322] close(19) = -1 EBADF (Bad file descriptor) [pid 322] close(20) = -1 EBADF (Bad file descriptor) [pid 322] close(21) = -1 EBADF (Bad file descriptor) [pid 322] close(22) = -1 EBADF (Bad file descriptor) [pid 322] close(23) = -1 EBADF (Bad file descriptor) [pid 322] close(24 [pid 331] <... ioctl resumed>) = 0 [pid 332] <... openat resumed>) = 6 [pid 331] close(5 [pid 325] <... openat resumed>) = 6 [pid 322] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 332] ioctl(6, LOOP_SET_FD, 5 [pid 331] <... close resumed>) = 0 [pid 322] close(25 [pid 331] close(6 [pid 325] ioctl(6, LOOP_CLR_FD [pid 322] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 322] close(26) = -1 EBADF (Bad file descriptor) [pid 322] close(27) = -1 EBADF (Bad file descriptor) [pid 322] close(28) = -1 EBADF (Bad file descriptor) [pid 322] close(29) = -1 EBADF (Bad file descriptor) [pid 322] exit_group(0) = ? [pid 322] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 332] <... ioctl resumed>) = 0 [pid 332] close(5 [pid 331] <... close resumed>) = 0 [pid 325] <... ioctl resumed>) = 0 [pid 332] <... close resumed>) = 0 [pid 331] mkdir("./file0", 0777 [pid 325] close(6 [pid 332] close(6) = 0 [pid 331] <... mkdir resumed>) = 0 [pid 325] <... close resumed>) = 0 [pid 332] mkdir("./file0", 0777 [pid 331] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 325] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 332] <... mkdir resumed>) = 0 [pid 332] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 325] <... openat resumed>) = 6 [pid 325] write(6, "#! ./file1\n", 11) = 11 [pid 325] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 333] <... mount resumed>) = 0 [pid 333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 333] chdir("./file0") = 0 [pid 333] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 325] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 325] close(3) = 0 [pid 325] close(4) = 0 [pid 325] close(5) = 0 [pid 325] close(6) = 0 [pid 325] close(7) = -1 EBADF (Bad file descriptor) [pid 325] close(8) = -1 EBADF (Bad file descriptor) [pid 325] close(9) = -1 EBADF (Bad file descriptor) [pid 325] close(10) = -1 EBADF (Bad file descriptor) [pid 325] close(11) = -1 EBADF (Bad file descriptor) [pid 325] close(12) = -1 EBADF (Bad file descriptor) [pid 325] close(13) = -1 EBADF (Bad file descriptor) [pid 325] close(14) = -1 EBADF (Bad file descriptor) [pid 325] close(15) = -1 EBADF (Bad file descriptor) [pid 325] close(16) = -1 EBADF (Bad file descriptor) [pid 325] close(17) = -1 EBADF (Bad file descriptor) [pid 325] close(18) = -1 EBADF (Bad file descriptor) [pid 325] close(19) = -1 EBADF (Bad file descriptor) [pid 325] close(20) = -1 EBADF (Bad file descriptor) [pid 325] close(21) = -1 EBADF (Bad file descriptor) [pid 325] close(22) = -1 EBADF (Bad file descriptor) [pid 325] close(23) = -1 EBADF (Bad file descriptor) [pid 325] close(24) = -1 EBADF (Bad file descriptor) [pid 325] close(25) = -1 EBADF (Bad file descriptor) [pid 325] close(26) = -1 EBADF (Bad file descriptor) [pid 325] close(27) = -1 EBADF (Bad file descriptor) [pid 325] close(28) = -1 EBADF (Bad file descriptor) [pid 325] close(29) = -1 EBADF (Bad file descriptor) [pid 325] exit_group(0) = ? [pid 325] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 26.277167][ T326] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-325: bg 0: block 234: padding at end of block bitmap is not set [ 26.293380][ T333] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 289] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 333] <... openat resumed>) = 6 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 333] ioctl(6, LOOP_CLR_FD [pid 289] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 333] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 333] close(6 [pid 289] newfstatat(AT_FDCWD, "./1/file0", [pid 333] <... close resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 333] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", [pid 333] <... openat resumed>) = 6 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 333] write(6, "#! ./file1\n", 11 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4 [pid 333] <... write resumed>) = 11 [pid 289] <... close resumed>) = 0 [pid 289] rmdir("./1/file0" [pid 333] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 289] <... rmdir resumed>) = 0 [pid 333] <... mmap resumed>) = 0x200000000000 [pid 289] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./1/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./1") = 0 [pid 289] mkdir("./2", 0777) = 0 [pid 288] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./1/file0") = 0 [pid 288] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./1/binderfs") = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./1") = 0 [pid 288] mkdir("./2", 0777) = 0 [ 26.379005][ T333] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] close(3 [pid 289] close(3 [pid 288] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 4 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 4 ./strace-static-x86_64: Process 349 attached ./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x555565cde760, 24) = 0 [pid 349] set_robust_list(0x555565cde760, 24 [pid 348] chdir("./2") = 0 [pid 349] <... set_robust_list resumed>) = 0 [pid 349] chdir("./2" [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 348] write(1, "executing program\n", 18) = 18 [pid 348] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 348] ioctl(3, VHOST_SET_OWNER [pid 349] <... chdir resumed>) = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0 [pid 332] <... mount resumed>) = 0 [pid 331] <... mount resumed>) = 0 [pid 349] <... setpgid resumed>) = 0 [pid 332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 349] <... openat resumed>) = 3 [pid 332] <... openat resumed>) = 5 [pid 331] <... openat resumed>) = 5 [pid 349] write(3, "1000", 4 [pid 332] chdir("./file0" [pid 331] chdir("./file0" [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 349] <... write resumed>) = 4 [pid 333] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 332] <... chdir resumed>) = 0 [pid 349] close(3 [pid 333] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 332] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 331] <... chdir resumed>) = 0 [pid 333] close(3 [pid 349] <... close resumed>) = 0 [pid 332] <... openat resumed>) = 6 [pid 349] symlink("/dev/binderfs", "./binderfs" [pid 332] ioctl(6, LOOP_CLR_FD [pid 331] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 348] <... ioctl resumed>, 0) = 0 [pid 348] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 349] <... symlink resumed>) = 0 [pid 348] ioctl(3, VHOST_SET_MEM_TABLE [pid 349] write(1, "executing program\n", 18 [pid 332] <... ioctl resumed>) = 0 [pid 331] <... openat resumed>) = 6 executing program [pid 349] <... write resumed>) = 18 [pid 349] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 332] close(6 [pid 331] ioctl(6, LOOP_CLR_FD [pid 333] <... close resumed>) = 0 [pid 349] <... openat resumed>) = 3 [pid 333] close(4) = 0 [pid 349] ioctl(3, VHOST_SET_OWNER [pid 333] close(5) = 0 [pid 333] close(6 [pid 332] <... close resumed>) = 0 [pid 331] <... ioctl resumed>) = 0 [pid 333] <... close resumed>) = 0 [pid 333] close(7 [pid 332] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 331] close(6 [pid 348] <... ioctl resumed>, 0x200000003380) = 0 [pid 348] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 348] ioctl(3, VHOST_SET_VRING_ERR [pid 333] close(8 [pid 348] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 332] <... openat resumed>) = 6 [pid 348] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 348] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 348] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 348] memfd_create("syzkaller", 0 [pid 333] close(9 [pid 332] write(6, "#! ./file1\n", 11 [pid 348] <... memfd_create resumed>) = 5 [pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 348] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 332] <... write resumed>) = 11 [pid 331] <... close resumed>) = 0 [pid 333] close(10) = -1 EBADF (Bad file descriptor) [pid 333] close(11) = -1 EBADF (Bad file descriptor) [pid 333] close(12) = -1 EBADF (Bad file descriptor) [pid 333] close(13) = -1 EBADF (Bad file descriptor) [pid 333] close(14) = -1 EBADF (Bad file descriptor) [ 26.420942][ T332] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 26.440461][ T331] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 333] close(15) = -1 EBADF (Bad file descriptor) [pid 333] close(16) = -1 EBADF (Bad file descriptor) [pid 333] close(17) = -1 EBADF (Bad file descriptor) [pid 333] close(18) = -1 EBADF (Bad file descriptor) [pid 333] close(19 [pid 332] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 331] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 333] close(20) = -1 EBADF (Bad file descriptor) [pid 332] <... mmap resumed>) = 0x200000000000 [pid 331] <... openat resumed>) = 6 [pid 333] close(21) = -1 EBADF (Bad file descriptor) [pid 333] close(22) = -1 EBADF (Bad file descriptor) [pid 333] close(23) = -1 EBADF (Bad file descriptor) [pid 333] close(24) = -1 EBADF (Bad file descriptor) [pid 333] close(25) = -1 EBADF (Bad file descriptor) [pid 333] close(26 [pid 348] <... write resumed>) = 1048576 [pid 348] munmap(0x7f12c0537000, 138412032) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 348] ioctl(6, LOOP_SET_FD, 5 [pid 333] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 331] write(6, "#! ./file1\n", 11 [pid 333] close(27) = -1 EBADF (Bad file descriptor) [pid 333] close(28) = -1 EBADF (Bad file descriptor) [pid 333] close(29) = -1 EBADF (Bad file descriptor) [pid 333] exit_group(0) = ? [pid 333] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 331] <... write resumed>) = 11 [pid 294] <... restart_syscall resumed>) = 0 [pid 294] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 331] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 349] <... ioctl resumed>, 0) = 0 [pid 349] ioctl(3, VHOST_SET_VRING_ADDR [pid 348] <... ioctl resumed>) = 0 [pid 348] close(5) = 0 [pid 348] close(6 [pid 349] <... ioctl resumed>, 0x200000000300) = 0 [pid 349] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 349] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 349] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 349] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 349] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 349] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 349] memfd_create("syzkaller", 0) = 5 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 331] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 349] <... mmap resumed>) = 0x7f12c0537000 [pid 331] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 349] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 331] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 331] close(3) = 0 [pid 331] close(4) = 0 [pid 331] close(5) = 0 [pid 331] close(6) = 0 [pid 331] close(7) = -1 EBADF (Bad file descriptor) [pid 331] close(8) = -1 EBADF (Bad file descriptor) [pid 331] close(9) = -1 EBADF (Bad file descriptor) [pid 331] close(10) = -1 EBADF (Bad file descriptor) [pid 331] close(11) = -1 EBADF (Bad file descriptor) [pid 331] close(12) = -1 EBADF (Bad file descriptor) [pid 331] close(13) = -1 EBADF (Bad file descriptor) [pid 331] close(14) = -1 EBADF (Bad file descriptor) [pid 331] close(15) = -1 EBADF (Bad file descriptor) [pid 331] close(16) = -1 EBADF (Bad file descriptor) [pid 331] close(17) = -1 EBADF (Bad file descriptor) [pid 331] close(18) = -1 EBADF (Bad file descriptor) [pid 331] close(19) = -1 EBADF (Bad file descriptor) [pid 331] close(20) = -1 EBADF (Bad file descriptor) [pid 331] close(21) = -1 EBADF (Bad file descriptor) [pid 331] close(22) = -1 EBADF (Bad file descriptor) [pid 331] close(23) = -1 EBADF (Bad file descriptor) [pid 331] close(24) = -1 EBADF (Bad file descriptor) [pid 331] close(25) = -1 EBADF (Bad file descriptor) [pid 331] close(26) = -1 EBADF (Bad file descriptor) [pid 331] close(27) = -1 EBADF (Bad file descriptor) [pid 331] close(28) = -1 EBADF (Bad file descriptor) [pid 331] close(29) = -1 EBADF (Bad file descriptor) [pid 331] exit_group(0) = ? [pid 331] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 293] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 332] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 332] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 332] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 332] close(3 [pid 349] <... write resumed>) = 1048576 [pid 349] munmap(0x7f12c0537000, 138412032 [pid 332] <... close resumed>) = 0 [pid 332] close(4) = 0 [pid 332] close(5) = 0 [pid 332] close(6) = 0 [pid 332] close(7) = -1 EBADF (Bad file descriptor) [pid 332] close(8) = -1 EBADF (Bad file descriptor) [pid 332] close(9) = -1 EBADF (Bad file descriptor) [pid 332] close(10) = -1 EBADF (Bad file descriptor) [pid 332] close(11) = -1 EBADF (Bad file descriptor) [pid 332] close(12) = -1 EBADF (Bad file descriptor) [pid 332] close(13) = -1 EBADF (Bad file descriptor) [pid 332] close(14) = -1 EBADF (Bad file descriptor) [pid 332] close(15) = -1 EBADF (Bad file descriptor) [pid 332] close(16) = -1 EBADF (Bad file descriptor) [pid 332] close(17) = -1 EBADF (Bad file descriptor) [pid 332] close(18) = -1 EBADF (Bad file descriptor) [pid 332] close(19) = -1 EBADF (Bad file descriptor) [pid 332] close(20) = -1 EBADF (Bad file descriptor) [pid 332] close(21) = -1 EBADF (Bad file descriptor) [pid 332] close(22) = -1 EBADF (Bad file descriptor) [pid 332] close(23) = -1 EBADF (Bad file descriptor) [pid 332] close(24) = -1 EBADF (Bad file descriptor) [pid 332] close(25) = -1 EBADF (Bad file descriptor) [pid 332] close(26) = -1 EBADF (Bad file descriptor) [pid 332] close(27) = -1 EBADF (Bad file descriptor) [pid 332] close(28 [pid 348] <... close resumed>) = 0 [pid 332] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 348] mkdir("./file0", 0777) = 0 [pid 332] close(29 [pid 348] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 332] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 332] exit_group(0) = ? [pid 332] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 349] <... munmap resumed>) = 0 [ 26.505073][ T332] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 26.530362][ T334] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm vhost-331: bg 0: block 234: padding at end of block bitmap is not set [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 292] <... restart_syscall resumed>) = 0 [pid 292] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./1/file0") = 0 [pid 294] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./1/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./1") = 0 [pid 294] mkdir("./2", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 349] <... openat resumed>) = 6 [pid 349] ioctl(6, LOOP_SET_FD, 5 [pid 293] <... umount2 resumed>) = 0 [pid 294] <... openat resumed>) = 3 [pid 294] ioctl(3, LOOP_CLR_FD [pid 293] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./1/file0") = 0 [pid 293] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./1/binderfs") = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./1") = 0 [pid 293] mkdir("./2", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 349] <... ioctl resumed>) = 0 [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] <... umount2 resumed>) = 0 [pid 349] close(5 [pid 294] close(3 [pid 349] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 349] close(6 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 349] <... close resumed>) = 0 [pid 349] mkdir("./file0", 0777 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 4 [pid 349] <... mkdir resumed>) = 0 [pid 349] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 293] <... openat resumed>) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 4 [pid 292] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x555565cde760, 24) = 0 [pid 358] chdir("./2") = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 292] newfstatat(AT_FDCWD, "./1/file0", [pid 358] symlink("/dev/binderfs", "./binderfs" [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 358] <... symlink resumed>) = 0 [pid 358] write(1, "executing program\n", 18) = 18 [pid 358] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 292] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... openat resumed>) = 3 [pid 358] ioctl(3, VHOST_SET_OWNER [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 357 attached [pid 292] getdents64(4, [pid 357] set_robust_list(0x555565cde760, 24 [pid 292] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 357] <... set_robust_list resumed>) = 0 [pid 292] getdents64(4, [pid 357] chdir("./2" [pid 292] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] close(4 [pid 357] <... chdir resumed>) = 0 [pid 292] <... close resumed>) = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 292] rmdir("./1/file0" [pid 357] <... prctl resumed>) = 0 [pid 357] setpgid(0, 0 [pid 292] <... rmdir resumed>) = 0 [pid 357] <... setpgid resumed>) = 0 [pid 292] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./1/binderfs", [pid 358] <... ioctl resumed>, 0) = 0 [pid 357] <... openat resumed>) = 3 [pid 292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 358] ioctl(3, VHOST_SET_MEM_TABLE [pid 357] write(3, "1000", 4 [pid 292] unlink("./1/binderfs" [pid 357] <... write resumed>) = 4 [pid 292] <... unlink resumed>) = 0 [pid 357] close(3) = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs" [pid 358] <... ioctl resumed>, 0x200000003380) = 0 [pid 358] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 292] close(3 [pid 358] ioctl(3, VHOST_SET_VRING_ERR [pid 357] <... symlink resumed>) = 0 [pid 292] <... close resumed>) = 0 [pid 358] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_KICK [pid 357] write(1, "executing program\n", 18 executing program [pid 292] rmdir("./1" [pid 357] <... write resumed>) = 18 [pid 292] <... rmdir resumed>) = 0 [pid 358] <... ioctl resumed>, 0x200000000000) = 0 [pid 357] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 292] mkdir("./2", 0777 [pid 358] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 357] <... openat resumed>) = 3 [pid 358] <... ioctl resumed>, 0x200000000140) = 0 [pid 292] <... mkdir resumed>) = 0 [pid 358] memfd_create("syzkaller", 0) = 5 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 358] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 357] ioctl(3, VHOST_SET_OWNER [pid 292] <... openat resumed>) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 4 [pid 348] <... mount resumed>) = 0 [pid 348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 357] <... ioctl resumed>, 0) = 0 [pid 348] chdir("./file0" [pid 357] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 348] <... chdir resumed>) = 0 [pid 357] ioctl(3, VHOST_SET_MEM_TABLE [pid 348] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 363 attached [pid 358] <... write resumed>) = 1048576 [pid 357] <... ioctl resumed>, 0x200000003380) = 0 [pid 349] <... mount resumed>) = 0 [pid 349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 348] <... openat resumed>) = 6 [pid 357] eventfd2(118, EFD_SEMAPHORE [pid 349] <... openat resumed>) = 5 [pid 348] ioctl(6, LOOP_CLR_FD [pid 357] <... eventfd2 resumed>) = 4 [pid 349] chdir("./file0" [pid 348] <... ioctl resumed>) = 0 [pid 363] set_robust_list(0x555565cde760, 24 [pid 358] munmap(0x7f12c0537000, 138412032 [pid 357] ioctl(3, VHOST_SET_VRING_ERR [pid 349] <... chdir resumed>) = 0 [pid 348] close(6 [pid 363] <... set_robust_list resumed>) = 0 [pid 358] <... munmap resumed>) = 0 [pid 357] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 348] <... close resumed>) = 0 [pid 363] chdir("./2" [pid 358] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 349] <... openat resumed>) = 6 [pid 348] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 363] <... chdir resumed>) = 0 [pid 358] <... openat resumed>) = 6 [pid 349] ioctl(6, LOOP_CLR_FD [pid 348] <... openat resumed>) = 6 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 358] ioctl(6, LOOP_SET_FD, 5 [pid 349] <... ioctl resumed>) = 0 [pid 348] write(6, "#! ./file1\n", 11 [pid 363] <... prctl resumed>) = 0 [pid 349] close(6 [pid 348] <... write resumed>) = 11 [pid 363] setpgid(0, 0 [pid 348] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 363] <... setpgid resumed>) = 0 [pid 348] <... mmap resumed>) = 0x200000000000 [ 26.754766][ T348] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 26.765814][ T349] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 357] ioctl(3, VHOST_SET_VRING_ADDR [pid 363] <... openat resumed>) = 3 [pid 357] <... ioctl resumed>, 0x200000000240) = 0 [pid 363] write(3, "1000", 4 [pid 357] ioctl(3, VHOST_SET_VRING_KICK [pid 363] <... write resumed>) = 4 [pid 363] close(3 [pid 357] <... ioctl resumed>, 0x200000000000) = 0 [pid 363] <... close resumed>) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 357] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 363] write(1, "executing program\n", 18executing program ) = 18 [pid 363] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 357] <... ioctl resumed>, 0x200000000140) = 0 [pid 363] <... openat resumed>) = 3 [pid 357] memfd_create("syzkaller", 0 [pid 363] ioctl(3, VHOST_SET_OWNER [pid 357] <... memfd_create resumed>) = 5 [pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 357] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 358] <... ioctl resumed>) = 0 [pid 349] <... close resumed>) = 0 [pid 358] close(5 [pid 349] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 358] <... close resumed>) = 0 [pid 349] <... openat resumed>) = 6 [pid 358] close(6 [pid 349] write(6, "#! ./file1\n", 11) = 11 [pid 349] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.807337][ T348] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 357] munmap(0x7f12c0537000, 138412032 [pid 363] <... ioctl resumed>, 0) = 0 [pid 357] <... munmap resumed>) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 348] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 348] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 363] ioctl(3, VHOST_SET_MEM_TABLE [pid 348] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 363] <... ioctl resumed>, 0x200000003380) = 0 [pid 348] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 363] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 363] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 348] close(3 [pid 363] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 363] memfd_create("syzkaller", 0) = 5 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 363] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 363] munmap(0x7f12c0537000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 348] <... close resumed>) = 0 [pid 348] close(4) = 0 [pid 348] close(5) = 0 [pid 348] close(6) = 0 [pid 348] close(7) = -1 EBADF (Bad file descriptor) [pid 348] close(8) = -1 EBADF (Bad file descriptor) [pid 348] close(9) = -1 EBADF (Bad file descriptor) [pid 348] close(10) = -1 EBADF (Bad file descriptor) [pid 348] close(11) = -1 EBADF (Bad file descriptor) [pid 348] close(12) = -1 EBADF (Bad file descriptor) [pid 348] close(13) = -1 EBADF (Bad file descriptor) [pid 348] close(14) = -1 EBADF (Bad file descriptor) [pid 348] close(15) = -1 EBADF (Bad file descriptor) [pid 348] close(16) = -1 EBADF (Bad file descriptor) [pid 348] close(17) = -1 EBADF (Bad file descriptor) [pid 348] close(18) = -1 EBADF (Bad file descriptor) [pid 348] close(19) = -1 EBADF (Bad file descriptor) [pid 348] close(20) = -1 EBADF (Bad file descriptor) [pid 348] close(21) = -1 EBADF (Bad file descriptor) [pid 348] close(22) = -1 EBADF (Bad file descriptor) [pid 348] close(23) = -1 EBADF (Bad file descriptor) [pid 348] close(24) = -1 EBADF (Bad file descriptor) [pid 348] close(25) = -1 EBADF (Bad file descriptor) [pid 348] close(26) = -1 EBADF (Bad file descriptor) [pid 348] close(27) = -1 EBADF (Bad file descriptor) [pid 348] close(28) = -1 EBADF (Bad file descriptor) [pid 348] close(29) = -1 EBADF (Bad file descriptor) [pid 348] exit_group(0) = ? [pid 348] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 358] <... close resumed>) = 0 [pid 358] mkdir("./file0", 0777) = 0 [pid 358] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 288] <... restart_syscall resumed>) = 0 [pid 288] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 363] <... openat resumed>) = 6 [pid 357] <... openat resumed>) = 6 [pid 363] ioctl(6, LOOP_SET_FD, 5 [ 26.843530][ T349] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 357] ioctl(6, LOOP_SET_FD, 5 [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 349] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 349] close(3) = 0 [pid 349] close(4) = 0 [pid 349] close(5) = 0 [pid 349] close(6) = 0 [pid 349] close(7) = -1 EBADF (Bad file descriptor) [pid 349] close(8) = -1 EBADF (Bad file descriptor) [pid 349] close(9) = -1 EBADF (Bad file descriptor) [pid 349] close(10 [pid 363] <... ioctl resumed>) = 0 [pid 363] close(5 [pid 349] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] <... close resumed>) = 0 [pid 349] close(11 [pid 363] close(6 [pid 349] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 349] close(12) = -1 EBADF (Bad file descriptor) [pid 349] close(13) = -1 EBADF (Bad file descriptor) [pid 349] close(14) = -1 EBADF (Bad file descriptor) [pid 349] close(15) = -1 EBADF (Bad file descriptor) [pid 349] close(16) = -1 EBADF (Bad file descriptor) [pid 349] close(17) = -1 EBADF (Bad file descriptor) [pid 349] close(18) = -1 EBADF (Bad file descriptor) [pid 349] close(19) = -1 EBADF (Bad file descriptor) [pid 349] close(20) = -1 EBADF (Bad file descriptor) [pid 349] close(21) = -1 EBADF (Bad file descriptor) [pid 349] close(22) = -1 EBADF (Bad file descriptor) [pid 349] close(23) = -1 EBADF (Bad file descriptor) [pid 349] close(24) = -1 EBADF (Bad file descriptor) [pid 349] close(25) = -1 EBADF (Bad file descriptor) [pid 349] close(26) = -1 EBADF (Bad file descriptor) [pid 349] close(27) = -1 EBADF (Bad file descriptor) [pid 349] close(28) = -1 EBADF (Bad file descriptor) [pid 349] close(29) = -1 EBADF (Bad file descriptor) [pid 349] exit_group(0) = ? [pid 349] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... mount resumed>) = 0 [pid 358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 358] chdir("./file0") = 0 [pid 358] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 357] <... ioctl resumed>) = 0 [pid 357] close(5) = 0 [ 26.926042][ T358] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 357] close(6 [pid 363] <... close resumed>) = 0 [pid 363] mkdir("./file0", 0777) = 0 [pid 363] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./2/file0") = 0 [pid 288] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./2/binderfs") = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./2") = 0 [pid 288] mkdir("./3", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 357] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 357] mkdir("./file0", 0777) = 0 [pid 357] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 289] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2/file0") = 0 [pid 289] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2") = 0 [pid 289] mkdir("./3", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3 [pid 289] <... openat resumed>) = 3 [pid 288] <... close resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] <... openat resumed>) = 6 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] close(3 [pid 358] ioctl(6, LOOP_CLR_FD [pid 289] <... close resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 5 [pid 358] <... ioctl resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 5 [pid 363] <... mount resumed>) = 0 [pid 363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 363] chdir("./file0") = 0 [pid 363] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 363] ioctl(6, LOOP_CLR_FD) = 0 [pid 363] close(6) = 0 [pid 363] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 358] close(6./strace-static-x86_64: Process 373 attached ) = 0 [pid 373] set_robust_list(0x555565cde760, 24 [pid 358] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 363] <... openat resumed>) = 6 [pid 363] write(6, "#! ./file1\n", 11 [pid 373] <... set_robust_list resumed>) = 0 [pid 363] <... write resumed>) = 11 [pid 363] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 358] <... openat resumed>) = 6 [pid 358] write(6, "#! ./file1\n", 11) = 11 [pid 358] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 363] <... mmap resumed>) = 0x200000000000 [ 27.110536][ T363] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 27.136133][ T358] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x555565cde760, 24) = 0 [pid 372] chdir("./3") = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 373] chdir("./3") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 372] <... prctl resumed>) = 0 [pid 373] <... prctl resumed>) = 0 [pid 372] setpgid(0, 0) = 0 [pid 373] setpgid(0, 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 373] <... setpgid resumed>) = 0 [pid 372] <... openat resumed>) = 3 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3 [pid 373] <... openat resumed>) = 3 [pid 372] <... close resumed>) = 0 [pid 373] write(3, "1000", 4 [pid 372] symlink("/dev/binderfs", "./binderfs" [pid 373] <... write resumed>) = 4 [pid 373] close(3) = 0 [pid 372] <... symlink resumed>) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs" [pid 372] write(1, "executing program\n", 18executing program ) = 18 [pid 372] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 373] <... symlink resumed>) = 0 executing program [pid 373] write(1, "executing program\n", 18) = 18 [pid 372] <... openat resumed>) = 3 [pid 372] ioctl(3, VHOST_SET_OWNER [pid 373] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 373] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 373] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 373] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 373] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 373] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 373] memfd_create("syzkaller", 0) = 5 [pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 373] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 372] <... ioctl resumed>, 0) = 0 [pid 372] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 372] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 372] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 372] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 372] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 372] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 372] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 372] memfd_create("syzkaller", 0) = 5 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 372] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 357] <... mount resumed>) = 0 [pid 357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 357] chdir("./file0") = 0 [pid 357] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 372] munmap(0x7f12c0537000, 138412032 [pid 357] ioctl(6, LOOP_CLR_FD) = 0 [pid 357] close(6 [pid 372] <... munmap resumed>) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 372] ioctl(6, LOOP_SET_FD, 5 [pid 373] <... write resumed>) = 1048576 [pid 373] munmap(0x7f12c0537000, 138412032) = 0 [ 27.152216][ T363] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 27.180587][ T357] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 372] <... ioctl resumed>) = 0 [pid 372] close(5) = 0 [pid 372] close(6) = 0 [pid 372] mkdir("./file0", 0777) = 0 [pid 372] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 357] <... close resumed>) = 0 [pid 357] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 357] write(6, "#! ./file1\n", 11) = 11 [pid 357] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 373] ioctl(6, LOOP_SET_FD, 5 [pid 357] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 357] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 357] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 357] close(3 [pid 373] <... ioctl resumed>) = 0 [pid 373] close(5) = 0 [pid 373] close(6 [pid 358] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 358] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 358] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 358] close(3 [pid 357] <... close resumed>) = 0 [pid 357] close(4) = 0 [pid 357] close(5) = 0 [pid 372] <... mount resumed>) = 0 [pid 357] close(6 [pid 372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 357] <... close resumed>) = 0 [pid 372] <... openat resumed>) = 5 [pid 372] chdir("./file0") = 0 [pid 372] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 357] close(7) = -1 EBADF (Bad file descriptor) [pid 357] close(8 [pid 363] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] close(9) = -1 EBADF (Bad file descriptor) [pid 357] close(10 [pid 363] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 358] <... close resumed>) = 0 [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 358] close(4) = 0 [pid 363] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 357] close(11 [pid 358] close(5 [pid 363] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 358] <... close resumed>) = 0 [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 358] close(6) = 0 [pid 358] close(7 [pid 363] close(3 [pid 357] close(12 [pid 358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 358] close(8) = -1 EBADF (Bad file descriptor) [pid 358] close(9) = -1 EBADF (Bad file descriptor) [pid 358] close(10) = -1 EBADF (Bad file descriptor) [pid 358] close(11) = -1 EBADF (Bad file descriptor) [pid 358] close(12) = -1 EBADF (Bad file descriptor) [pid 358] close(13) = -1 EBADF (Bad file descriptor) [pid 358] close(14) = -1 EBADF (Bad file descriptor) [pid 358] close(15) = -1 EBADF (Bad file descriptor) [pid 358] close(16 [pid 363] <... close resumed>) = 0 [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 373] <... close resumed>) = 0 [pid 372] <... openat resumed>) = 6 [pid 363] close(4 [pid 358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] close(13 [pid 373] mkdir("./file0", 0777 [pid 372] ioctl(6, LOOP_CLR_FD [pid 358] close(17 [pid 373] <... mkdir resumed>) = 0 [pid 372] <... ioctl resumed>) = 0 [pid 363] <... close resumed>) = 0 [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 27.248578][ T362] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-357: bg 0: block 234: padding at end of block bitmap is not set [ 27.280606][ T372] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 373] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 372] close(6 [pid 363] close(5 [pid 358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] <... close resumed>) = 0 [pid 358] close(18 [pid 363] <... close resumed>) = 0 [pid 357] close(14 [pid 372] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 363] close(6 [pid 358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] <... openat resumed>) = 6 [pid 363] <... close resumed>) = 0 [pid 358] close(19 [pid 372] write(6, "#! ./file1\n", 11 [pid 363] close(7 [pid 358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] close(15 [pid 372] <... write resumed>) = 11 [pid 358] close(20 [pid 372] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] <... mmap resumed>) = 0x200000000000 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 358] close(21 [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 358] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 358] close(22) = -1 EBADF (Bad file descriptor) [pid 358] close(23) = -1 EBADF (Bad file descriptor) [pid 358] close(24) = -1 EBADF (Bad file descriptor) [pid 358] close(25) = -1 EBADF (Bad file descriptor) [pid 358] close(26) = -1 EBADF (Bad file descriptor) [pid 358] close(27) = -1 EBADF (Bad file descriptor) [pid 358] close(28) = -1 EBADF (Bad file descriptor) [pid 358] close(29) = -1 EBADF (Bad file descriptor) [pid 358] exit_group(0) = ? [pid 358] +++ exited with 0 +++ [pid 363] close(8 [pid 357] close(16 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 363] close(9 [pid 357] close(17 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] close(10 [pid 357] close(18 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] close(11 [pid 357] close(19 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] close(12 [pid 357] close(20 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] close(13 [pid 357] close(21 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 363] close(14 [pid 357] close(22 [pid 293] <... restart_syscall resumed>) = 0 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] close(15 [pid 357] close(23 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 363] close(16 [pid 357] close(24 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 363] close(17 [pid 357] close(25 [pid 293] <... openat resumed>) = 3 [pid 372] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] newfstatat(3, "", [pid 372] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 363] close(18 [pid 357] close(26 [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 372] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] getdents64(3, [pid 372] close(3 [pid 363] close(19 [pid 357] close(27 [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 363] close(20 [pid 357] close(28 [pid 372] <... close resumed>) = 0 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] close(21 [pid 357] close(29 [pid 372] close(4) = 0 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] close(5 [pid 363] close(22 [pid 357] exit_group(0 [pid 372] <... close resumed>) = 0 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 357] <... exit_group resumed>) = ? [pid 372] close(6 [pid 363] close(23 [pid 357] +++ exited with 0 +++ [pid 372] <... close resumed>) = 0 [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 372] close(7 [pid 363] close(24 [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] close(8 [pid 363] close(25 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] close(9 [pid 363] close(26 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] close(10 [pid 363] close(27 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] close(11 [pid 363] close(28 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] close(12 [pid 363] close(29 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] close(13 [pid 363] exit_group(0 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 363] <... exit_group resumed>) = ? [pid 372] close(14 [pid 363] +++ exited with 0 +++ [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 372] close(15 [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] close(16) = -1 EBADF (Bad file descriptor) [pid 372] close(17 [pid 373] <... mount resumed>) = 0 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 372] close(18 [pid 373] <... openat resumed>) = 5 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 373] chdir("./file0" [pid 372] close(19 [pid 373] <... chdir resumed>) = 0 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 372] close(20) = -1 EBADF (Bad file descriptor) [pid 372] close(21) = -1 EBADF (Bad file descriptor) [pid 372] close(22) = -1 EBADF (Bad file descriptor) [pid 372] close(23) = -1 EBADF (Bad file descriptor) [pid 372] close(24) = -1 EBADF (Bad file descriptor) [pid 372] close(25) = -1 EBADF (Bad file descriptor) [pid 372] close(26) = -1 EBADF (Bad file descriptor) [pid 372] close(27 [pid 294] <... restart_syscall resumed>) = 0 [pid 292] <... restart_syscall resumed>) = 0 [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 372] close(28) = -1 EBADF (Bad file descriptor) [pid 294] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 372] close(29 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 372] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 372] exit_group(0 [pid 294] <... openat resumed>) = 3 [pid 292] <... openat resumed>) = 3 [pid 372] <... exit_group resumed>) = ? [pid 294] newfstatat(3, "", [pid 292] newfstatat(3, "", [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 372] +++ exited with 0 +++ [pid 294] getdents64(3, [pid 292] getdents64(3, [pid 294] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 294] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... umount2 resumed>) = 0 [pid 373] <... openat resumed>) = 6 [pid 293] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 373] ioctl(6, LOOP_CLR_FD [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./2/file0") = 0 [pid 293] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 27.347021][ T376] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-372: bg 0: block 234: padding at end of block bitmap is not set [ 27.381912][ T373] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 293] unlink("./2/binderfs") = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./2") = 0 [pid 293] mkdir("./3", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 373] <... ioctl resumed>) = 0 [pid 294] <... umount2 resumed>) = 0 [pid 293] <... openat resumed>) = 3 [pid 292] <... umount2 resumed>) = 0 [pid 373] close(6 [pid 293] ioctl(3, LOOP_CLR_FD [pid 373] <... close resumed>) = 0 [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 373] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 293] close(3 [pid 373] <... openat resumed>) = 6 [pid 293] <... close resumed>) = 0 [pid 373] write(6, "#! ./file1\n", 11 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 373] <... write resumed>) = 11 [pid 373] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 5 [pid 373] <... mmap resumed>) = 0x200000000000 ./strace-static-x86_64: Process 384 attached [pid 294] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = 0 [pid 384] set_robust_list(0x555565cde760, 24 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 384] <... set_robust_list resumed>) = 0 [pid 294] newfstatat(AT_FDCWD, "./2/file0", [pid 292] newfstatat(AT_FDCWD, "./2/file0", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 384] chdir("./3" [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] newfstatat(AT_FDCWD, "./3/file0", [pid 384] <... chdir resumed>) = 0 [pid 294] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 384] <... prctl resumed>) = 0 [pid 294] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... openat resumed>) = 4 [pid 288] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 384] setpgid(0, 0 [pid 294] newfstatat(4, "", [pid 292] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... openat resumed>) = 4 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] <... openat resumed>) = 4 [pid 288] newfstatat(4, "", [pid 384] <... setpgid resumed>) = 0 [pid 294] getdents64(4, [pid 292] newfstatat(4, "", [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 384] <... openat resumed>) = 3 [pid 294] getdents64(4, [pid 292] getdents64(4, [pid 288] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 384] write(3, "1000", 4 [pid 294] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] getdents64(4, [pid 384] <... write resumed>) = 4 [pid 292] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] close(4 [pid 384] close(3 [pid 292] getdents64(4, [pid 288] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 288] close(4 [pid 373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 373] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 373] close(3 [pid 294] <... close resumed>) = 0 [pid 292] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] <... close resumed>) = 0 [pid 384] <... close resumed>) = 0 [pid 294] rmdir("./2/file0") = 0 [pid 294] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./2/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./2") = 0 [pid 294] mkdir("./3", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD executing program [pid 384] symlink("/dev/binderfs", "./binderfs" [pid 292] close(4 [pid 288] rmdir("./3/file0" [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 5 [pid 384] <... symlink resumed>) = 0 [pid 292] <... close resumed>) = 0 [pid 384] write(1, "executing program\n", 18 [pid 292] rmdir("./2/file0" [pid 288] <... rmdir resumed>) = 0 [pid 384] <... write resumed>) = 18 ./strace-static-x86_64: Process 385 attached [pid 384] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 373] <... close resumed>) = 0 [pid 292] <... rmdir resumed>) = 0 [pid 288] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 384] <... openat resumed>) = 3 [pid 373] close(4 [pid 292] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 384] ioctl(3, VHOST_SET_OWNER [pid 373] <... close resumed>) = 0 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./3/binderfs", [pid 373] close(5 [pid 292] newfstatat(AT_FDCWD, "./2/binderfs", [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 385] set_robust_list(0x555565cde760, 24 [pid 384] <... ioctl resumed>, 0) = 0 [pid 373] <... close resumed>) = 0 [pid 292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./3/binderfs" [pid 385] <... set_robust_list resumed>) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR [pid 292] unlink("./2/binderfs" [pid 385] chdir("./3" [pid 384] <... ioctl resumed>, 0x200000000300) = 0 [pid 288] <... unlink resumed>) = 0 [pid 385] <... chdir resumed>) = 0 [pid 384] ioctl(3, VHOST_SET_MEM_TABLE [pid 292] <... unlink resumed>) = 0 [pid 288] getdents64(3, [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] <... ioctl resumed>, 0x200000003380) = 0 [pid 385] setpgid(0, 0 [pid 384] eventfd2(118, EFD_SEMAPHORE [pid 292] getdents64(3, [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 385] <... setpgid resumed>) = 0 [pid 384] <... eventfd2 resumed>) = 4 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 384] ioctl(3, VHOST_SET_VRING_ERR [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 385] <... openat resumed>) = 3 [pid 384] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 373] close(6 [pid 385] write(3, "1000", 4 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR [pid 292] close(3 [pid 288] <... close resumed>) = 0 [pid 385] <... write resumed>) = 4 [pid 384] <... ioctl resumed>, 0x200000000240) = 0 [pid 292] <... close resumed>) = 0 [pid 288] rmdir("./3" [pid 385] close(3 [pid 384] ioctl(3, VHOST_SET_VRING_KICK [pid 373] <... close resumed>) = 0 [pid 385] <... close resumed>) = 0 [pid 384] <... ioctl resumed>, 0x200000000000) = 0 [pid 292] rmdir("./2" [pid 288] <... rmdir resumed>) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs" [pid 384] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 385] <... symlink resumed>) = 0 [pid 384] <... ioctl resumed>, 0x200000000140) = 0 [pid 373] close(7 [pid 292] <... rmdir resumed>) = 0 [pid 288] mkdir("./4", 0777 executing program [pid 385] write(1, "executing program\n", 18 [pid 384] memfd_create("syzkaller", 0 [pid 373] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] mkdir("./3", 0777 [pid 288] <... mkdir resumed>) = 0 [pid 385] <... write resumed>) = 18 [pid 384] <... memfd_create resumed>) = 5 [pid 373] close(8 [pid 292] <... mkdir resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 385] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 373] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 288] <... openat resumed>) = 3 [pid 385] <... openat resumed>) = 3 [pid 384] <... mmap resumed>) = 0x7f12c0537000 [pid 373] close(9 [pid 292] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 385] ioctl(3, VHOST_SET_OWNER [pid 373] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] ioctl(3, LOOP_CLR_FD [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 373] close(10 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] close(3 [pid 373] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] close(3 [pid 288] <... close resumed>) = 0 [pid 373] close(11 [pid 292] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 373] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 373] close(12 [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 6 [pid 373] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 5 [pid 373] close(13) = -1 EBADF (Bad file descriptor) [pid 373] close(14) = -1 EBADF (Bad file descriptor) [pid 373] close(15) = -1 EBADF (Bad file descriptor) [pid 373] close(16) = -1 EBADF (Bad file descriptor) [pid 373] close(17) = -1 EBADF (Bad file descriptor) [pid 373] close(18) = -1 EBADF (Bad file descriptor) [pid 373] close(19) = -1 EBADF (Bad file descriptor) [pid 373] close(20) = -1 EBADF (Bad file descriptor) [pid 373] close(21) = -1 EBADF (Bad file descriptor) [pid 373] close(22) = -1 EBADF (Bad file descriptor) [pid 373] close(23) = -1 EBADF (Bad file descriptor) [pid 373] close(24) = -1 EBADF (Bad file descriptor) [pid 373] close(25) = -1 EBADF (Bad file descriptor) [pid 373] close(26) = -1 EBADF (Bad file descriptor) [pid 373] close(27) = -1 EBADF (Bad file descriptor) [pid 373] close(28) = -1 EBADF (Bad file descriptor) [pid 373] close(29) = -1 EBADF (Bad file descriptor) [pid 373] exit_group(0) = ? [pid 373] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 388 attached [pid 384] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 388] set_robust_list(0x555565cde760, 24) = 0 [pid 388] chdir("./3") = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 387 attached [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3 [pid 387] set_robust_list(0x555565cde760, 24 [pid 388] <... close resumed>) = 0 [pid 387] <... set_robust_list resumed>) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs" [pid 387] chdir("./4" [pid 388] <... symlink resumed>) = 0 executing program [pid 388] write(1, "executing program\n", 18 [pid 387] <... chdir resumed>) = 0 [pid 384] <... write resumed>) = 1048576 [pid 388] <... write resumed>) = 18 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 388] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 387] <... prctl resumed>) = 0 [pid 388] <... openat resumed>) = 3 [pid 387] setpgid(0, 0 [pid 388] ioctl(3, VHOST_SET_OWNER [pid 387] <... setpgid resumed>) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4 [pid 384] munmap(0x7f12c0537000, 138412032 [pid 387] <... write resumed>) = 4 [pid 385] <... ioctl resumed>, 0) = 0 [pid 387] close(3 [pid 385] ioctl(3, VHOST_SET_VRING_ADDR [pid 384] <... munmap resumed>) = 0 [pid 385] <... ioctl resumed>, 0x200000000300) = 0 [pid 387] <... close resumed>) = 0 [pid 385] ioctl(3, VHOST_SET_MEM_TABLE [pid 384] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 387] symlink("/dev/binderfs", "./binderfs" [pid 385] <... ioctl resumed>, 0x200000003380) = 0 [pid 384] <... openat resumed>) = 6 [pid 385] eventfd2(118, EFD_SEMAPHOREexecuting program [pid 387] <... symlink resumed>) = 0 [pid 385] <... eventfd2 resumed>) = 4 [pid 384] ioctl(6, LOOP_SET_FD, 5 [pid 385] ioctl(3, VHOST_SET_VRING_ERR [pid 387] write(1, "executing program\n", 18 [pid 385] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 387] <... write resumed>) = 18 [ 27.606268][ T373] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 385] ioctl(3, VHOST_SET_VRING_ADDR [pid 387] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 385] <... ioctl resumed>, 0x200000000240) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 385] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 387] <... openat resumed>) = 3 [pid 385] memfd_create("syzkaller", 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 387] ioctl(3, VHOST_SET_OWNER [pid 385] <... memfd_create resumed>) = 5 [pid 388] <... ioctl resumed>, 0) = 0 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 289] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 385] <... mmap resumed>) = 0x7f12c0537000 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 388] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 388] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 388] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 388] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 385] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 384] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 384] close(5 [pid 289] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 384] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 384] close(6 [pid 289] newfstatat(3, "", [pid 388] memfd_create("syzkaller", 0) = 5 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 289] getdents64(3, [pid 388] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 385] <... write resumed>) = 1048576 [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 385] munmap(0x7f12c0537000, 138412032 [pid 289] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 385] <... munmap resumed>) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 387] <... ioctl resumed>, 0) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 387] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 387] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 387] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 387] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 387] memfd_create("syzkaller", 0) = 5 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 387] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 388] <... write resumed>) = 1048576 [pid 385] <... openat resumed>) = 6 [pid 384] <... close resumed>) = 0 [pid 385] ioctl(6, LOOP_SET_FD, 5 [pid 384] mkdir("./file0", 0777) = 0 [pid 384] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 387] <... write resumed>) = 1048576 [pid 388] munmap(0x7f12c0537000, 138412032) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 387] munmap(0x7f12c0537000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./3/file0") = 0 [pid 289] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./3/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./3") = 0 [pid 289] mkdir("./4", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 385] <... ioctl resumed>) = 0 [pid 388] <... openat resumed>) = 6 [pid 387] <... openat resumed>) = 6 [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 388] ioctl(6, LOOP_SET_FD, 5 [pid 387] ioctl(6, LOOP_SET_FD, 5 [pid 385] close(5) = 0 [pid 385] close(6 [pid 388] <... ioctl resumed>) = 0 [pid 388] close(5 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 388] <... close resumed>) = 0 [pid 289] close(3 [pid 388] close(6 [pid 387] <... ioctl resumed>) = 0 [pid 385] <... close resumed>) = 0 [pid 385] mkdir("./file0", 0777 [pid 387] close(5 [pid 385] <... mkdir resumed>) = 0 [pid 387] <... close resumed>) = 0 [pid 385] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 387] close(6 [pid 384] <... mount resumed>) = 0 [pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 384] chdir("./file0") = 0 [pid 384] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 289] <... close resumed>) = 0 [pid 388] <... close resumed>) = 0 [pid 388] mkdir("./file0", 0777 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 388] <... mkdir resumed>) = 0 [pid 388] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 6 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x555565cde760, 24) = 0 [pid 398] chdir("./4") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 398] write(1, "executing program\n", 18executing program ) = 18 [pid 398] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [ 27.843282][ T384] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 398] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 398] ioctl(3, VHOST_SET_MEM_TABLE [pid 387] <... close resumed>) = 0 [pid 384] <... openat resumed>) = 6 [pid 387] mkdir("./file0", 0777 [pid 384] ioctl(6, LOOP_CLR_FD [pid 398] <... ioctl resumed>, 0x200000003380) = 0 [pid 387] <... mkdir resumed>) = 0 [pid 387] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 398] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 398] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 398] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 398] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 398] memfd_create("syzkaller", 0) = 5 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 398] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 385] <... mount resumed>) = 0 [pid 385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 385] chdir("./file0") = 0 [pid 385] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 398] munmap(0x7f12c0537000, 138412032) = 0 [ 27.915435][ T385] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 384] <... ioctl resumed>) = 0 [pid 398] <... openat resumed>) = 6 [pid 385] <... openat resumed>) = 6 [pid 398] ioctl(6, LOOP_SET_FD, 5 [pid 385] ioctl(6, LOOP_CLR_FD) = 0 [pid 385] close(6 [pid 384] close(6 [pid 398] <... ioctl resumed>) = 0 [pid 385] <... close resumed>) = 0 [pid 385] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 384] <... close resumed>) = 0 [pid 398] close(5 [pid 384] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 398] <... close resumed>) = 0 [pid 398] close(6) = 0 [pid 398] mkdir("./file0", 0777) = 0 [pid 398] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 384] <... openat resumed>) = 6 [pid 385] <... openat resumed>) = 6 [pid 384] write(6, "#! ./file1\n", 11 [pid 385] write(6, "#! ./file1\n", 11 [pid 384] <... write resumed>) = 11 [pid 385] <... write resumed>) = 11 [pid 384] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 385] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 384] <... mmap resumed>) = 0x200000000000 [pid 385] <... mmap resumed>) = 0x200000000000 [ 27.994235][ T384] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 28.009631][ T389] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-385: bg 0: block 234: padding at end of block bitmap is not set [pid 388] <... mount resumed>) = 0 [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 388] chdir("./file0") = 0 [pid 388] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 388] ioctl(6, LOOP_CLR_FD) = 0 [pid 388] close(6) = 0 [pid 388] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 398] <... mount resumed>) = 0 [pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 398] chdir("./file0") = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 385] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 388] <... openat resumed>) = 6 [pid 385] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 388] write(6, "#! ./file1\n", 11 [pid 385] close(3 [pid 388] <... write resumed>) = 11 [pid 388] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 398] ioctl(6, LOOP_CLR_FD) = 0 [pid 388] <... mmap resumed>) = 0x200000000000 [pid 398] close(6 [pid 387] <... mount resumed>) = 0 [pid 398] <... close resumed>) = 0 [pid 387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 398] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 387] chdir("./file0") = 0 [pid 387] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 387] ioctl(6, LOOP_CLR_FD) = 0 [pid 387] close(6) = 0 [pid 387] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 398] <... openat resumed>) = 6 [pid 398] write(6, "#! ./file1\n", 11 [pid 387] <... openat resumed>) = 6 [pid 398] <... write resumed>) = 11 [pid 398] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 387] write(6, "#! ./file1\n", 11 [pid 398] <... mmap resumed>) = 0x200000000000 [pid 387] <... write resumed>) = 11 [ 28.070812][ T388] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 28.096171][ T398] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 28.106012][ T387] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 387] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 385] <... close resumed>) = 0 [pid 384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 385] close(4) = 0 [pid 385] close(5) = 0 [pid 385] close(6) = 0 [pid 385] close(7) = -1 EBADF (Bad file descriptor) [pid 385] close(8) = -1 EBADF (Bad file descriptor) [pid 385] close(9) = -1 EBADF (Bad file descriptor) [pid 385] close(10) = -1 EBADF (Bad file descriptor) [pid 385] close(11) = -1 EBADF (Bad file descriptor) [pid 385] close(12) = -1 EBADF (Bad file descriptor) [pid 385] close(13) = -1 EBADF (Bad file descriptor) [pid 385] close(14) = -1 EBADF (Bad file descriptor) [pid 385] close(15) = -1 EBADF (Bad file descriptor) [pid 385] close(16) = -1 EBADF (Bad file descriptor) [pid 385] close(17) = -1 EBADF (Bad file descriptor) [pid 385] close(18 [pid 384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 385] close(19 [pid 384] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] close(3 [pid 385] close(20) = -1 EBADF (Bad file descriptor) [pid 385] close(21) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = 0 [pid 385] close(22 [pid 384] close(4 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = 0 [pid 385] close(23 [pid 384] close(5 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = 0 [pid 385] close(24 [pid 384] close(6 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = 0 [pid 385] close(25 [pid 384] close(7 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(26 [pid 384] close(8 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(27 [pid 384] close(9 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(28 [pid 384] close(10 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] close(29 [pid 384] close(11 [pid 385] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 385] exit_group(0 [pid 384] close(12 [pid 385] <... exit_group resumed>) = ? [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 385] +++ exited with 0 +++ [pid 384] close(13 [pid 387] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 387] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 387] close(3 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 398] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 398] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 398] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 398] close(3 [pid 388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 384] close(14 [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 388] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 388] close(3 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] <... restart_syscall resumed>) = 0 [pid 384] close(15) = -1 EBADF (Bad file descriptor) [pid 384] close(16 [pid 387] <... close resumed>) = 0 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(4 [pid 294] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 388] <... close resumed>) = 0 [pid 387] <... close resumed>) = 0 [pid 384] close(17 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 387] close(5 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = 0 [pid 294] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 384] close(18 [pid 387] close(6 [pid 294] <... openat resumed>) = 3 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = 0 [pid 294] newfstatat(3, "", [pid 398] <... close resumed>) = 0 [pid 388] close(4 [pid 387] close(7 [pid 384] close(19 [pid 398] close(4 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 388] <... close resumed>) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 398] <... close resumed>) = 0 [pid 388] close(5 [pid 387] close(8 [pid 384] close(20 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(9 [pid 384] close(21 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(10 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 398] close(5 [pid 384] close(22 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(11 [pid 384] close(23 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(12 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] close(24 [pid 398] <... close resumed>) = 0 [pid 387] close(13 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] close(25 [pid 398] close(6) = 0 [pid 388] <... close resumed>) = 0 [pid 387] close(14 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] close(26 [pid 387] close(15 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] close(27 [pid 387] close(16 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] close(28 [pid 387] close(17 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] close(29 [pid 387] close(18 [pid 384] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] exit_group(0 [pid 387] close(19 [pid 384] <... exit_group resumed>) = ? [pid 398] close(7 [pid 388] close(6 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 398] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 384] +++ exited with 0 +++ [pid 387] close(20 [pid 388] <... close resumed>) = 0 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 398] close(8 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 387] close(21 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(22 [pid 388] close(7 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(23 [pid 388] close(8 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(24 [pid 388] close(9 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(25 [pid 388] close(10 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(26 [pid 388] close(11 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(27 [pid 388] close(12 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(28 [pid 388] close(13 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] close(29 [pid 388] close(14 [pid 387] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] close(15 [pid 387] exit_group(0 [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 387] <... exit_group resumed>) = ? [pid 388] close(16) = -1 EBADF (Bad file descriptor) [pid 388] close(17) = -1 EBADF (Bad file descriptor) [pid 388] close(18) = -1 EBADF (Bad file descriptor) [pid 388] close(19) = -1 EBADF (Bad file descriptor) [pid 388] close(20) = -1 EBADF (Bad file descriptor) [pid 388] close(21) = -1 EBADF (Bad file descriptor) [pid 387] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 388] close(22) = -1 EBADF (Bad file descriptor) [pid 388] close(23) = -1 EBADF (Bad file descriptor) [pid 388] close(24) = -1 EBADF (Bad file descriptor) [pid 388] close(25 [pid 398] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] close(26) = -1 EBADF (Bad file descriptor) [pid 388] close(27) = -1 EBADF (Bad file descriptor) [pid 293] <... restart_syscall resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 398] close(9 [pid 388] close(28 [pid 398] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 398] close(10 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 398] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 388] close(29 [pid 293] <... openat resumed>) = 3 [pid 293] newfstatat(3, "", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 398] close(11 [pid 388] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, [pid 288] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 398] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... openat resumed>) = 3 [pid 398] close(12 [pid 388] exit_group(0 [pid 398] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 288] newfstatat(3, "", [pid 388] <... exit_group resumed>) = ? [pid 398] close(13 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 388] +++ exited with 0 +++ [pid 288] getdents64(3, [pid 398] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 288] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 398] close(14) = -1 EBADF (Bad file descriptor) [pid 398] close(15) = -1 EBADF (Bad file descriptor) [pid 398] close(16) = -1 EBADF (Bad file descriptor) [pid 398] close(17) = -1 EBADF (Bad file descriptor) [pid 398] close(18) = -1 EBADF (Bad file descriptor) [pid 398] close(19) = -1 EBADF (Bad file descriptor) [pid 398] close(20) = -1 EBADF (Bad file descriptor) [pid 398] close(21) = -1 EBADF (Bad file descriptor) [pid 398] close(22) = -1 EBADF (Bad file descriptor) [pid 398] close(23) = -1 EBADF (Bad file descriptor) [pid 398] close(24) = -1 EBADF (Bad file descriptor) [pid 398] close(25) = -1 EBADF (Bad file descriptor) [pid 398] close(26) = -1 EBADF (Bad file descriptor) [pid 398] close(27) = -1 EBADF (Bad file descriptor) [pid 398] close(28) = -1 EBADF (Bad file descriptor) [pid 398] close(29) = -1 EBADF (Bad file descriptor) [pid 398] exit_group(0) = ? [pid 398] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 292] <... restart_syscall resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 292] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [ 28.141778][ T398] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 28.146283][ T388] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 28.167794][ T387] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 292] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(3, "", [pid 294] newfstatat(AT_FDCWD, "./3/file0", [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] getdents64(3, [pid 294] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./3/file0") = 0 [pid 294] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./3/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./3") = 0 [pid 294] mkdir("./4", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] <... umount2 resumed>) = 0 [pid 292] <... umount2 resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 executing program [pid 294] close(3 [pid 293] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... close resumed>) = 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./3/file0") = 0 [pid 293] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./3/binderfs") = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./3") = 0 [pid 293] mkdir("./4", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 6 ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x555565cde760, 24) = 0 [pid 409] chdir("./4") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 409] write(1, "executing program\n", 18) = 18 [pid 409] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 409] ioctl(3, VHOST_SET_OWNER [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 6 [pid 292] newfstatat(AT_FDCWD, "./3/file0", [pid 289] newfstatat(AT_FDCWD, "./4/file0", [pid 288] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... openat resumed>) = 4 [pid 292] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 4 [pid 292] newfstatat(4, "", [pid 289] newfstatat(4, "", [pid 288] newfstatat(4, "", ./strace-static-x86_64: Process 411 attached [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 411] set_robust_list(0x555565cde760, 24 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, [pid 292] getdents64(4, [pid 289] getdents64(4, [pid 292] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, [pid 289] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 292] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] getdents64(4, [pid 288] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] close(4 [pid 289] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4 [pid 292] <... close resumed>) = 0 [pid 289] close(4 [pid 292] rmdir("./3/file0" [pid 288] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 292] <... rmdir resumed>) = 0 [pid 289] rmdir("./4/file0" [pid 288] rmdir("./4/file0" [pid 292] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 411] <... set_robust_list resumed>) = 0 [pid 292] newfstatat(AT_FDCWD, "./3/binderfs", [pid 288] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] unlink("./3/binderfs" [pid 289] newfstatat(AT_FDCWD, "./4/binderfs", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] <... unlink resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./4/binderfs", [pid 292] getdents64(3, [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] close(3 [pid 289] unlink("./4/binderfs" [pid 288] unlink("./4/binderfs" [pid 292] <... close resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 292] rmdir("./3" [pid 289] <... unlink resumed>) = 0 [pid 288] getdents64(3, [pid 292] <... rmdir resumed>) = 0 [pid 289] getdents64(3, [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] mkdir("./4", 0777 [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 292] <... mkdir resumed>) = 0 [pid 289] close(3 [pid 288] <... close resumed>) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... close resumed>) = 0 [pid 288] rmdir("./4" [pid 292] <... openat resumed>) = 3 [pid 289] rmdir("./4" [pid 292] ioctl(3, LOOP_CLR_FD [pid 288] <... rmdir resumed>) = 0 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... rmdir resumed>) = 0 executing program [pid 292] close(3 [pid 288] mkdir("./5", 0777 [pid 292] <... close resumed>) = 0 [pid 411] chdir("./4" [pid 288] <... mkdir resumed>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] mkdir("./5", 0777 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 411] <... chdir resumed>) = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 288] <... openat resumed>) = 3 [pid 289] <... mkdir resumed>) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 6 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] close(3 [pid 411] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 288] <... close resumed>) = 0 [pid 411] write(3, "1000", 4 [pid 289] ioctl(3, LOOP_CLR_FD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 411] <... write resumed>) = 4 [pid 411] close(3) = 0 [pid 411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 411] write(1, "executing program\n", 18) = 18 [pid 411] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 411] <... openat resumed>) = 3 [pid 289] close(3 executing program [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 7 [pid 411] ioctl(3, VHOST_SET_OWNER [pid 289] <... close resumed>) = 0 ./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x555565cde760, 24) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 412] chdir("./4") = 0 [pid 412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 412] setpgid(0, 0) = 0 [pid 412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 412] write(3, "1000", 4) = 4 [pid 412] close(3) = 0 [pid 412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 412] write(1, "executing program\n", 18) = 18 [pid 412] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 412] ioctl(3, VHOST_SET_OWNER [pid 411] <... ioctl resumed>, 0) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 411] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 411] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 411] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 411] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 411] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 411] memfd_create("syzkaller", 0) = 5 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 7 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 409] <... ioctl resumed>, 0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 409] ioctl(3, VHOST_SET_MEM_TABLE./strace-static-x86_64: Process 416 attached , 0x200000003380) = 0 [pid 409] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 409] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 409] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 409] memfd_create("syzkaller", 0) = 5 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 409] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 413 attached [pid 416] set_robust_list(0x555565cde760, 24 [pid 409] <... write resumed>) = 1048576 [pid 416] <... set_robust_list resumed>) = 0 [pid 413] set_robust_list(0x555565cde760, 24 [pid 416] chdir("./5" [pid 413] <... set_robust_list resumed>) = 0 [pid 412] <... ioctl resumed>, 0) = 0 [pid 412] ioctl(3, VHOST_SET_VRING_ADDR [pid 416] <... chdir resumed>) = 0 [pid 412] <... ioctl resumed>, 0x200000000300) = 0 [pid 413] chdir("./5" [pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 412] ioctl(3, VHOST_SET_MEM_TABLE [pid 416] <... prctl resumed>) = 0 [pid 413] <... chdir resumed>) = 0 [pid 416] setpgid(0, 0 [pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 416] <... setpgid resumed>) = 0 [pid 413] <... prctl resumed>) = 0 [pid 412] <... ioctl resumed>, 0x200000003380) = 0 [pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 412] eventfd2(118, EFD_SEMAPHORE [pid 413] setpgid(0, 0 [pid 412] <... eventfd2 resumed>) = 4 [pid 412] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 412] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 412] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 412] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 412] memfd_create("syzkaller", 0) = 5 [pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 413] <... setpgid resumed>) = 0 [pid 416] <... openat resumed>) = 3 [pid 411] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 416] write(3, "1000", 4 [pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 416] <... write resumed>) = 4 [pid 413] <... openat resumed>) = 3 [pid 416] close(3 [pid 413] write(3, "1000", 4 [pid 416] <... close resumed>) = 0 [pid 409] munmap(0x7f12c0537000, 138412032) = 0 [pid 416] symlink("/dev/binderfs", "./binderfs" [pid 413] <... write resumed>) = 4 [pid 413] close(3 [pid 409] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 416] <... symlink resumed>) = 0 [pid 413] <... close resumed>) = 0 [pid 409] <... openat resumed>) = 6 [pid 409] ioctl(6, LOOP_SET_FD, 5executing program [pid 416] write(1, "executing program\n", 18 [pid 413] symlink("/dev/binderfs", "./binderfs" [pid 412] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 416] <... write resumed>) = 18 [pid 416] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 413] <... symlink resumed>) = 0 executing program [pid 413] write(1, "executing program\n", 18 [pid 416] <... openat resumed>) = 3 [pid 413] <... write resumed>) = 18 [pid 413] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 416] ioctl(3, VHOST_SET_OWNER [pid 413] <... openat resumed>) = 3 [pid 413] ioctl(3, VHOST_SET_OWNER [pid 411] <... write resumed>) = 1048576 [pid 411] munmap(0x7f12c0537000, 138412032 [pid 416] <... ioctl resumed>, 0) = 0 [pid 409] <... ioctl resumed>) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_ADDR [pid 409] close(5) = 0 [pid 409] close(6 [pid 416] <... ioctl resumed>, 0x200000000300) = 0 [pid 416] ioctl(3, VHOST_SET_MEM_TABLE [pid 411] <... munmap resumed>) = 0 [pid 416] <... ioctl resumed>, 0x200000003380) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 416] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 416] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 413] <... ioctl resumed>, 0) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_KICK [pid 413] ioctl(3, VHOST_SET_VRING_ADDR [pid 416] <... ioctl resumed>, 0x200000000000) = 0 [pid 413] <... ioctl resumed>, 0x200000000300) = 0 [pid 416] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 413] ioctl(3, VHOST_SET_MEM_TABLE [pid 412] <... write resumed>) = 1048576 [pid 416] memfd_create("syzkaller", 0 [pid 412] munmap(0x7f12c0537000, 138412032 [pid 416] <... memfd_create resumed>) = 5 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 413] <... ioctl resumed>, 0x200000003380) = 0 [pid 416] <... mmap resumed>) = 0x7f12c0537000 [pid 413] eventfd2(118, EFD_SEMAPHORE [pid 412] <... munmap resumed>) = 0 [pid 413] <... eventfd2 resumed>) = 4 [pid 412] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 413] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 413] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 413] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 413] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 416] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 413] memfd_create("syzkaller", 0) = 5 [pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 413] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 416] <... write resumed>) = 1048576 [pid 416] munmap(0x7f12c0537000, 138412032 [pid 413] munmap(0x7f12c0537000, 138412032 [pid 416] <... munmap resumed>) = 0 [pid 413] <... munmap resumed>) = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 413] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 411] <... openat resumed>) = 6 [pid 409] <... close resumed>) = 0 [pid 416] <... openat resumed>) = 6 [pid 413] <... openat resumed>) = 6 [pid 412] <... openat resumed>) = 6 [pid 411] ioctl(6, LOOP_SET_FD, 5 [pid 409] mkdir("./file0", 0777 [pid 416] ioctl(6, LOOP_SET_FD, 5 [pid 413] ioctl(6, LOOP_SET_FD, 5 [pid 412] ioctl(6, LOOP_SET_FD, 5 [pid 409] <... mkdir resumed>) = 0 [pid 409] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 411] <... ioctl resumed>) = 0 [pid 411] close(5) = 0 [pid 411] close(6 [pid 413] <... ioctl resumed>) = 0 [pid 413] close(5) = 0 [pid 413] close(6 [pid 416] <... ioctl resumed>) = 0 [pid 416] close(5) = 0 [pid 416] close(6 [pid 412] <... ioctl resumed>) = 0 [pid 412] close(5) = 0 [pid 412] close(6 [pid 411] <... close resumed>) = 0 [pid 411] mkdir("./file0", 0777) = 0 [pid 411] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 409] <... mount resumed>) = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 409] chdir("./file0") = 0 [pid 409] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 413] <... close resumed>) = 0 [pid 413] mkdir("./file0", 0777) = 0 [ 28.720512][ T409] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 413] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 416] <... close resumed>) = 0 [pid 409] <... openat resumed>) = 6 [pid 416] mkdir("./file0", 0777) = 0 [pid 416] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 409] ioctl(6, LOOP_CLR_FD [pid 412] <... close resumed>) = 0 [pid 412] mkdir("./file0", 0777) = 0 [pid 412] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 409] <... ioctl resumed>) = 0 [pid 409] close(6) = 0 [pid 409] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 409] write(6, "#! ./file1\n", 11) = 11 [pid 409] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 411] <... mount resumed>) = 0 [pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 411] chdir("./file0") = 0 [pid 411] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 411] ioctl(6, LOOP_CLR_FD) = 0 [pid 411] close(6) = 0 [pid 411] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 411] write(6, "#! ./file1\n", 11) = 11 [pid 411] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.881572][ T409] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 28.900371][ T411] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 409] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 409] close(3) = 0 [pid 409] close(4) = 0 [pid 411] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 409] close(5) = 0 [ 28.917813][ T411] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 409] close(6) = 0 [pid 409] close(7) = -1 EBADF (Bad file descriptor) [pid 409] close(8) = -1 EBADF (Bad file descriptor) [pid 409] close(9) = -1 EBADF (Bad file descriptor) [pid 409] close(10) = -1 EBADF (Bad file descriptor) [pid 409] close(11) = -1 EBADF (Bad file descriptor) [pid 409] close(12) = -1 EBADF (Bad file descriptor) [pid 409] close(13) = -1 EBADF (Bad file descriptor) [pid 409] close(14) = -1 EBADF (Bad file descriptor) [pid 409] close(15) = -1 EBADF (Bad file descriptor) [pid 409] close(16) = -1 EBADF (Bad file descriptor) [pid 409] close(17) = -1 EBADF (Bad file descriptor) [pid 409] close(18) = -1 EBADF (Bad file descriptor) [pid 409] close(19) = -1 EBADF (Bad file descriptor) [pid 409] close(20) = -1 EBADF (Bad file descriptor) [pid 409] close(21) = -1 EBADF (Bad file descriptor) [pid 409] close(22) = -1 EBADF (Bad file descriptor) [pid 409] close(23) = -1 EBADF (Bad file descriptor) [pid 409] close(24) = -1 EBADF (Bad file descriptor) [pid 409] close(25) = -1 EBADF (Bad file descriptor) [pid 409] close(26) = -1 EBADF (Bad file descriptor) [pid 409] close(27) = -1 EBADF (Bad file descriptor) [pid 409] close(28) = -1 EBADF (Bad file descriptor) [pid 409] close(29) = -1 EBADF (Bad file descriptor) [pid 409] exit_group(0) = ? [pid 409] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 413] <... mount resumed>) = 0 [pid 413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 413] chdir("./file0") = 0 [pid 413] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 413] ioctl(6, LOOP_CLR_FD) = 0 [pid 413] close(6 [pid 293] <... restart_syscall resumed>) = 0 [pid 293] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 293] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 411] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 411] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 411] close(3) = 0 [pid 411] close(4) = 0 [pid 411] close(5) = 0 [pid 411] close(6) = 0 [pid 411] close(7) = -1 EBADF (Bad file descriptor) [pid 411] close(8) = -1 EBADF (Bad file descriptor) [pid 411] close(9) = -1 EBADF (Bad file descriptor) [pid 411] close(10) = -1 EBADF (Bad file descriptor) [pid 411] close(11) = -1 EBADF (Bad file descriptor) [pid 411] close(12) = -1 EBADF (Bad file descriptor) [pid 411] close(13) = -1 EBADF (Bad file descriptor) [pid 411] close(14) = -1 EBADF (Bad file descriptor) [pid 411] close(15) = -1 EBADF (Bad file descriptor) [pid 411] close(16) = -1 EBADF (Bad file descriptor) [pid 411] close(17) = -1 EBADF (Bad file descriptor) [pid 411] close(18) = -1 EBADF (Bad file descriptor) [pid 411] close(19) = -1 EBADF (Bad file descriptor) [pid 411] close(20) = -1 EBADF (Bad file descriptor) [pid 411] close(21) = -1 EBADF (Bad file descriptor) [pid 411] close(22) = -1 EBADF (Bad file descriptor) [pid 411] close(23) = -1 EBADF (Bad file descriptor) [pid 411] close(24) = -1 EBADF (Bad file descriptor) [pid 411] close(25) = -1 EBADF (Bad file descriptor) [pid 411] close(26) = -1 EBADF (Bad file descriptor) [pid 411] close(27) = -1 EBADF (Bad file descriptor) [pid 411] close(28) = -1 EBADF (Bad file descriptor) [pid 411] close(29) = -1 EBADF (Bad file descriptor) [pid 411] exit_group(0) = ? [pid 411] +++ exited with 0 +++ [pid 412] <... mount resumed>) = 0 [pid 412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 412] <... openat resumed>) = 5 [pid 412] chdir("./file0") = 0 [pid 412] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 416] <... mount resumed>) = 0 [pid 416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 416] chdir("./file0") = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 294] <... restart_syscall resumed>) = 0 [pid 294] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 28.952990][ T413] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 28.955054][ T416] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 28.967341][ T412] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 294] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... umount2 resumed>) = 0 [pid 416] <... openat resumed>) = 6 [pid 412] <... openat resumed>) = 6 [pid 416] ioctl(6, LOOP_CLR_FD [pid 412] ioctl(6, LOOP_CLR_FD [pid 416] <... ioctl resumed>) = 0 [pid 412] <... ioctl resumed>) = 0 [pid 416] close(6 [pid 412] close(6 [pid 416] <... close resumed>) = 0 [pid 412] <... close resumed>) = 0 [pid 416] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 412] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 416] <... openat resumed>) = 6 [pid 416] write(6, "#! ./file1\n", 11) = 11 [pid 416] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 413] <... close resumed>) = 0 [pid 412] <... openat resumed>) = 6 [pid 293] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 413] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 412] write(6, "#! ./file1\n", 11 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 416] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 416] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 416] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 416] close(3 [pid 413] <... openat resumed>) = 6 [pid 412] <... write resumed>) = 11 [pid 293] newfstatat(AT_FDCWD, "./4/file0", [pid 413] write(6, "#! ./file1\n", 11 [pid 412] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 29.034269][ T416] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 29.060198][ T418] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm vhost-416: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 413] <... write resumed>) = 11 [pid 412] <... mmap resumed>) = 0x200000000000 [pid 293] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 416] <... close resumed>) = 0 [pid 416] close(4) = 0 [pid 416] close(5) = 0 [pid 416] close(6) = 0 [pid 416] close(7) = -1 EBADF (Bad file descriptor) [pid 416] close(8) = -1 EBADF (Bad file descriptor) [pid 416] close(9) = -1 EBADF (Bad file descriptor) [pid 416] close(10) = -1 EBADF (Bad file descriptor) [pid 416] close(11) = -1 EBADF (Bad file descriptor) [pid 416] close(12) = -1 EBADF (Bad file descriptor) [pid 416] close(13) = -1 EBADF (Bad file descriptor) [pid 416] close(14) = -1 EBADF (Bad file descriptor) [pid 416] close(15) = -1 EBADF (Bad file descriptor) [pid 416] close(16) = -1 EBADF (Bad file descriptor) [pid 416] close(17) = -1 EBADF (Bad file descriptor) [pid 416] close(18) = -1 EBADF (Bad file descriptor) [pid 416] close(19) = -1 EBADF (Bad file descriptor) [pid 416] close(20) = -1 EBADF (Bad file descriptor) [pid 416] close(21) = -1 EBADF (Bad file descriptor) [pid 416] close(22) = -1 EBADF (Bad file descriptor) [pid 416] close(23) = -1 EBADF (Bad file descriptor) [pid 416] close(24) = -1 EBADF (Bad file descriptor) [pid 416] close(25) = -1 EBADF (Bad file descriptor) [pid 416] close(26) = -1 EBADF (Bad file descriptor) [pid 416] close(27) = -1 EBADF (Bad file descriptor) [pid 416] close(28) = -1 EBADF (Bad file descriptor) [pid 416] close(29) = -1 EBADF (Bad file descriptor) [pid 416] exit_group(0) = ? [pid 416] +++ exited with 0 +++ [pid 294] <... umount2 resumed>) = 0 [pid 413] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 413] <... mmap resumed>) = 0x200000000000 [pid 293] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 294] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... openat resumed>) = 4 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 413] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(4, "", [pid 289] <... restart_syscall resumed>) = 0 [pid 413] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 294] newfstatat(AT_FDCWD, "./4/file0", [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] getdents64(4, [pid 294] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 413] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 293] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] getdents64(4, [pid 413] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 413] close(3 [pid 293] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 294] <... openat resumed>) = 4 [pid 412] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 293] close(4 [pid 412] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 289] <... openat resumed>) = 3 [pid 294] newfstatat(4, "", [pid 293] <... close resumed>) = 0 [pid 412] close(3 [pid 293] rmdir("./4/file0" [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] newfstatat(3, "", [pid 293] <... rmdir resumed>) = 0 [pid 294] getdents64(4, [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(3, [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] close(4 [pid 293] newfstatat(AT_FDCWD, "./4/binderfs", [pid 413] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 293] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 413] close(4 [pid 294] rmdir("./4/file0" [pid 413] <... close resumed>) = 0 [pid 412] <... close resumed>) = 0 [pid 293] unlink("./4/binderfs" [pid 413] close(5 [pid 412] close(4 [pid 294] <... rmdir resumed>) = 0 [pid 293] <... unlink resumed>) = 0 [pid 413] <... close resumed>) = 0 [pid 412] <... close resumed>) = 0 [pid 413] close(6 [pid 294] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] getdents64(3, [pid 413] <... close resumed>) = 0 [pid 412] close(5 [pid 413] close(7 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 412] <... close resumed>) = 0 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] newfstatat(AT_FDCWD, "./4/binderfs", [pid 293] close(3 [pid 412] close(6 [pid 413] close(8 [pid 412] <... close resumed>) = 0 [pid 294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(7 [pid 294] unlink("./4/binderfs" [pid 293] <... close resumed>) = 0 [pid 413] close(9 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] <... unlink resumed>) = 0 [pid 293] rmdir("./4" [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(8 [pid 413] close(10 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] getdents64(3, [pid 293] <... rmdir resumed>) = 0 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] close(11 [pid 412] close(9 [pid 294] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] mkdir("./5", 0777 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] close(3 [pid 413] close(12 [pid 294] <... close resumed>) = 0 [pid 293] <... mkdir resumed>) = 0 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] rmdir("./4" [pid 413] close(13 [pid 412] close(10 [pid 294] <... rmdir resumed>) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] mkdir("./5", 0777 [pid 413] close(14 [pid 412] close(11) = -1 EBADF (Bad file descriptor) [pid 294] <... mkdir resumed>) = 0 [pid 412] close(12) = -1 EBADF (Bad file descriptor) [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(13 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 413] close(15 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(14 [pid 413] close(16 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(15 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] close(17 [pid 412] close(16 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] close(18 [pid 412] close(17 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] close(19 [pid 412] close(18) = -1 EBADF (Bad file descriptor) [pid 412] close(19 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] close(20 [pid 412] close(20 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] close(21 [pid 412] close(21 [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(22) = -1 EBADF (Bad file descriptor) [pid 412] close(23 [pid 413] close(22 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(24 [pid 413] close(23 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(25 [pid 413] close(24 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(26) = -1 EBADF (Bad file descriptor) [pid 412] close(27 [pid 413] close(25 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(28 [pid 413] close(26 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] close(29 [pid 413] close(27 [pid 412] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 412] exit_group(0 [pid 413] close(28 [pid 412] <... exit_group resumed>) = ? [pid 413] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 413] close(29) = -1 EBADF (Bad file descriptor) [pid 413] exit_group(0 [pid 412] +++ exited with 0 +++ [pid 413] <... exit_group resumed>) = ? [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 292] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 292] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 413] +++ exited with 0 +++ [pid 292] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 292] <... openat resumed>) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... openat resumed>) = 3 [pid 293] <... openat resumed>) = 3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] ioctl(3, LOOP_CLR_FD [pid 293] ioctl(3, LOOP_CLR_FD [pid 288] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 29.075463][ T418] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-416: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.089689][ T415] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-412: bg 0: block 234: padding at end of block bitmap is not set [ 29.116731][ T419] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-413: bg 0: block 234: padding at end of block bitmap is not set [pid 288] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./5/file0") = 0 [pid 289] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./5/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./5") = 0 [pid 289] mkdir("./6", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] <... umount2 resumed>) = 0 [pid 294] close(3 [pid 293] close(3 [pid 292] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./4/file0") = 0 [pid 292] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./4/binderfs") = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./4") = 0 [pid 292] mkdir("./5", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... close resumed>) = 0 [pid 293] <... close resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 8 ./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x555565cde760, 24) = 0 [pid 434] chdir("./6") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] write(1, "executing program\n", 18) = 18 [pid 434] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 434] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 434] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 434] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 434] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 434] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 434] memfd_create("syzkaller", 0) = 5 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... openat resumed>) = 3 [pid 288] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 7 [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 7 [pid 288] newfstatat(AT_FDCWD, "./5/file0", [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 7 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 434] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 288] getdents64(4, ./strace-static-x86_64: Process 437 attached ./strace-static-x86_64: Process 436 attached 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./5/file0") = 0 [pid 288] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./5/binderfs") = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./5") = 0 [pid 288] mkdir("./6", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 437] set_robust_list(0x555565cde760, 24 [pid 436] set_robust_list(0x555565cde760, 24 [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 8 [pid 437] <... set_robust_list resumed>) = 0 [pid 436] <... set_robust_list resumed>) = 0 [pid 436] chdir("./5" [pid 437] chdir("./5") = 0 [pid 436] <... chdir resumed>) = 0 [pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 436] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 439 attached [pid 437] setpgid(0, 0 [pid 436] setpgid(0, 0) = 0 [pid 437] <... setpgid resumed>) = 0 [pid 439] set_robust_list(0x555565cde760, 24) = 0 [pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 437] <... openat resumed>) = 3 [pid 436] <... openat resumed>) = 3 [pid 437] write(3, "1000", 4 [pid 436] write(3, "1000", 4 [pid 439] chdir("./6" [pid 437] <... write resumed>) = 4 [pid 436] <... write resumed>) = 4 [pid 436] close(3 [pid 437] close(3 [pid 439] <... chdir resumed>) = 0 [pid 436] <... close resumed>) = 0 [pid 437] <... close resumed>) = 0 [pid 437] symlink("/dev/binderfs", "./binderfs" [pid 436] symlink("/dev/binderfs", "./binderfs" [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 437] <... symlink resumed>) = 0 executing program [pid 437] write(1, "executing program\n", 18 [pid 436] <... symlink resumed>) = 0 [pid 436] write(1, "executing program\n", 18 [pid 437] <... write resumed>) = 18 ./strace-static-x86_64: Process 438 attached [pid 438] set_robust_list(0x555565cde760, 24) = 0 executing program [pid 437] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 436] <... write resumed>) = 18 [pid 436] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 439] <... prctl resumed>) = 0 [pid 437] <... openat resumed>) = 3 [pid 437] ioctl(3, VHOST_SET_OWNER [pid 436] <... openat resumed>) = 3 [pid 439] setpgid(0, 0 [pid 436] ioctl(3, VHOST_SET_OWNER [pid 439] <... setpgid resumed>) = 0 [pid 434] <... write resumed>) = 1048576 [pid 438] chdir("./5" [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] munmap(0x7f12c0537000, 138412032 [pid 437] <... ioctl resumed>, 0) = 0 [pid 439] write(3, "1000", 4) = 4 [pid 438] <... chdir resumed>) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_ADDR [pid 436] <... ioctl resumed>, 0) = 0 [pid 434] <... munmap resumed>) = 0 [pid 439] close(3 [pid 437] <... ioctl resumed>, 0x200000000300) = 0 [pid 436] ioctl(3, VHOST_SET_VRING_ADDR [pid 439] <... close resumed>) = 0 [pid 436] <... ioctl resumed>, 0x200000000300) = 0 [pid 437] ioctl(3, VHOST_SET_MEM_TABLE [pid 439] symlink("/dev/binderfs", "./binderfs" [pid 436] ioctl(3, VHOST_SET_MEM_TABLE [pid 439] <... symlink resumed>) = 0 [pid 437] <... ioctl resumed>, 0x200000003380) = 0 [pid 436] <... ioctl resumed>, 0x200000003380) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 439] write(1, "executing program\n", 18 [pid 438] <... prctl resumed>) = 0 [pid 437] eventfd2(118, EFD_SEMAPHORE [pid 436] eventfd2(118, EFD_SEMAPHORE [pid 434] <... openat resumed>) = 6 executing program [pid 439] <... write resumed>) = 18 [pid 437] <... eventfd2 resumed>) = 4 [pid 436] <... eventfd2 resumed>) = 4 [pid 436] ioctl(3, VHOST_SET_VRING_ERR [pid 437] ioctl(3, VHOST_SET_VRING_ERR [pid 439] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 437] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 436] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 434] ioctl(6, LOOP_SET_FD, 5 [pid 439] <... openat resumed>) = 3 [pid 437] ioctl(3, VHOST_SET_VRING_ADDR [pid 438] setpgid(0, 0 [pid 436] ioctl(3, VHOST_SET_VRING_ADDR [pid 439] ioctl(3, VHOST_SET_OWNER [pid 437] <... ioctl resumed>, 0x200000000240) = 0 [pid 436] <... ioctl resumed>, 0x200000000240) = 0 [pid 434] <... ioctl resumed>) = 0 [pid 436] ioctl(3, VHOST_SET_VRING_KICK [pid 437] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 436] <... ioctl resumed>, 0x200000000000) = 0 [pid 434] close(5 [pid 436] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 437] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 434] <... close resumed>) = 0 [pid 437] <... ioctl resumed>, 0x200000000140) = 0 [pid 436] <... ioctl resumed>, 0x200000000140) = 0 [pid 434] close(6 [pid 437] memfd_create("syzkaller", 0 [pid 436] memfd_create("syzkaller", 0 [pid 434] <... close resumed>) = 0 [pid 437] <... memfd_create resumed>) = 5 [pid 436] <... memfd_create resumed>) = 5 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 434] mkdir("./file0", 0777 [pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 437] <... mmap resumed>) = 0x7f12c0537000 [pid 436] <... mmap resumed>) = 0x7f12c0537000 [pid 434] <... mkdir resumed>) = 0 [pid 437] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 434] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 436] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 437] <... write resumed>) = 1048576 [pid 436] <... write resumed>) = 1048576 [pid 438] <... setpgid resumed>) = 0 [pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 438] write(3, "1000", 4) = 4 [pid 438] close(3) = 0 [pid 438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 438] write(1, "executing program\n", 18executing program ) = 18 [pid 438] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 437] munmap(0x7f12c0537000, 138412032 [pid 436] munmap(0x7f12c0537000, 138412032 [pid 438] ioctl(3, VHOST_SET_OWNER [pid 437] <... munmap resumed>) = 0 [pid 436] <... munmap resumed>) = 0 [pid 439] <... ioctl resumed>, 0) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 439] ioctl(3, VHOST_SET_VRING_ADDR [pid 438] <... ioctl resumed>, 0) = 0 [pid 437] <... openat resumed>) = 6 [pid 436] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 439] <... ioctl resumed>, 0x200000000300) = 0 [pid 438] ioctl(3, VHOST_SET_VRING_ADDR [pid 437] ioctl(6, LOOP_SET_FD, 5 [pid 436] <... openat resumed>) = 6 [pid 439] ioctl(3, VHOST_SET_MEM_TABLE [pid 438] <... ioctl resumed>, 0x200000000300) = 0 [pid 436] ioctl(6, LOOP_SET_FD, 5 [pid 438] ioctl(3, VHOST_SET_MEM_TABLE [pid 439] <... ioctl resumed>, 0x200000003380) = 0 [pid 439] eventfd2(118, EFD_SEMAPHORE [pid 438] <... ioctl resumed>, 0x200000003380) = 0 [pid 439] <... eventfd2 resumed>) = 4 [pid 438] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 439] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 438] ioctl(3, VHOST_SET_VRING_ERR [pid 439] ioctl(3, VHOST_SET_VRING_ADDR [pid 438] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 439] <... ioctl resumed>, 0x200000000240) = 0 [pid 438] ioctl(3, VHOST_SET_VRING_ADDR [pid 439] ioctl(3, VHOST_SET_VRING_KICK [pid 438] <... ioctl resumed>, 0x200000000240) = 0 [pid 438] ioctl(3, VHOST_SET_VRING_KICK [pid 439] <... ioctl resumed>, 0x200000000000) = 0 [pid 438] <... ioctl resumed>, 0x200000000000) = 0 [pid 439] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 438] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 439] <... ioctl resumed>, 0x200000000140) = 0 [pid 438] <... ioctl resumed>, 0x200000000140) = 0 [pid 438] memfd_create("syzkaller", 0 [pid 439] memfd_create("syzkaller", 0) = 5 [pid 438] <... memfd_create resumed>) = 5 [pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 438] <... mmap resumed>) = 0x7f12c0537000 [pid 438] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 439] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 438] <... write resumed>) = 1048576 [pid 439] <... write resumed>) = 1048576 [pid 438] munmap(0x7f12c0537000, 138412032) = 0 [pid 439] munmap(0x7f12c0537000, 138412032 [pid 438] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 439] <... munmap resumed>) = 0 [pid 439] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 436] <... ioctl resumed>) = 0 [pid 436] close(5) = 0 [pid 436] close(6 [pid 434] <... mount resumed>) = 0 [pid 437] <... ioctl resumed>) = 0 [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 434] chdir("./file0") = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 439] <... openat resumed>) = 6 [pid 438] <... openat resumed>) = 6 [pid 434] <... openat resumed>) = 6 [pid 434] ioctl(6, LOOP_CLR_FD) = 0 [pid 434] close(6) = 0 [pid 434] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 439] ioctl(6, LOOP_SET_FD, 5 [pid 438] ioctl(6, LOOP_SET_FD, 5 [pid 437] close(5 [pid 436] <... close resumed>) = 0 [pid 437] <... close resumed>) = 0 [pid 436] mkdir("./file0", 0777 [pid 437] close(6 [pid 436] <... mkdir resumed>) = 0 [pid 436] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 434] <... openat resumed>) = 6 [pid 434] write(6, "#! ./file1\n", 11) = 11 [pid 434] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.468740][ T434] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 434] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 434] close(3) = 0 [pid 434] close(4) = 0 [pid 434] close(5) = 0 [pid 434] close(6) = 0 [pid 434] close(7) = -1 EBADF (Bad file descriptor) [pid 434] close(8) = -1 EBADF (Bad file descriptor) [pid 434] close(9) = -1 EBADF (Bad file descriptor) [pid 434] close(10) = -1 EBADF (Bad file descriptor) [pid 434] close(11) = -1 EBADF (Bad file descriptor) [pid 434] close(12) = -1 EBADF (Bad file descriptor) [pid 434] close(13) = -1 EBADF (Bad file descriptor) [pid 434] close(14) = -1 EBADF (Bad file descriptor) [pid 434] close(15) = -1 EBADF (Bad file descriptor) [pid 434] close(16) = -1 EBADF (Bad file descriptor) [pid 434] close(17) = -1 EBADF (Bad file descriptor) [pid 434] close(18) = -1 EBADF (Bad file descriptor) [pid 434] close(19) = -1 EBADF (Bad file descriptor) [pid 434] close(20) = -1 EBADF (Bad file descriptor) [pid 434] close(21) = -1 EBADF (Bad file descriptor) [pid 434] close(22) = -1 EBADF (Bad file descriptor) [pid 434] close(23) = -1 EBADF (Bad file descriptor) [pid 434] close(24) = -1 EBADF (Bad file descriptor) [pid 434] close(25) = -1 EBADF (Bad file descriptor) [pid 434] close(26) = -1 EBADF (Bad file descriptor) [pid 434] close(27) = -1 EBADF (Bad file descriptor) [pid 434] close(28) = -1 EBADF (Bad file descriptor) [pid 434] close(29) = -1 EBADF (Bad file descriptor) [pid 434] exit_group(0) = ? [pid 434] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 29.508069][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-434: bg 0: block 234: padding at end of block bitmap is not set [pid 289] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 439] <... ioctl resumed>) = 0 [pid 439] close(5) = 0 [pid 439] close(6 [pid 438] <... ioctl resumed>) = 0 [pid 437] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 437] mkdir("./file0", 0777 [pid 438] close(5 [pid 437] <... mkdir resumed>) = 0 [pid 289] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 438] <... close resumed>) = 0 [pid 437] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 438] close(6 [pid 289] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./6/file0") = 0 [pid 289] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./6/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./6") = 0 [pid 289] mkdir("./7", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 436] <... mount resumed>) = 0 [pid 436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 436] chdir("./file0") = 0 [ 29.587837][ T436] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 436] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 437] <... mount resumed>) = 0 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 437] chdir("./file0") = 0 [pid 437] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 438] <... close resumed>) = 0 [pid 439] <... close resumed>) = 0 [pid 438] mkdir("./file0", 0777 [pid 436] <... openat resumed>) = 6 [pid 438] <... mkdir resumed>) = 0 [pid 436] ioctl(6, LOOP_CLR_FD [pid 439] mkdir("./file0", 0777 [pid 438] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 439] <... mkdir resumed>) = 0 [ 29.660922][ T437] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 439] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 437] <... openat resumed>) = 6 [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 437] ioctl(6, LOOP_CLR_FD [pid 436] <... ioctl resumed>) = 0 [pid 437] <... ioctl resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 436] close(6 [pid 437] close(6 [pid 289] close(3 [pid 436] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 437] <... close resumed>) = 0 [pid 436] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 437] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 436] <... openat resumed>) = 6 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 9 [pid 436] write(6, "#! ./file1\n", 11 [pid 437] <... openat resumed>) = 6 [pid 437] write(6, "#! ./file1\n", 11 [pid 436] <... write resumed>) = 11 [pid 436] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 437] <... write resumed>) = 11 [pid 437] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 436] <... mmap resumed>) = 0x200000000000 [pid 437] <... mmap resumed>) = 0x200000000000 ./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x555565cde760, 24 [pid 436] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 457] <... set_robust_list resumed>) = 0 [pid 457] chdir("./7") = 0 [pid 457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 457] setpgid(0, 0) = 0 [pid 457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 457] write(3, "1000", 4) = 4 [pid 457] close(3) = 0 [pid 457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 457] write(1, "executing program\n", 18executing program ) = 18 [pid 457] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 457] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 457] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 457] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 457] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 457] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 457] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 457] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 457] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 457] memfd_create("syzkaller", 0) = 5 [pid 457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 457] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 438] <... mount resumed>) = 0 [pid 438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 438] chdir("./file0") = 0 [pid 438] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [ 29.812378][ T436] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 29.812798][ T440] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm vhost-437: bg 0: block 234: padding at end of block bitmap is not set [ 29.843856][ T438] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 438] ioctl(6, LOOP_CLR_FD) = 0 [pid 438] close(6) = 0 [pid 436] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 436] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 436] close(3 [pid 438] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 438] write(6, "#! ./file1\n", 11) = 11 [pid 457] <... write resumed>) = 1048576 [pid 438] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.896493][ T439] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 439] <... mount resumed>) = 0 [pid 439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 439] chdir("./file0") = 0 [pid 439] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 439] ioctl(6, LOOP_CLR_FD) = 0 [pid 439] close(6) = 0 [pid 439] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 439] write(6, "#! ./file1\n", 11) = 11 [pid 439] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 457] munmap(0x7f12c0537000, 138412032) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 436] <... close resumed>) = 0 [pid 439] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 439] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 439] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 439] close(3 [pid 437] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 436] close(4 [pid 437] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 436] <... close resumed>) = 0 [pid 437] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 436] close(5 [pid 437] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 437] close(3 [pid 436] <... close resumed>) = 0 [pid 457] ioctl(6, LOOP_SET_FD, 5 [pid 436] close(6) = 0 [pid 436] close(7) = -1 EBADF (Bad file descriptor) [pid 436] close(8) = -1 EBADF (Bad file descriptor) [pid 436] close(9) = -1 EBADF (Bad file descriptor) [pid 436] close(10) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = 0 [pid 436] close(11 [pid 439] close(4 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = 0 [pid 436] close(12 [pid 439] close(5 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 457] <... ioctl resumed>) = 0 [pid 439] <... close resumed>) = 0 [pid 439] close(6) = 0 [pid 439] close(7) = -1 EBADF (Bad file descriptor) [pid 439] close(8) = -1 EBADF (Bad file descriptor) [pid 439] close(9) = -1 EBADF (Bad file descriptor) [pid 439] close(10 [pid 436] close(13 [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 457] close(5 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 457] <... close resumed>) = 0 [pid 439] close(11 [pid 436] close(14 [pid 457] close(6 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 457] <... close resumed>) = 0 [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 436] close(15 [pid 457] mkdir("./file0", 0777 [pid 439] close(12 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 457] <... mkdir resumed>) = 0 [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 436] close(16 [pid 457] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(13) = -1 EBADF (Bad file descriptor) [pid 436] close(17 [pid 439] close(14 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 436] close(18 [pid 439] close(15 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 436] close(19 [pid 439] close(16 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 436] close(20 [pid 439] close(17) = -1 EBADF (Bad file descriptor) [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(18) = -1 EBADF (Bad file descriptor) [pid 436] close(21 [pid 439] close(19 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(20 [pid 436] close(22 [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(21 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(22 [pid 436] close(23 [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(23 [pid 436] close(24 [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(24 [pid 436] close(25 [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(25) = -1 EBADF (Bad file descriptor) [pid 436] close(26 [pid 439] close(26 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 436] close(27 [pid 439] close(27 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(28 [pid 436] close(28 [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] close(29 [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] exit_group(0 [pid 436] close(29 [pid 439] <... exit_group resumed>) = ? [pid 436] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 439] +++ exited with 0 +++ [pid 437] <... close resumed>) = 0 [pid 437] close(4 [pid 436] exit_group(0 [pid 437] <... close resumed>) = 0 [pid 436] <... exit_group resumed>) = ? [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 437] close(5 [pid 436] +++ exited with 0 +++ [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 437] <... close resumed>) = 0 [pid 437] close(6 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 437] <... close resumed>) = 0 [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 437] close(7) = -1 EBADF (Bad file descriptor) [pid 437] close(8) = -1 EBADF (Bad file descriptor) [pid 437] close(9) = -1 EBADF (Bad file descriptor) [pid 437] close(10) = -1 EBADF (Bad file descriptor) [pid 437] close(11) = -1 EBADF (Bad file descriptor) [pid 437] close(12) = -1 EBADF (Bad file descriptor) [pid 437] close(13) = -1 EBADF (Bad file descriptor) [pid 437] close(14) = -1 EBADF (Bad file descriptor) [pid 437] close(15) = -1 EBADF (Bad file descriptor) [pid 437] close(16) = -1 EBADF (Bad file descriptor) [pid 294] <... restart_syscall resumed>) = 0 [pid 437] close(17 [pid 288] <... restart_syscall resumed>) = 0 [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 437] close(18 [pid 294] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 437] close(19 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 437] close(20 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] <... openat resumed>) = 3 [pid 437] close(21 [pid 294] newfstatat(3, "", [pid 288] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 437] close(22 [pid 288] <... openat resumed>) = 3 [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] getdents64(3, [pid 288] newfstatat(3, "", [pid 437] close(23 [pid 294] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 437] close(24 [pid 294] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 288] getdents64(3, [pid 437] close(25) = -1 EBADF (Bad file descriptor) [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 437] close(26 [pid 288] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 437] close(27) = -1 EBADF (Bad file descriptor) [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 437] close(28 [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 438] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 437] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 438] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 438] close(3 [pid 437] close(29) = -1 EBADF (Bad file descriptor) [pid 437] exit_group(0) = ? [pid 438] <... close resumed>) = 0 [pid 438] close(4) = 0 [pid 438] close(5) = 0 [pid 437] +++ exited with 0 +++ [pid 438] close(6) = 0 [pid 438] close(7 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 438] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 438] close(8 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 438] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 438] close(9) = -1 EBADF (Bad file descriptor) [pid 438] close(10) = -1 EBADF (Bad file descriptor) [pid 438] close(11) = -1 EBADF (Bad file descriptor) [pid 438] close(12) = -1 EBADF (Bad file descriptor) [pid 438] close(13) = -1 EBADF (Bad file descriptor) [pid 438] close(14) = -1 EBADF (Bad file descriptor) [pid 438] close(15) = -1 EBADF (Bad file descriptor) [pid 438] close(16) = -1 EBADF (Bad file descriptor) [pid 438] close(17) = -1 EBADF (Bad file descriptor) [pid 438] close(18) = -1 EBADF (Bad file descriptor) [pid 438] close(19) = -1 EBADF (Bad file descriptor) [pid 438] close(20) = -1 EBADF (Bad file descriptor) [pid 438] close(21) = -1 EBADF (Bad file descriptor) [pid 438] close(22) = -1 EBADF (Bad file descriptor) [pid 438] close(23) = -1 EBADF (Bad file descriptor) [pid 438] close(24) = -1 EBADF (Bad file descriptor) [pid 438] close(25) = -1 EBADF (Bad file descriptor) [pid 438] close(26) = -1 EBADF (Bad file descriptor) [pid 438] close(27) = -1 EBADF (Bad file descriptor) [pid 438] close(28) = -1 EBADF (Bad file descriptor) [pid 438] close(29) = -1 EBADF (Bad file descriptor) [pid 293] <... restart_syscall resumed>) = 0 [pid 438] exit_group(0) = ? [pid 438] +++ exited with 0 +++ [pid 293] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 29.938543][ T445] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-438: bg 0: block 234: padding at end of block bitmap is not set [ 29.945292][ T439] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 293] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 457] <... mount resumed>) = 0 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 292] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 457] <... openat resumed>) = 5 [pid 292] <... openat resumed>) = 3 [pid 457] chdir("./file0" [pid 292] newfstatat(3, "", [pid 457] <... chdir resumed>) = 0 [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 292] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./5/file0") = 0 [pid 294] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./5/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./5") = 0 [pid 294] mkdir("./6", 0777) = 0 [ 30.005142][ T457] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 457] <... openat resumed>) = 6 [pid 457] ioctl(6, LOOP_CLR_FD [pid 294] <... openat resumed>) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3 [pid 288] <... umount2 resumed>) = 0 [pid 457] <... ioctl resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 293] <... umount2 resumed>) = 0 [pid 457] close(6 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... umount2 resumed>) = 0 [pid 457] <... close resumed>) = 0 [pid 457] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 8 [pid 457] <... openat resumed>) = 6 [pid 457] write(6, "#! ./file1\n", 11) = 11 [pid 457] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 288] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] newfstatat(4, "", [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] getdents64(4, [pid 293] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] newfstatat(AT_FDCWD, "./5/file0", [pid 293] <... openat resumed>) = 4 [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] newfstatat(4, "", [pid 292] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] <... openat resumed>) = 4 [pid 288] close(4 [pid 293] getdents64(4, [pid 288] <... close resumed>) = 0 [pid 293] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] newfstatat(4, "", [pid 288] rmdir("./6/file0" [pid 293] getdents64(4, [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 293] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] getdents64(4, [pid 288] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] close(4 [pid 292] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] <... close resumed>) = 0 [pid 292] getdents64(4, [pid 288] newfstatat(AT_FDCWD, "./6/binderfs", [pid 293] rmdir("./5/file0" [pid 292] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] <... rmdir resumed>) = 0 [pid 292] close(4 [pid 288] unlink("./6/binderfs" [pid 293] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... close resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] rmdir("./5/file0" [pid 288] getdents64(3, [pid 293] newfstatat(AT_FDCWD, "./5/binderfs", [pid 292] <... rmdir resumed>) = 0 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] close(3 [pid 293] unlink("./5/binderfs" [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... close resumed>) = 0 [pid 293] <... unlink resumed>) = 0 [pid 292] newfstatat(AT_FDCWD, "./5/binderfs", [pid 288] rmdir("./6" [pid 293] getdents64(3, [pid 292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] unlink("./5/binderfs" [pid 288] mkdir("./7", 0777 [pid 293] close(3 [pid 292] <... unlink resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 293] <... close resumed>) = 0 [pid 292] getdents64(3, [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 293] rmdir("./5" [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] <... openat resumed>) = 3 [pid 293] <... rmdir resumed>) = 0 [pid 292] close(3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 293] mkdir("./6", 0777 [pid 292] <... close resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 293] <... mkdir resumed>) = 0 [pid 292] rmdir("./5" [pid 288] close(3 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 292] <... rmdir resumed>) = 0 [pid 288] <... close resumed>) = 0 ./strace-static-x86_64: Process 465 attached [pid 293] <... openat resumed>) = 3 [pid 292] mkdir("./6", 0777 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] ioctl(3, LOOP_CLR_FD [pid 292] <... mkdir resumed>) = 0 [pid 465] set_robust_list(0x555565cde760, 24 [pid 457] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 293] close(3 [pid 292] <... openat resumed>) = 3 [pid 465] <... set_robust_list resumed>) = 0 [pid 457] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 293] <... close resumed>) = 0 [pid 292] ioctl(3, LOOP_CLR_FD [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 9 [pid 465] chdir("./6" [pid 457] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 465] <... chdir resumed>) = 0 [pid 457] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 292] close(3 [pid 457] close(3 [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 8 [pid 292] <... close resumed>) = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 465] <... prctl resumed>) = 0 [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 8 [pid 465] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 466 attached [pid 466] set_robust_list(0x555565cde760, 24) = 0 [pid 466] chdir("./7") = 0 [pid 466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 466] setpgid(0, 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 466] <... setpgid resumed>) = 0 [pid 466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 466] write(3, "1000", 4) = 4 [pid 465] <... openat resumed>) = 3 [pid 466] close(3) = 0 [pid 466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 465] write(3, "1000", 4./strace-static-x86_64: Process 467 attached executing program [pid 466] write(1, "executing program\n", 18) = 18 [pid 466] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 465] <... write resumed>) = 4 [pid 465] close(3 [pid 467] set_robust_list(0x555565cde760, 24 [pid 466] ioctl(3, VHOST_SET_OWNER [pid 465] <... close resumed>) = 0 ./strace-static-x86_64: Process 468 attached [pid 467] <... set_robust_list resumed>) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 465] write(1, "executing program\n", 18 [pid 468] set_robust_list(0x555565cde760, 24executing program [pid 465] <... write resumed>) = 18 [pid 465] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 468] <... set_robust_list resumed>) = 0 [pid 467] chdir("./6" [pid 465] <... openat resumed>) = 3 [pid 465] ioctl(3, VHOST_SET_OWNER [pid 467] <... chdir resumed>) = 0 [pid 468] chdir("./6" [pid 467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 468] <... chdir resumed>) = 0 [pid 467] setpgid(0, 0 [pid 466] <... ioctl resumed>, 0) = 0 [pid 465] <... ioctl resumed>, 0) = 0 [pid 457] <... close resumed>) = 0 [pid 466] ioctl(3, VHOST_SET_VRING_ADDR [pid 457] close(4 [pid 466] <... ioctl resumed>, 0x200000000300) = 0 [pid 457] <... close resumed>) = 0 [ 30.181807][ T459] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-457: bg 0: block 234: padding at end of block bitmap is not set [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 467] <... setpgid resumed>) = 0 [pid 466] ioctl(3, VHOST_SET_MEM_TABLE [pid 465] ioctl(3, VHOST_SET_VRING_ADDR [pid 457] close(5) = 0 [pid 468] <... prctl resumed>) = 0 [pid 467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 465] <... ioctl resumed>, 0x200000000300) = 0 [pid 457] close(6 [pid 468] setpgid(0, 0 [pid 467] <... openat resumed>) = 3 [pid 466] <... ioctl resumed>, 0x200000003380) = 0 [pid 465] ioctl(3, VHOST_SET_MEM_TABLE [pid 457] <... close resumed>) = 0 [pid 466] eventfd2(118, EFD_SEMAPHORE [pid 457] close(7 [pid 466] <... eventfd2 resumed>) = 4 [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 466] ioctl(3, VHOST_SET_VRING_ERR [pid 468] <... setpgid resumed>) = 0 [pid 467] write(3, "1000", 4 [pid 466] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 465] <... ioctl resumed>, 0x200000003380) = 0 [pid 457] close(8 [pid 466] ioctl(3, VHOST_SET_VRING_ADDR [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 466] <... ioctl resumed>, 0x200000000240) = 0 [pid 457] close(9 [pid 466] ioctl(3, VHOST_SET_VRING_KICK [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 466] <... ioctl resumed>, 0x200000000000) = 0 [pid 457] close(10 [pid 466] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 467] <... write resumed>) = 4 [pid 466] <... ioctl resumed>, 0x200000000140) = 0 [pid 465] eventfd2(118, EFD_SEMAPHORE [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 468] <... openat resumed>) = 3 [pid 467] close(3 [pid 466] memfd_create("syzkaller", 0 [pid 465] <... eventfd2 resumed>) = 4 [pid 457] close(11 [pid 466] <... memfd_create resumed>) = 5 [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 457] close(12 [pid 468] write(3, "1000", 4 [pid 467] <... close resumed>) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ERR [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 457] close(13 [pid 468] <... write resumed>) = 4 [pid 467] symlink("/dev/binderfs", "./binderfs" [pid 465] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 468] close(3 [pid 467] <... symlink resumed>) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR [pid 457] close(14 [pid 468] <... close resumed>) = 0 executing program [pid 467] write(1, "executing program\n", 18 [pid 465] <... ioctl resumed>, 0x200000000240) = 0 [pid 468] symlink("/dev/binderfs", "./binderfs" [pid 467] <... write resumed>) = 18 [pid 465] ioctl(3, VHOST_SET_VRING_KICK [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 468] <... symlink resumed>) = 0 [pid 467] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 465] <... ioctl resumed>, 0x200000000000) = 0 [pid 457] close(15executing program [pid 468] write(1, "executing program\n", 18 [pid 467] <... openat resumed>) = 3 [pid 465] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 468] <... write resumed>) = 18 [pid 467] ioctl(3, VHOST_SET_OWNER [pid 465] <... ioctl resumed>, 0x200000000140) = 0 [pid 468] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 465] memfd_create("syzkaller", 0 [pid 468] <... openat resumed>) = 3 [pid 465] <... memfd_create resumed>) = 5 [pid 457] close(16 [pid 468] ioctl(3, VHOST_SET_OWNER [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 465] <... mmap resumed>) = 0x7f12c0537000 [pid 465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 457] close(17 [pid 465] <... write resumed>) = 1048576 [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 457] close(18) = -1 EBADF (Bad file descriptor) [pid 457] close(19) = -1 EBADF (Bad file descriptor) [pid 457] close(20) = -1 EBADF (Bad file descriptor) [pid 457] close(21) = -1 EBADF (Bad file descriptor) [pid 457] close(22) = -1 EBADF (Bad file descriptor) [pid 457] close(23) = -1 EBADF (Bad file descriptor) [pid 457] close(24) = -1 EBADF (Bad file descriptor) [pid 457] close(25) = -1 EBADF (Bad file descriptor) [pid 457] close(26 [pid 466] <... mmap resumed>) = 0x7f12c0537000 [pid 457] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 466] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 457] close(27) = -1 EBADF (Bad file descriptor) [pid 457] close(28) = -1 EBADF (Bad file descriptor) [pid 457] close(29) = -1 EBADF (Bad file descriptor) [pid 457] exit_group(0) = ? [pid 465] munmap(0x7f12c0537000, 138412032) = 0 [pid 457] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 465] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_SET_FD, 5 [pid 467] <... ioctl resumed>, 0) = 0 [pid 467] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 467] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 467] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 467] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 467] ioctl(3, VHOST_SET_VRING_ADDR [pid 466] <... write resumed>) = 1048576 [pid 289] <... restart_syscall resumed>) = 0 [pid 467] <... ioctl resumed>, 0x200000000240) = 0 [pid 467] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 289] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 467] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 468] <... ioctl resumed>, 0) = 0 [pid 467] <... ioctl resumed>, 0x200000000140) = 0 [pid 289] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 468] ioctl(3, VHOST_SET_VRING_ADDR [pid 467] memfd_create("syzkaller", 0 [pid 289] <... openat resumed>) = 3 [pid 468] <... ioctl resumed>, 0x200000000300) = 0 [pid 467] <... memfd_create resumed>) = 5 [pid 289] newfstatat(3, "", [pid 468] ioctl(3, VHOST_SET_MEM_TABLE [pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 467] <... mmap resumed>) = 0x7f12c0537000 [pid 289] getdents64(3, [pid 467] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 468] <... ioctl resumed>, 0x200000003380) = 0 [pid 467] <... write resumed>) = 1048576 [pid 466] munmap(0x7f12c0537000, 138412032 [pid 289] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 468] eventfd2(118, EFD_SEMAPHORE [pid 466] <... munmap resumed>) = 0 [pid 468] <... eventfd2 resumed>) = 4 [pid 466] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 468] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 468] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 468] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 468] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 468] memfd_create("syzkaller", 0) = 5 [pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 468] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 468] munmap(0x7f12c0537000, 138412032) = 0 [pid 467] munmap(0x7f12c0537000, 138412032) = 0 [pid 468] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 467] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 465] <... ioctl resumed>) = 0 [pid 465] close(5) = 0 [pid 465] close(6 [pid 466] <... openat resumed>) = 6 [pid 465] <... close resumed>) = 0 [pid 466] ioctl(6, LOOP_SET_FD, 5 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 468] <... openat resumed>) = 6 [pid 467] <... openat resumed>) = 6 [pid 468] ioctl(6, LOOP_SET_FD, 5 [pid 467] ioctl(6, LOOP_SET_FD, 5 [pid 466] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 466] close(5 [pid 289] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 466] <... close resumed>) = 0 [pid 466] close(6 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./7/file0") = 0 [pid 289] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./7/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./7") = 0 [pid 289] mkdir("./8", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 468] <... ioctl resumed>) = 0 [pid 468] close(5) = 0 [pid 468] close(6 [pid 467] <... ioctl resumed>) = 0 [pid 465] <... mount resumed>) = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 466] <... close resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 466] mkdir("./file0", 0777 [pid 467] close(5) = 0 [pid 466] <... mkdir resumed>) = 0 [pid 467] close(6 [pid 466] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 468] <... close resumed>) = 0 [pid 465] <... openat resumed>) = 6 [pid 289] close(3 [pid 468] mkdir("./file0", 0777 [pid 465] ioctl(6, LOOP_CLR_FD [pid 468] <... mkdir resumed>) = 0 [ 30.476654][ T465] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 468] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 466] <... mount resumed>) = 0 [pid 466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 466] chdir("./file0") = 0 [ 30.558986][ T466] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 466] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 467] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 465] <... ioctl resumed>) = 0 [pid 466] <... openat resumed>) = 6 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 465] close(6 [pid 467] mkdir("./file0", 0777 [pid 466] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] <... close resumed>) = 0 [pid 467] <... mkdir resumed>) = 0 [pid 466] close(6 [pid 465] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 467] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 466] <... close resumed>) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 10 [pid 466] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 465] <... openat resumed>) = 6 [pid 466] <... openat resumed>) = 6 [pid 465] write(6, "#! ./file1\n", 11 [pid 466] write(6, "#! ./file1\n", 11) = 11 [pid 466] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 465] <... write resumed>) = 11 [pid 466] <... mmap resumed>) = 0x200000000000 [pid 465] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 ./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x555565cde760, 24) = 0 [pid 482] chdir("./8") = 0 [pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 482] setpgid(0, 0) = 0 [pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 482] write(3, "1000", 4) = 4 [pid 482] close(3) = 0 [pid 482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 482] write(1, "executing program\n", 18executing program ) = 18 [pid 482] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [ 30.639802][ T466] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 30.654767][ T465] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 482] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 482] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 482] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 482] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 482] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 482] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 482] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 482] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 482] memfd_create("syzkaller", 0) = 5 [pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 482] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 482] munmap(0x7f12c0537000, 138412032) = 0 [pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 482] ioctl(6, LOOP_SET_FD, 5 [pid 468] <... mount resumed>) = 0 [pid 468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 467] <... mount resumed>) = 0 [pid 468] <... openat resumed>) = 5 [pid 467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 468] chdir("./file0") = 0 [pid 467] <... openat resumed>) = 5 [pid 482] <... ioctl resumed>) = 0 [pid 482] close(5) = 0 [pid 482] close(6 [pid 468] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 467] chdir("./file0") = 0 [pid 467] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 466] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [ 30.700662][ T467] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 30.710858][ T468] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 482] <... close resumed>) = 0 [pid 482] mkdir("./file0", 0777) = 0 [pid 482] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 466] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 466] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 465] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 466] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 466] close(3 [pid 465] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 465] close(3) = 0 [pid 465] close(4) = 0 [pid 465] close(5) = 0 [pid 465] close(6) = 0 [pid 465] close(7) = -1 EBADF (Bad file descriptor) [pid 465] close(8) = -1 EBADF (Bad file descriptor) [pid 465] close(9) = -1 EBADF (Bad file descriptor) [pid 465] close(10) = -1 EBADF (Bad file descriptor) [pid 465] close(11) = -1 EBADF (Bad file descriptor) [pid 465] close(12) = -1 EBADF (Bad file descriptor) [pid 465] close(13) = -1 EBADF (Bad file descriptor) [pid 465] close(14) = -1 EBADF (Bad file descriptor) [pid 465] close(15) = -1 EBADF (Bad file descriptor) [pid 465] close(16) = -1 EBADF (Bad file descriptor) [pid 465] close(17) = -1 EBADF (Bad file descriptor) [pid 465] close(18) = -1 EBADF (Bad file descriptor) [pid 465] close(19) = -1 EBADF (Bad file descriptor) [pid 465] close(20) = -1 EBADF (Bad file descriptor) [pid 465] close(21) = -1 EBADF (Bad file descriptor) [pid 465] close(22) = -1 EBADF (Bad file descriptor) [pid 465] close(23) = -1 EBADF (Bad file descriptor) [pid 465] close(24) = -1 EBADF (Bad file descriptor) [pid 465] close(25) = -1 EBADF (Bad file descriptor) [pid 465] close(26) = -1 EBADF (Bad file descriptor) [pid 465] close(27) = -1 EBADF (Bad file descriptor) [pid 465] close(28) = -1 EBADF (Bad file descriptor) [pid 465] close(29) = -1 EBADF (Bad file descriptor) [pid 465] exit_group(0) = ? [pid 465] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 466] <... close resumed>) = 0 [pid 466] close(4) = 0 [pid 466] close(5) = 0 [pid 466] close(6) = 0 [pid 466] close(7) = -1 EBADF (Bad file descriptor) [pid 466] close(8) = -1 EBADF (Bad file descriptor) [pid 466] close(9) = -1 EBADF (Bad file descriptor) [pid 466] close(10) = -1 EBADF (Bad file descriptor) [pid 466] close(11) = -1 EBADF (Bad file descriptor) [pid 466] close(12) = -1 EBADF (Bad file descriptor) [pid 466] close(13) = -1 EBADF (Bad file descriptor) [pid 466] close(14) = -1 EBADF (Bad file descriptor) [pid 466] close(15) = -1 EBADF (Bad file descriptor) [pid 466] close(16) = -1 EBADF (Bad file descriptor) [pid 466] close(17) = -1 EBADF (Bad file descriptor) [pid 466] close(18) = -1 EBADF (Bad file descriptor) [pid 466] close(19) = -1 EBADF (Bad file descriptor) [pid 466] close(20) = -1 EBADF (Bad file descriptor) [pid 466] close(21) = -1 EBADF (Bad file descriptor) [pid 466] close(22) = -1 EBADF (Bad file descriptor) [pid 466] close(23) = -1 EBADF (Bad file descriptor) [pid 466] close(24 [pid 294] <... restart_syscall resumed>) = 0 [pid 294] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 466] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 466] close(25) = -1 EBADF (Bad file descriptor) [pid 466] close(26) = -1 EBADF (Bad file descriptor) [pid 466] close(27) = -1 EBADF (Bad file descriptor) [pid 466] close(28) = -1 EBADF (Bad file descriptor) [pid 466] close(29) = -1 EBADF (Bad file descriptor) [pid 466] exit_group(0) = ? [pid 466] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 468] <... openat resumed>) = 6 [pid 467] <... openat resumed>) = 6 [pid 468] ioctl(6, LOOP_CLR_FD [pid 467] ioctl(6, LOOP_CLR_FD [pid 468] <... ioctl resumed>) = 0 [pid 467] <... ioctl resumed>) = 0 [pid 294] <... umount2 resumed>) = 0 [pid 468] close(6 [pid 467] close(6 [pid 288] <... umount2 resumed>) = 0 [pid 468] <... close resumed>) = 0 [pid 467] <... close resumed>) = 0 [pid 468] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 467] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 468] <... openat resumed>) = 6 [pid 467] <... openat resumed>) = 6 [pid 467] write(6, "#! ./file1\n", 11 [pid 468] write(6, "#! ./file1\n", 11 [pid 467] <... write resumed>) = 11 [pid 468] <... write resumed>) = 11 [pid 467] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 468] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 467] <... mmap resumed>) = 0x200000000000 [pid 294] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] newfstatat(AT_FDCWD, "./7/file0", [pid 294] <... openat resumed>) = 4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] newfstatat(4, "", [pid 294] close(4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] <... close resumed>) = 0 [pid 288] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] rmdir("./6/file0") = 0 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 294] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] rmdir("./7/file0" [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... rmdir resumed>) = 0 [pid 294] newfstatat(AT_FDCWD, "./6/binderfs", [pid 288] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] unlink("./6/binderfs" [pid 288] newfstatat(AT_FDCWD, "./7/binderfs", [pid 294] <... unlink resumed>) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] getdents64(3, [pid 288] unlink("./7/binderfs" [pid 294] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] <... unlink resumed>) = 0 [pid 294] close(3 [pid 288] getdents64(3, [pid 294] <... close resumed>) = 0 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] rmdir("./6" [pid 288] close(3 [pid 294] <... rmdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 294] mkdir("./7", 0777 [pid 288] rmdir("./7" [pid 294] <... mkdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 288] mkdir("./8", 0777 [pid 294] ioctl(3, LOOP_CLR_FD [pid 288] <... mkdir resumed>) = 0 [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 294] close(3 [pid 288] <... openat resumed>) = 3 [pid 294] <... close resumed>) = 0 [pid 288] ioctl(3, LOOP_CLR_FD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] close(3 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 9 [pid 288] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 10 ./strace-static-x86_64: Process 491 attached [pid 491] set_robust_list(0x555565cde760, 24) = 0 [pid 491] chdir("./8") = 0 [pid 491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 491] setpgid(0, 0) = 0 [pid 491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 491] write(3, "1000", 4) = 4 [pid 491] close(3) = 0 [pid 491] symlink("/dev/binderfs", "./binderfs") = 0 [pid 491] write(1, "executing program\n", 18executing program ) = 18 [pid 491] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 491] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 491] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 491] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 491] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 491] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 491] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 491] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 491] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 491] memfd_create("syzkaller", 0) = 5 [pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 ./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x555565cde760, 24) = 0 [pid 490] chdir("./7") = 0 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 490] setpgid(0, 0) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 490] write(3, "1000", 4) = 4 [pid 490] close(3) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 490] write(1, "executing program\n", 18) = 18 [pid 490] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 490] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 490] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 490] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 490] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 490] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 490] memfd_create("syzkaller", 0) = 5 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 491] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 30.932839][ T468] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 30.932941][ T467] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 490] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 491] <... write resumed>) = 1048576 [pid 468] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 491] munmap(0x7f12c0537000, 138412032) = 0 [pid 468] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 491] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 468] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 468] close(3 [pid 491] ioctl(6, LOOP_SET_FD, 5 [pid 468] <... close resumed>) = 0 [pid 468] close(4) = 0 [pid 468] close(5) = 0 [pid 468] close(6) = 0 [pid 468] close(7) = -1 EBADF (Bad file descriptor) [pid 468] close(8) = -1 EBADF (Bad file descriptor) [pid 468] close(9) = -1 EBADF (Bad file descriptor) [pid 468] close(10) = -1 EBADF (Bad file descriptor) [pid 468] close(11) = -1 EBADF (Bad file descriptor) [pid 468] close(12) = -1 EBADF (Bad file descriptor) [pid 468] close(13) = -1 EBADF (Bad file descriptor) [pid 468] close(14) = -1 EBADF (Bad file descriptor) [pid 468] close(15) = -1 EBADF (Bad file descriptor) [pid 468] close(16) = -1 EBADF (Bad file descriptor) [pid 468] close(17) = -1 EBADF (Bad file descriptor) [pid 468] close(18) = -1 EBADF (Bad file descriptor) [pid 468] close(19) = -1 EBADF (Bad file descriptor) [pid 468] close(20) = -1 EBADF (Bad file descriptor) [pid 468] close(21) = -1 EBADF (Bad file descriptor) [pid 468] close(22) = -1 EBADF (Bad file descriptor) [pid 468] close(23) = -1 EBADF (Bad file descriptor) [pid 468] close(24) = -1 EBADF (Bad file descriptor) [pid 468] close(25) = -1 EBADF (Bad file descriptor) [pid 468] close(26) = -1 EBADF (Bad file descriptor) [pid 468] close(27) = -1 EBADF (Bad file descriptor) [pid 468] close(28) = -1 EBADF (Bad file descriptor) [pid 468] close(29) = -1 EBADF (Bad file descriptor) [pid 468] exit_group(0) = ? [pid 490] <... write resumed>) = 1048576 [pid 468] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 490] munmap(0x7f12c0537000, 138412032 [pid 482] <... mount resumed>) = 0 [pid 482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 482] chdir("./file0") = 0 [pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 491] <... ioctl resumed>) = 0 [pid 490] <... munmap resumed>) = 0 [pid 482] <... openat resumed>) = 6 [pid 467] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 482] ioctl(6, LOOP_CLR_FD) = 0 [pid 491] close(5 [pid 482] close(6 [pid 491] <... close resumed>) = 0 [pid 482] <... close resumed>) = 0 [pid 491] close(6 [pid 482] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 491] <... close resumed>) = 0 [pid 482] <... openat resumed>) = 6 [pid 292] <... restart_syscall resumed>) = 0 [pid 491] mkdir("./file0", 0777) = 0 [pid 491] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 292] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 482] write(6, "#! ./file1\n", 11) = 11 [pid 482] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 30.997742][ T482] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 490] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 467] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 467] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [ 31.038763][ T482] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 31.063961][ T472] EXT4-fs error (device loop2): ext4_map_blocks:740: inode #18: block 62218: comm vhost-467: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 467] close(3 [pid 491] <... mount resumed>) = 0 [pid 482] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 482] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 482] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 482] close(3 [pid 491] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 482] <... close resumed>) = 0 [pid 482] close(4) = 0 [pid 482] close(5) = 0 [pid 482] close(6) = 0 [pid 482] close(7) = -1 EBADF (Bad file descriptor) [pid 482] close(8) = -1 EBADF (Bad file descriptor) [pid 482] close(9) = -1 EBADF (Bad file descriptor) [pid 482] close(10) = -1 EBADF (Bad file descriptor) [pid 482] close(11) = -1 EBADF (Bad file descriptor) [pid 482] close(12) = -1 EBADF (Bad file descriptor) [pid 482] close(13) = -1 EBADF (Bad file descriptor) [pid 482] close(14) = -1 EBADF (Bad file descriptor) [pid 482] close(15) = -1 EBADF (Bad file descriptor) [pid 482] close(16) = -1 EBADF (Bad file descriptor) [pid 482] close(17) = -1 EBADF (Bad file descriptor) [pid 482] close(18) = -1 EBADF (Bad file descriptor) [pid 482] close(19) = -1 EBADF (Bad file descriptor) [pid 482] close(20) = -1 EBADF (Bad file descriptor) [pid 482] close(21) = -1 EBADF (Bad file descriptor) [pid 482] close(22) = -1 EBADF (Bad file descriptor) [pid 482] close(23) = -1 EBADF (Bad file descriptor) [pid 482] close(24) = -1 EBADF (Bad file descriptor) [pid 482] close(25) = -1 EBADF (Bad file descriptor) [pid 482] close(26) = -1 EBADF (Bad file descriptor) [pid 482] close(27) = -1 EBADF (Bad file descriptor) [pid 482] close(28) = -1 EBADF (Bad file descriptor) [pid 482] close(29) = -1 EBADF (Bad file descriptor) [pid 482] exit_group(0) = ? [pid 482] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 491] <... openat resumed>) = 5 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 491] chdir("./file0") = 0 [pid 491] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] <... restart_syscall resumed>) = 0 [pid 292] <... umount2 resumed>) = 0 [pid 490] <... openat resumed>) = 6 [pid 491] <... openat resumed>) = 6 [pid 490] ioctl(6, LOOP_SET_FD, 5 [pid 491] ioctl(6, LOOP_CLR_FD [pid 289] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... openat resumed>) = 3 [pid 292] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] newfstatat(3, "", [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] getdents64(3, [pid 292] <... openat resumed>) = 4 [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] newfstatat(4, "", [pid 289] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 467] <... close resumed>) = 0 [pid 467] close(4) = 0 [pid 467] close(5) = 0 [pid 292] getdents64(4, [pid 467] close(6 [pid 292] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 467] <... close resumed>) = 0 [pid 292] getdents64(4, [pid 467] close(7 [pid 292] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] close(4 [pid 467] close(8 [pid 292] <... close resumed>) = 0 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] rmdir("./6/file0" [pid 467] close(9 [pid 292] <... rmdir resumed>) = 0 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 467] close(10 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] newfstatat(AT_FDCWD, "./6/binderfs", [pid 467] close(11 [pid 292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] unlink("./6/binderfs" [pid 467] close(12 [pid 292] <... unlink resumed>) = 0 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] getdents64(3, [pid 467] close(13 [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] close(3 [pid 467] close(14 [pid 292] <... close resumed>) = 0 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 467] close(15 [pid 292] rmdir("./6" [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 467] close(16 [pid 292] <... rmdir resumed>) = 0 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 467] close(17 [pid 292] mkdir("./7", 0777 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 467] close(18 [pid 292] <... mkdir resumed>) = 0 [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 467] close(19 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 467] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 467] close(20) = -1 EBADF (Bad file descriptor) [pid 467] close(21) = -1 EBADF (Bad file descriptor) [pid 467] close(22) = -1 EBADF (Bad file descriptor) [pid 467] close(23) = -1 EBADF (Bad file descriptor) [pid 467] close(24) = -1 EBADF (Bad file descriptor) [pid 467] close(25) = -1 EBADF (Bad file descriptor) [pid 467] close(26) = -1 EBADF (Bad file descriptor) [pid 467] close(27) = -1 EBADF (Bad file descriptor) [pid 467] close(28) = -1 EBADF (Bad file descriptor) [pid 467] close(29) = -1 EBADF (Bad file descriptor) [pid 467] exit_group(0) = ? [pid 467] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 293] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 490] <... ioctl resumed>) = 0 [pid 491] <... ioctl resumed>) = 0 [pid 491] close(6 [pid 490] close(5) = 0 [ 31.089893][ T491] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 490] close(6 [pid 292] <... openat resumed>) = 3 [pid 292] ioctl(3, LOOP_CLR_FD [pid 491] <... close resumed>) = 0 [pid 490] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 490] mkdir("./file0", 0777 [pid 491] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 490] <... mkdir resumed>) = 0 [pid 490] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 491] <... openat resumed>) = 6 [pid 491] write(6, "#! ./file1\n", 11 [pid 289] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 491] <... write resumed>) = 11 [pid 289] newfstatat(AT_FDCWD, "./8/file0", [pid 491] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 491] <... mmap resumed>) = 0x200000000000 [pid 289] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 491] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 289] newfstatat(4, "", [pid 491] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 491] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 289] getdents64(4, [pid 491] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 289] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 491] close(3 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4 [pid 491] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 491] close(4 [pid 289] rmdir("./8/file0" [pid 491] <... close resumed>) = 0 [pid 491] close(5 [pid 289] <... rmdir resumed>) = 0 [pid 491] <... close resumed>) = 0 [pid 289] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 491] close(6) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 491] close(7 [pid 289] newfstatat(AT_FDCWD, "./8/binderfs", [pid 491] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 491] close(8 [pid 289] unlink("./8/binderfs" [pid 491] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 491] close(9 [pid 289] <... unlink resumed>) = 0 [pid 491] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] getdents64(3, [pid 491] close(10) = -1 EBADF (Bad file descriptor) [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 491] close(11 [pid 289] close(3 [pid 491] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 491] close(12 [pid 289] <... close resumed>) = 0 [pid 491] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] rmdir("./8" [pid 491] close(13) = -1 EBADF (Bad file descriptor) [pid 289] <... rmdir resumed>) = 0 [pid 491] close(14 [pid 289] mkdir("./9", 0777 [pid 491] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 491] close(15 [pid 289] <... mkdir resumed>) = 0 [pid 491] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 491] close(16) = -1 EBADF (Bad file descriptor) [pid 491] close(17) = -1 EBADF (Bad file descriptor) [pid 491] close(18) = -1 EBADF (Bad file descriptor) [pid 491] close(19) = -1 EBADF (Bad file descriptor) [pid 491] close(20) = -1 EBADF (Bad file descriptor) [pid 491] close(21) = -1 EBADF (Bad file descriptor) [pid 491] close(22) = -1 EBADF (Bad file descriptor) [pid 491] close(23) = -1 EBADF (Bad file descriptor) [pid 491] close(24) = -1 EBADF (Bad file descriptor) [pid 491] close(25) = -1 EBADF (Bad file descriptor) [pid 491] close(26) = -1 EBADF (Bad file descriptor) [pid 491] close(27) = -1 EBADF (Bad file descriptor) [pid 491] close(28) = -1 EBADF (Bad file descriptor) [pid 491] close(29) = -1 EBADF (Bad file descriptor) [pid 491] exit_group(0) = ? [pid 491] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... umount2 resumed>) = 0 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... openat resumed>) = 3 [pid 292] close(3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 292] <... close resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] close(3) = 0 [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 9 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 499 attached , child_tidptr=0x555565cde750) = 11 [pid 499] set_robust_list(0x555565cde760, 24) = 0 [pid 499] chdir("./7") = 0 [pid 288] <... umount2 resumed>) = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 288] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 499] <... prctl resumed>) = 0 [pid 288] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./8/file0" [pid 499] setpgid(0, 0 [pid 288] <... rmdir resumed>) = 0 [pid 288] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./8/binderfs") = 0 [pid 293] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./6/file0", [pid 288] getdents64(3, [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] close(3 [pid 499] <... setpgid resumed>) = 0 [pid 293] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... close resumed>) = 0 [pid 293] <... openat resumed>) = 4 [pid 288] rmdir("./8" [pid 293] newfstatat(4, "", [pid 288] <... rmdir resumed>) = 0 [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] mkdir("./9", 0777 [pid 293] getdents64(4, [pid 288] <... mkdir resumed>) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 293] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./6/file0") = 0 [pid 293] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./6/binderfs") = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./6") = 0 [pid 293] mkdir("./7", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 499] <... openat resumed>) = 3 [pid 499] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 500 attached [pid 499] close(3) = 0 [pid 500] set_robust_list(0x555565cde760, 24 [pid 499] symlink("/dev/binderfs", "./binderfs" [pid 500] <... set_robust_list resumed>) = 0 [pid 499] <... symlink resumed>) = 0 executing program [pid 499] write(1, "executing program\n", 18) = 18 [pid 499] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 500] chdir("./9" [pid 499] <... openat resumed>) = 3 [pid 499] ioctl(3, VHOST_SET_OWNER [pid 500] <... chdir resumed>) = 0 [pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 500] setpgid(0, 0) = 0 [pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 500] write(3, "1000", 4) = 4 [pid 500] close(3) = 0 [pid 500] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 500] write(1, "executing program\n", 18) = 18 [ 31.238728][ T492] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-491: bg 0: block 234: padding at end of block bitmap is not set [pid 500] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 500] ioctl(3, VHOST_SET_OWNER [pid 499] <... ioctl resumed>, 0) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_ADDR [pid 500] <... ioctl resumed>, 0) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 500] ioctl(3, VHOST_SET_MEM_TABLE [pid 499] <... ioctl resumed>, 0x200000000300) = 0 [pid 499] ioctl(3, VHOST_SET_MEM_TABLE [pid 500] <... ioctl resumed>, 0x200000003380) = 0 [pid 500] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 500] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 500] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 500] memfd_create("syzkaller", 0) = 5 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 500] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 499] <... ioctl resumed>, 0x200000003380) = 0 [pid 499] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 499] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 499] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 490] <... mount resumed>) = 0 [pid 293] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 499] memfd_create("syzkaller", 0 [pid 490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 293] ioctl(3, LOOP_CLR_FD [pid 288] ioctl(3, LOOP_CLR_FD [pid 499] <... memfd_create resumed>) = 5 [pid 490] <... openat resumed>) = 5 [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 490] chdir("./file0" [pid 293] close(3 [pid 288] close(3 [pid 499] <... mmap resumed>) = 0x7f12c0537000 [pid 490] <... chdir resumed>) = 0 [pid 293] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 499] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 490] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 490] <... openat resumed>) = 6 [pid 490] ioctl(6, LOOP_CLR_FD) = 0 [pid 490] close(6) = 0 [pid 490] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 9 [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 11 [pid 490] write(6, "#! ./file1\n", 11) = 11 [ 31.301867][ T490] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 490] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 499] <... write resumed>) = 1048576 [pid 500] <... write resumed>) = 1048576 [pid 499] munmap(0x7f12c0537000, 138412032) = 0 [pid 499] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 499] ioctl(6, LOOP_SET_FD, 5./strace-static-x86_64: Process 505 attached ./strace-static-x86_64: Process 506 attached [pid 506] set_robust_list(0x555565cde760, 24 [pid 505] set_robust_list(0x555565cde760, 24 [pid 506] <... set_robust_list resumed>) = 0 [pid 505] <... set_robust_list resumed>) = 0 [pid 500] munmap(0x7f12c0537000, 138412032 [pid 505] chdir("./9" [pid 506] chdir("./7" [pid 500] <... munmap resumed>) = 0 [pid 506] <... chdir resumed>) = 0 [pid 505] <... chdir resumed>) = 0 [pid 506] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 506] <... prctl resumed>) = 0 [pid 506] setpgid(0, 0) = 0 [pid 506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 505] <... openat resumed>) = 3 [pid 506] <... openat resumed>) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 506] write(3, "1000", 4 [pid 505] symlink("/dev/binderfs", "./binderfs" [pid 506] <... write resumed>) = 4 [pid 505] <... symlink resumed>) = 0 [pid 506] close(3) = 0 [pid 506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 505] write(1, "executing program\n", 18executing program [pid 499] <... ioctl resumed>) = 0 [pid 499] close(5) = 0 [pid 499] close(6 [pid 500] <... openat resumed>) = 6 [pid 499] <... close resumed>) = 0 [pid 499] mkdir("./file0", 0777) = 0 [pid 499] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 500] ioctl(6, LOOP_SET_FD, 5 [pid 505] <... write resumed>) = 18 [pid 505] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 506] write(1, "executing program\n", 18executing program ) = 18 [pid 506] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 505] <... openat resumed>) = 3 [pid 506] <... openat resumed>) = 3 [pid 505] ioctl(3, VHOST_SET_OWNER [pid 506] ioctl(3, VHOST_SET_OWNER [pid 500] <... ioctl resumed>) = 0 [pid 500] close(5) = 0 [ 31.339349][ T490] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 500] close(6) = 0 [pid 500] mkdir("./file0", 0777) = 0 [pid 500] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 505] <... ioctl resumed>, 0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 505] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 505] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 505] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 505] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 505] memfd_create("syzkaller", 0) = 5 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 506] <... ioctl resumed>, 0) = 0 [pid 506] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 506] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 506] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 506] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 506] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 506] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 506] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 506] memfd_create("syzkaller", 0) = 5 [pid 506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 505] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 506] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 505] <... write resumed>) = 1048576 [pid 506] <... write resumed>) = 1048576 [pid 506] munmap(0x7f12c0537000, 138412032 [pid 505] munmap(0x7f12c0537000, 138412032 [pid 499] <... mount resumed>) = 0 [pid 505] <... munmap resumed>) = 0 [pid 499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 505] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 499] <... openat resumed>) = 5 [pid 505] <... openat resumed>) = 6 [pid 499] chdir("./file0" [pid 506] <... munmap resumed>) = 0 [pid 505] ioctl(6, LOOP_SET_FD, 5 [pid 499] <... chdir resumed>) = 0 [pid 506] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 499] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 505] <... ioctl resumed>) = 0 [pid 500] <... mount resumed>) = 0 [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 490] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 506] <... openat resumed>) = 6 [pid 505] close(5 [pid 506] ioctl(6, LOOP_SET_FD, 5 [pid 505] <... close resumed>) = 0 [pid 499] <... openat resumed>) = 6 [pid 505] close(6 [pid 499] ioctl(6, LOOP_CLR_FD [pid 490] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 490] close(3 [pid 500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 500] chdir("./file0") = 0 [pid 490] <... close resumed>) = 0 [pid 490] close(4) = 0 [pid 490] close(5) = 0 [pid 490] close(6) = 0 [pid 490] close(7) = -1 EBADF (Bad file descriptor) [pid 490] close(8) = -1 EBADF (Bad file descriptor) [pid 490] close(9) = -1 EBADF (Bad file descriptor) [pid 490] close(10) = -1 EBADF (Bad file descriptor) [pid 490] close(11) = -1 EBADF (Bad file descriptor) [pid 490] close(12) = -1 EBADF (Bad file descriptor) [pid 490] close(13) = -1 EBADF (Bad file descriptor) [pid 490] close(14) = -1 EBADF (Bad file descriptor) [pid 490] close(15) = -1 EBADF (Bad file descriptor) [pid 490] close(16) = -1 EBADF (Bad file descriptor) [pid 490] close(17) = -1 EBADF (Bad file descriptor) [pid 490] close(18) = -1 EBADF (Bad file descriptor) [pid 490] close(19) = -1 EBADF (Bad file descriptor) [pid 490] close(20) = -1 EBADF (Bad file descriptor) [pid 490] close(21) = -1 EBADF (Bad file descriptor) [pid 490] close(22) = -1 EBADF (Bad file descriptor) [pid 490] close(23) = -1 EBADF (Bad file descriptor) [pid 490] close(24) = -1 EBADF (Bad file descriptor) [pid 490] close(25) = -1 EBADF (Bad file descriptor) [pid 490] close(26) = -1 EBADF (Bad file descriptor) [pid 490] close(27) = -1 EBADF (Bad file descriptor) [pid 490] close(28) = -1 EBADF (Bad file descriptor) [pid 490] close(29) = -1 EBADF (Bad file descriptor) [pid 490] exit_group(0) = ? [pid 490] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 294] <... restart_syscall resumed>) = 0 [pid 294] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 506] <... ioctl resumed>) = 0 [pid 505] <... close resumed>) = 0 [pid 499] <... ioctl resumed>) = 0 [pid 506] close(5 [pid 505] mkdir("./file0", 0777 [pid 499] close(6 [pid 505] <... mkdir resumed>) = 0 [pid 506] <... close resumed>) = 0 [pid 506] close(6 [ 31.436945][ T499] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 31.447089][ T500] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 505] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 500] <... openat resumed>) = 6 [pid 499] <... close resumed>) = 0 [pid 506] <... close resumed>) = 0 [pid 499] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 506] mkdir("./file0", 0777 [pid 500] ioctl(6, LOOP_CLR_FD [pid 506] <... mkdir resumed>) = 0 [pid 506] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 499] <... openat resumed>) = 6 [pid 499] write(6, "#! ./file1\n", 11) = 11 [pid 499] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 294] <... umount2 resumed>) = 0 [pid 500] <... ioctl resumed>) = 0 [pid 500] close(6) = 0 [pid 500] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 294] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 500] <... openat resumed>) = 6 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 500] write(6, "#! ./file1\n", 11) = 11 [pid 294] newfstatat(AT_FDCWD, "./7/file0", [pid 500] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 500] <... mmap resumed>) = 0x200000000000 [ 31.568911][ T502] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-499: bg 0: block 234: padding at end of block bitmap is not set [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./7/file0") = 0 [pid 294] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./7/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./7") = 0 [pid 294] mkdir("./8", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 499] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 499] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 499] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 10 [pid 499] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 499] close(3./strace-static-x86_64: Process 521 attached [pid 521] set_robust_list(0x555565cde760, 24) = 0 [pid 499] <... close resumed>) = 0 [pid 499] close(4) = 0 [pid 499] close(5) = 0 [pid 499] close(6) = 0 [pid 499] close(7) = -1 EBADF (Bad file descriptor) [pid 499] close(8) = -1 EBADF (Bad file descriptor) [pid 499] close(9) = -1 EBADF (Bad file descriptor) [pid 499] close(10) = -1 EBADF (Bad file descriptor) [pid 499] close(11) = -1 EBADF (Bad file descriptor) [pid 499] close(12) = -1 EBADF (Bad file descriptor) [pid 499] close(13 [pid 505] <... mount resumed>) = 0 [pid 499] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 499] close(14 [pid 506] <... mount resumed>) = 0 [pid 505] <... openat resumed>) = 5 [pid 499] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 505] chdir("./file0" [pid 499] close(15 [pid 506] <... openat resumed>) = 5 [pid 505] <... chdir resumed>) = 0 [pid 499] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] chdir("./file0" [pid 505] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 499] close(16 [pid 506] <... chdir resumed>) = 0 [pid 505] <... openat resumed>) = 6 [pid 499] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 505] ioctl(6, LOOP_CLR_FD [pid 499] close(17 [pid 506] <... openat resumed>) = 6 [pid 505] <... ioctl resumed>) = 0 [pid 499] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] ioctl(6, LOOP_CLR_FD [pid 505] close(6 [pid 499] close(18) = -1 EBADF (Bad file descriptor) [pid 521] chdir("./8") = 0 [pid 521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 521] setpgid(0, 0) = 0 [pid 521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 521] write(3, "1000", 4) = 4 [pid 521] close(3) = 0 [pid 521] symlink("/dev/binderfs", "./binderfs") = 0 [pid 521] write(1, "executing program\n", 18executing program ) = 18 [pid 521] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 521] ioctl(3, VHOST_SET_OWNER [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 500] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 500] close(3 [pid 499] close(19) = -1 EBADF (Bad file descriptor) [pid 499] close(20) = -1 EBADF (Bad file descriptor) [pid 499] close(21) = -1 EBADF (Bad file descriptor) [pid 499] close(22) = -1 EBADF (Bad file descriptor) [pid 499] close(23) = -1 EBADF (Bad file descriptor) [pid 499] close(24) = -1 EBADF (Bad file descriptor) [pid 499] close(25) = -1 EBADF (Bad file descriptor) [pid 499] close(26) = -1 EBADF (Bad file descriptor) [pid 499] close(27) = -1 EBADF (Bad file descriptor) [pid 499] close(28) = -1 EBADF (Bad file descriptor) [pid 499] close(29) = -1 EBADF (Bad file descriptor) [pid 499] exit_group(0) = ? [pid 499] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 505] <... close resumed>) = 0 [pid 506] <... ioctl resumed>) = 0 [pid 506] close(6 [pid 505] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 292] <... restart_syscall resumed>) = 0 [pid 292] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 506] <... close resumed>) = 0 [pid 506] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 505] <... openat resumed>) = 6 [ 31.606365][ T500] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 31.626901][ T505] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 31.636962][ T506] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 505] write(6, "#! ./file1\n", 11 [pid 506] <... openat resumed>) = 6 [pid 506] write(6, "#! ./file1\n", 11 [pid 505] <... write resumed>) = 11 [pid 505] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 506] <... write resumed>) = 11 [pid 505] <... mmap resumed>) = 0x200000000000 [pid 506] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 521] <... ioctl resumed>, 0) = 0 [pid 506] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 500] <... close resumed>) = 0 [pid 500] close(4 [pid 521] ioctl(3, VHOST_SET_VRING_ADDR [pid 500] <... close resumed>) = 0 [pid 500] close(5 [pid 521] <... ioctl resumed>, 0x200000000300) = 0 [pid 500] <... close resumed>) = 0 [pid 500] close(6 [pid 521] ioctl(3, VHOST_SET_MEM_TABLE [pid 500] <... close resumed>) = 0 [pid 500] close(7) = -1 EBADF (Bad file descriptor) [pid 521] <... ioctl resumed>, 0x200000003380) = 0 [pid 500] close(8 [pid 521] eventfd2(118, EFD_SEMAPHORE [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 521] <... eventfd2 resumed>) = 4 [pid 500] close(9 [pid 521] ioctl(3, VHOST_SET_VRING_ERR [pid 506] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] close(10 [pid 521] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 506] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 521] ioctl(3, VHOST_SET_VRING_ADDR [pid 506] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 500] close(11 [pid 521] <... ioctl resumed>, 0x200000000240) = 0 [pid 506] close(3 [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 521] ioctl(3, VHOST_SET_VRING_KICK [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 500] close(12 [pid 505] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(3 [pid 500] close(13 [pid 521] <... ioctl resumed>, 0x200000000000) = 0 [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] <... close resumed>) = 0 [pid 500] close(14 [pid 521] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 505] close(4 [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 521] <... ioctl resumed>, 0x200000000140) = 0 [pid 521] memfd_create("syzkaller", 0) = 5 [pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 521] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 505] <... close resumed>) = 0 [pid 500] close(15 [pid 505] close(5 [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] <... close resumed>) = 0 [pid 505] close(6 [pid 500] close(16) = -1 EBADF (Bad file descriptor) [pid 505] <... close resumed>) = 0 [pid 505] close(7 [pid 500] close(17 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(8 [pid 500] close(18 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(9 [pid 500] close(19 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(10 [pid 500] close(20 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(11 [pid 500] close(21 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(12 [pid 500] close(22 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(13 [pid 500] close(23 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(14 [pid 500] close(24 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(15 [pid 500] close(25 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(16 [pid 500] close(26 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(17 [pid 500] close(27 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(18 [pid 500] close(28 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(19 [pid 500] close(29 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] close(20 [pid 500] exit_group(0 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 500] <... exit_group resumed>) = ? [pid 505] close(21 [pid 500] +++ exited with 0 +++ [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 505] close(22 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] <... close resumed>) = 0 [pid 505] close(23 [pid 506] close(4) = 0 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] close(5 [pid 505] close(24 [pid 506] <... close resumed>) = 0 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] close(6 [pid 505] close(25 [pid 506] <... close resumed>) = 0 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] close(7) = -1 EBADF (Bad file descriptor) [pid 505] close(26 [pid 506] close(8 [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] close(9 [pid 505] close(27 [pid 506] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] close(10 [pid 505] close(28 [pid 506] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] close(11 [pid 505] close(29 [pid 506] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 505] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] close(12) = -1 EBADF (Bad file descriptor) [pid 505] exit_group(0 [pid 506] close(13) = -1 EBADF (Bad file descriptor) [pid 505] <... exit_group resumed>) = ? [pid 506] close(14) = -1 EBADF (Bad file descriptor) [pid 506] close(15) = -1 EBADF (Bad file descriptor) [pid 506] close(16) = -1 EBADF (Bad file descriptor) [pid 506] close(17) = -1 EBADF (Bad file descriptor) [pid 506] close(18) = -1 EBADF (Bad file descriptor) [pid 506] close(19) = -1 EBADF (Bad file descriptor) [pid 506] close(20) = -1 EBADF (Bad file descriptor) [pid 506] close(21) = -1 EBADF (Bad file descriptor) [pid 506] close(22 [pid 505] +++ exited with 0 +++ [pid 506] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 506] close(23 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 506] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 506] close(24) = -1 EBADF (Bad file descriptor) [pid 506] close(25) = -1 EBADF (Bad file descriptor) [pid 506] close(26) = -1 EBADF (Bad file descriptor) [pid 506] close(27) = -1 EBADF (Bad file descriptor) [pid 506] close(28) = -1 EBADF (Bad file descriptor) [pid 506] close(29) = -1 EBADF (Bad file descriptor) [pid 506] exit_group(0) = ? [pid 506] +++ exited with 0 +++ [pid 521] <... write resumed>) = 1048576 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 521] munmap(0x7f12c0537000, 138412032) = 0 [pid 521] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 293] <... restart_syscall resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 293] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... openat resumed>) = 3 [pid 289] <... openat resumed>) = 3 [pid 293] newfstatat(3, "", [pid 289] newfstatat(3, "", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, [pid 289] getdents64(3, [pid 288] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 293] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... openat resumed>) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 31.701591][ T509] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-505: bg 0: block 234: padding at end of block bitmap is not set [ 31.716660][ T506] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 288] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 521] <... openat resumed>) = 6 [pid 292] <... umount2 resumed>) = 0 [pid 521] ioctl(6, LOOP_SET_FD, 5 [pid 292] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 521] <... ioctl resumed>) = 0 [pid 292] newfstatat(AT_FDCWD, "./7/file0", [pid 521] close(5) = 0 [pid 521] close(6 [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./7/file0") = 0 [pid 292] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./7/binderfs") = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./7") = 0 [pid 292] mkdir("./8", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 293] <... umount2 resumed>) = 0 [pid 521] <... close resumed>) = 0 [pid 521] mkdir("./file0", 0777 [pid 292] ioctl(3, LOOP_CLR_FD [pid 289] <... umount2 resumed>) = 0 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 521] <... mkdir resumed>) = 0 [pid 292] close(3) = 0 [pid 521] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 288] <... umount2 resumed>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 10 ./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x555565cde760, 24) = 0 [pid 524] chdir("./8") = 0 [pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 524] setpgid(0, 0) = 0 [pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 524] write(3, "1000", 4) = 4 [pid 524] close(3) = 0 [pid 524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 293] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 524] write(1, "executing program\n", 18 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 293] newfstatat(AT_FDCWD, "./7/file0", [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 524] <... write resumed>) = 18 [pid 524] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 524] ioctl(3, VHOST_SET_OWNER [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] newfstatat(AT_FDCWD, "./9/file0", [pid 288] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 524] <... ioctl resumed>, 0) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 524] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 524] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 524] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 524] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 293] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] newfstatat(AT_FDCWD, "./9/file0", [pid 293] <... openat resumed>) = 4 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] newfstatat(4, "", [pid 289] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... openat resumed>) = 4 [pid 288] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] getdents64(4, [pid 289] newfstatat(4, "", [pid 293] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 524] <... ioctl resumed>, 0x200000000140) = 0 [pid 524] memfd_create("syzkaller", 0) = 5 [pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 293] getdents64(4, [pid 289] getdents64(4, [pid 288] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 293] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] close(4 [pid 289] getdents64(4, [pid 288] <... openat resumed>) = 4 [pid 293] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] newfstatat(4, "", [pid 293] rmdir("./7/file0" [pid 289] close(4 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 293] <... rmdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] getdents64(4, [pid 293] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] rmdir("./9/file0" [pid 288] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./7/binderfs", [pid 289] <... rmdir resumed>) = 0 [pid 288] getdents64(4, [pid 293] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] unlink("./7/binderfs" [pid 288] close(4 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] <... unlink resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./9/binderfs", [pid 288] <... close resumed>) = 0 [pid 293] getdents64(3, [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] unlink("./9/binderfs" [pid 288] rmdir("./9/file0" [pid 293] close(3 [pid 289] <... unlink resumed>) = 0 [pid 293] <... close resumed>) = 0 [pid 289] getdents64(3, [pid 288] <... rmdir resumed>) = 0 [pid 293] rmdir("./7" [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... rmdir resumed>) = 0 [pid 289] close(3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] mkdir("./8", 0777 [pid 289] <... close resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./9/binderfs", [pid 293] <... mkdir resumed>) = 0 [pid 289] rmdir("./9" [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 289] <... rmdir resumed>) = 0 [pid 288] unlink("./9/binderfs" [pid 293] ioctl(3, LOOP_CLR_FD [pid 289] mkdir("./10", 0777 [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] <... mkdir resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 293] close(3 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] getdents64(3, [pid 293] <... close resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... openat resumed>) = 3 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3 [pid 289] ioctl(3, LOOP_CLR_FD [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 10 [pid 288] <... close resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] rmdir("./9" [pid 289] close(3) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] mkdir("./10", 0777) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 12 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3 [pid 524] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 288] <... close resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 12 ./strace-static-x86_64: Process 528 attached ./strace-static-x86_64: Process 527 attached [pid 528] set_robust_list(0x555565cde760, 24 [pid 527] set_robust_list(0x555565cde760, 24 [pid 528] <... set_robust_list resumed>) = 0 [pid 527] <... set_robust_list resumed>) = 0 [pid 528] chdir("./10" [pid 527] chdir("./8"./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x555565cde760, 24) = 0 [pid 530] chdir("./10") = 0 [pid 530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 530] setpgid(0, 0) = 0 [pid 530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 527] <... chdir resumed>) = 0 [pid 528] <... chdir resumed>) = 0 [pid 527] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 528] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 527] <... prctl resumed>) = 0 [pid 528] <... prctl resumed>) = 0 [pid 528] setpgid(0, 0 [pid 527] setpgid(0, 0 [pid 530] write(3, "1000", 4) = 4 [pid 530] close(3) = 0 [pid 530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 530] write(1, "executing program\n", 18executing program ) = 18 [pid 530] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 530] ioctl(3, VHOST_SET_OWNER [pid 527] <... setpgid resumed>) = 0 [pid 528] <... setpgid resumed>) = 0 [pid 527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 527] <... openat resumed>) = 3 [pid 528] <... openat resumed>) = 3 [pid 527] write(3, "1000", 4 [pid 528] write(3, "1000", 4 [pid 527] <... write resumed>) = 4 [pid 528] <... write resumed>) = 4 [pid 527] close(3 [pid 528] close(3 [pid 527] <... close resumed>) = 0 [pid 528] <... close resumed>) = 0 [pid 527] symlink("/dev/binderfs", "./binderfs" [pid 528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 527] <... symlink resumed>) = 0 [pid 528] write(1, "executing program\n", 18 [pid 527] write(1, "executing program\n", 18executing program executing program [pid 528] <... write resumed>) = 18 [pid 527] <... write resumed>) = 18 [pid 528] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 527] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 528] <... openat resumed>) = 3 [pid 528] ioctl(3, VHOST_SET_OWNER [pid 527] <... openat resumed>) = 3 [pid 527] ioctl(3, VHOST_SET_OWNER [pid 524] <... write resumed>) = 1048576 [pid 524] munmap(0x7f12c0537000, 138412032 [pid 528] <... ioctl resumed>, 0) = 0 [pid 528] ioctl(3, VHOST_SET_VRING_ADDR [pid 527] <... ioctl resumed>, 0) = 0 [pid 528] <... ioctl resumed>, 0x200000000300) = 0 [pid 527] ioctl(3, VHOST_SET_VRING_ADDR [pid 521] <... mount resumed>) = 0 [pid 528] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 527] <... ioctl resumed>, 0x200000000300) = 0 [pid 528] eventfd2(118, EFD_SEMAPHORE [pid 521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 528] <... eventfd2 resumed>) = 4 [pid 527] ioctl(3, VHOST_SET_MEM_TABLE [pid 528] ioctl(3, VHOST_SET_VRING_ERR [pid 527] <... ioctl resumed>, 0x200000003380) = 0 [pid 521] <... openat resumed>) = 5 [pid 528] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 527] eventfd2(118, EFD_SEMAPHORE [pid 528] ioctl(3, VHOST_SET_VRING_ADDR [pid 521] chdir("./file0" [pid 527] <... eventfd2 resumed>) = 4 [pid 528] <... ioctl resumed>, 0x200000000240) = 0 [pid 527] ioctl(3, VHOST_SET_VRING_ERR [pid 528] ioctl(3, VHOST_SET_VRING_KICK [pid 527] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 521] <... chdir resumed>) = 0 [pid 528] <... ioctl resumed>, 0x200000000000) = 0 [pid 527] ioctl(3, VHOST_SET_VRING_ADDR [pid 528] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 521] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 527] <... ioctl resumed>, 0x200000000240) = 0 [pid 528] <... ioctl resumed>, 0x200000000140) = 0 [pid 527] ioctl(3, VHOST_SET_VRING_KICK [pid 530] <... ioctl resumed>, 0) = 0 [pid 528] memfd_create("syzkaller", 0 [pid 527] <... ioctl resumed>, 0x200000000000) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR [pid 528] <... memfd_create resumed>) = 5 [pid 527] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 527] <... ioctl resumed>, 0x200000000140) = 0 [pid 530] <... ioctl resumed>, 0x200000000300) = 0 [pid 528] <... mmap resumed>) = 0x7f12c0537000 [pid 527] memfd_create("syzkaller", 0 [pid 530] ioctl(3, VHOST_SET_MEM_TABLE [pid 524] <... munmap resumed>) = 0 [pid 524] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_SET_FD, 5 [pid 528] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 527] <... memfd_create resumed>) = 5 [pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 530] <... ioctl resumed>, 0x200000003380) = 0 [pid 527] <... mmap resumed>) = 0x7f12c0537000 [pid 530] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 530] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 530] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 530] memfd_create("syzkaller", 0) = 5 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 530] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 527] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 530] <... write resumed>) = 1048576 [pid 528] <... write resumed>) = 1048576 [pid 530] munmap(0x7f12c0537000, 138412032) = 0 [ 32.016867][ T521] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 530] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 527] <... write resumed>) = 1048576 [pid 528] munmap(0x7f12c0537000, 138412032 [pid 530] <... openat resumed>) = 6 [pid 528] <... munmap resumed>) = 0 [pid 527] munmap(0x7f12c0537000, 138412032 [pid 524] <... ioctl resumed>) = 0 [pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 530] ioctl(6, LOOP_SET_FD, 5 [pid 528] <... openat resumed>) = 6 [pid 527] <... munmap resumed>) = 0 [pid 524] close(5 [pid 528] ioctl(6, LOOP_SET_FD, 5 [pid 527] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 524] <... close resumed>) = 0 [pid 524] close(6 [pid 521] <... openat resumed>) = 6 [pid 528] <... ioctl resumed>) = 0 [pid 521] ioctl(6, LOOP_CLR_FD [pid 528] close(5) = 0 [pid 528] close(6 [pid 530] <... ioctl resumed>) = 0 [pid 527] <... openat resumed>) = 6 [pid 530] close(5) = 0 [pid 527] ioctl(6, LOOP_SET_FD, 5 [pid 530] close(6 [pid 527] <... ioctl resumed>) = 0 [pid 524] <... close resumed>) = 0 [pid 521] <... ioctl resumed>) = 0 [pid 521] close(6 [pid 527] close(5 [pid 524] mkdir("./file0", 0777 [pid 527] <... close resumed>) = 0 [pid 524] <... mkdir resumed>) = 0 [pid 524] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 527] close(6 [pid 530] <... close resumed>) = 0 [pid 528] <... close resumed>) = 0 [pid 530] mkdir("./file0", 0777 [pid 528] mkdir("./file0", 0777 [pid 530] <... mkdir resumed>) = 0 [pid 528] <... mkdir resumed>) = 0 [pid 530] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 528] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 521] <... close resumed>) = 0 [pid 521] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 521] write(6, "#! ./file1\n", 11) = 11 [pid 521] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 521] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 521] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 521] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 521] close(3) = 0 [pid 521] close(4) = 0 [pid 521] close(5) = 0 [pid 521] close(6) = 0 [pid 521] close(7) = -1 EBADF (Bad file descriptor) [pid 521] close(8) = -1 EBADF (Bad file descriptor) [pid 521] close(9) = -1 EBADF (Bad file descriptor) [pid 521] close(10) = -1 EBADF (Bad file descriptor) [pid 521] close(11) = -1 EBADF (Bad file descriptor) [pid 521] close(12) = -1 EBADF (Bad file descriptor) [pid 521] close(13) = -1 EBADF (Bad file descriptor) [pid 521] close(14) = -1 EBADF (Bad file descriptor) [pid 521] close(15) = -1 EBADF (Bad file descriptor) [pid 521] close(16) = -1 EBADF (Bad file descriptor) [pid 521] close(17) = -1 EBADF (Bad file descriptor) [pid 521] close(18) = -1 EBADF (Bad file descriptor) [pid 521] close(19) = -1 EBADF (Bad file descriptor) [pid 521] close(20) = -1 EBADF (Bad file descriptor) [pid 521] close(21) = -1 EBADF (Bad file descriptor) [pid 521] close(22) = -1 EBADF (Bad file descriptor) [pid 521] close(23) = -1 EBADF (Bad file descriptor) [pid 521] close(24) = -1 EBADF (Bad file descriptor) [pid 521] close(25) = -1 EBADF (Bad file descriptor) [pid 521] close(26) = -1 EBADF (Bad file descriptor) [pid 521] close(27) = -1 EBADF (Bad file descriptor) [pid 521] close(28) = -1 EBADF (Bad file descriptor) [pid 521] close(29) = -1 EBADF (Bad file descriptor) [pid 521] exit_group(0) = ? [pid 521] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 527] <... close resumed>) = 0 [pid 527] mkdir("./file0", 0777) = 0 [ 32.255071][ T521] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 527] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./8/file0") = 0 [pid 294] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./8/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./8") = 0 [pid 294] mkdir("./9", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 524] <... mount resumed>) = 0 [pid 524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 524] chdir("./file0") = 0 [ 32.320638][ T524] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 524] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 294] <... openat resumed>) = 3 [pid 524] ioctl(6, LOOP_CLR_FD [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 11 ./strace-static-x86_64: Process 544 attached [pid 544] set_robust_list(0x555565cde760, 24) = 0 [pid 544] chdir("./9") = 0 [pid 544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 544] setpgid(0, 0) = 0 [pid 544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 544] write(3, "1000", 4) = 4 [pid 544] close(3) = 0 [pid 544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 524] <... ioctl resumed>) = 0 [pid 544] write(1, "executing program\n", 18 [pid 524] close(6executing program [pid 544] <... write resumed>) = 18 [pid 544] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 544] ioctl(3, VHOST_SET_OWNER [pid 524] <... close resumed>) = 0 [pid 524] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 524] write(6, "#! ./file1\n", 11) = 11 [pid 524] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 32.361276][ T530] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 32.371155][ T528] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 530] <... mount resumed>) = 0 [pid 528] <... mount resumed>) = 0 [pid 530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 530] <... openat resumed>) = 5 [pid 528] <... openat resumed>) = 5 [pid 530] chdir("./file0" [pid 528] chdir("./file0" [pid 530] <... chdir resumed>) = 0 [pid 528] <... chdir resumed>) = 0 [pid 544] <... ioctl resumed>, 0) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 544] ioctl(3, VHOST_SET_VRING_ADDR [pid 530] <... openat resumed>) = 6 [pid 544] <... ioctl resumed>, 0x200000000300) = 0 [pid 530] ioctl(6, LOOP_CLR_FD [pid 528] <... openat resumed>) = 6 [pid 544] ioctl(3, VHOST_SET_MEM_TABLE [pid 530] <... ioctl resumed>) = 0 [pid 528] ioctl(6, LOOP_CLR_FD [pid 530] close(6 [pid 528] <... ioctl resumed>) = 0 [pid 530] <... close resumed>) = 0 [pid 528] close(6 [pid 530] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 528] <... close resumed>) = 0 [pid 528] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 530] <... openat resumed>) = 6 [pid 544] <... ioctl resumed>, 0x200000003380) = 0 [pid 544] eventfd2(118, EFD_SEMAPHORE [pid 530] write(6, "#! ./file1\n", 11 [pid 528] <... openat resumed>) = 6 [pid 544] <... eventfd2 resumed>) = 4 [pid 528] write(6, "#! ./file1\n", 11 [pid 544] ioctl(3, VHOST_SET_VRING_ERR [pid 528] <... write resumed>) = 11 [pid 544] <... ioctl resumed>, 0x2000000001c0) = 0 [ 32.407405][ T524] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 32.438480][ T527] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 528] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 544] ioctl(3, VHOST_SET_VRING_ADDR [pid 528] <... mmap resumed>) = 0x200000000000 [pid 544] <... ioctl resumed>, 0x200000000240) = 0 [pid 530] <... write resumed>) = 11 [pid 527] <... mount resumed>) = 0 [pid 544] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 544] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 544] memfd_create("syzkaller", 0) = 5 [pid 544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 544] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 530] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 544] <... write resumed>) = 1048576 [pid 530] <... mmap resumed>) = 0x200000000000 [pid 544] munmap(0x7f12c0537000, 138412032) = 0 [pid 544] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 544] ioctl(6, LOOP_SET_FD, 5 [pid 527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 527] chdir("./file0") = 0 [pid 527] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 524] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 528] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 528] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 528] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 528] close(3 [pid 544] <... ioctl resumed>) = 0 [pid 524] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 527] <... openat resumed>) = 6 [pid 524] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 527] ioctl(6, LOOP_CLR_FD [pid 524] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 527] <... ioctl resumed>) = 0 [pid 524] close(3 [pid 527] close(6 [pid 544] close(5 [pid 527] <... close resumed>) = 0 [pid 544] <... close resumed>) = 0 [pid 527] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 544] close(6) = 0 [pid 544] mkdir("./file0", 0777) = 0 [pid 527] <... openat resumed>) = 6 [pid 544] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 527] write(6, "#! ./file1\n", 11) = 11 [pid 527] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 528] <... close resumed>) = 0 [pid 528] close(4) = 0 [pid 528] close(5) = 0 [pid 528] close(6) = 0 [pid 528] close(7) = -1 EBADF (Bad file descriptor) [pid 527] <... mmap resumed>) = 0x200000000000 [pid 528] close(8) = -1 EBADF (Bad file descriptor) [ 32.458434][ T528] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 32.489995][ T530] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 528] close(9) = -1 EBADF (Bad file descriptor) [pid 528] close(10) = -1 EBADF (Bad file descriptor) [pid 528] close(11) = -1 EBADF (Bad file descriptor) [pid 528] close(12) = -1 EBADF (Bad file descriptor) [pid 528] close(13) = -1 EBADF (Bad file descriptor) [pid 528] close(14) = -1 EBADF (Bad file descriptor) [pid 528] close(15) = -1 EBADF (Bad file descriptor) [pid 528] close(16) = -1 EBADF (Bad file descriptor) [pid 528] close(17) = -1 EBADF (Bad file descriptor) [pid 528] close(18) = -1 EBADF (Bad file descriptor) [pid 528] close(19) = -1 EBADF (Bad file descriptor) [pid 528] close(20) = -1 EBADF (Bad file descriptor) [pid 528] close(21) = -1 EBADF (Bad file descriptor) [pid 528] close(22) = -1 EBADF (Bad file descriptor) [pid 528] close(23) = -1 EBADF (Bad file descriptor) [pid 528] close(24) = -1 EBADF (Bad file descriptor) [pid 528] close(25) = -1 EBADF (Bad file descriptor) [pid 528] close(26) = -1 EBADF (Bad file descriptor) [pid 528] close(27) = -1 EBADF (Bad file descriptor) [pid 528] close(28) = -1 EBADF (Bad file descriptor) [pid 528] close(29) = -1 EBADF (Bad file descriptor) [pid 528] exit_group(0) = ? [pid 528] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 524] <... close resumed>) = 0 [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 524] close(4 [pid 530] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 524] <... close resumed>) = 0 [pid 530] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 524] close(5 [pid 530] close(3 [pid 524] <... close resumed>) = 0 [pid 524] close(6) = 0 [pid 524] close(7) = -1 EBADF (Bad file descriptor) [pid 524] close(8) = -1 EBADF (Bad file descriptor) [pid 524] close(9) = -1 EBADF (Bad file descriptor) [pid 524] close(10) = -1 EBADF (Bad file descriptor) [pid 524] close(11) = -1 EBADF (Bad file descriptor) [pid 524] close(12) = -1 EBADF (Bad file descriptor) [pid 524] close(13) = -1 EBADF (Bad file descriptor) [pid 524] close(14 [pid 530] <... close resumed>) = 0 [pid 527] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(4 [pid 524] close(15 [pid 530] <... close resumed>) = 0 [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(5 [pid 524] close(16 [pid 530] <... close resumed>) = 0 [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(6 [pid 524] close(17 [pid 530] <... close resumed>) = 0 [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(7 [pid 524] close(18 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(8 [pid 524] close(19 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(9 [pid 524] close(20 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(10 [pid 524] close(21 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(11 [pid 524] close(22 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(12 [pid 524] close(23 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(13 [pid 524] close(24 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(14 [pid 524] close(25 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(15 [pid 524] close(26 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(16 [pid 524] close(27 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(17 [pid 524] close(28 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(18 [pid 524] close(29 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(19 [pid 524] exit_group(0 [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 524] <... exit_group resumed>) = ? [pid 530] close(20 [pid 524] +++ exited with 0 +++ [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- [pid 530] close(21 [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 530] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 530] close(22) = -1 EBADF (Bad file descriptor) [pid 530] close(23) = -1 EBADF (Bad file descriptor) [pid 530] close(24) = -1 EBADF (Bad file descriptor) [pid 530] close(25) = -1 EBADF (Bad file descriptor) [pid 530] close(26) = -1 EBADF (Bad file descriptor) [pid 530] close(27) = -1 EBADF (Bad file descriptor) [pid 530] close(28) = -1 EBADF (Bad file descriptor) [pid 530] close(29) = -1 EBADF (Bad file descriptor) [pid 530] exit_group(0) = ? [pid 530] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 544] <... mount resumed>) = 0 [pid 292] <... restart_syscall resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 292] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 292] newfstatat(3, "", [pid 288] newfstatat(3, "", [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, [pid 288] getdents64(3, [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 527] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 527] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 289] newfstatat(AT_FDCWD, "./10/file0", [pid 527] close(3 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./10/file0") = 0 [pid 289] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./10/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./10") = 0 [pid 289] mkdir("./11", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 544] chdir("./file0") = 0 [pid 544] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 527] <... close resumed>) = 0 [pid 527] close(4) = 0 [pid 527] close(5) = 0 [pid 527] close(6) = 0 [pid 527] close(7) = -1 EBADF (Bad file descriptor) [pid 527] close(8) = -1 EBADF (Bad file descriptor) [pid 527] close(9) = -1 EBADF (Bad file descriptor) [pid 527] close(10) = -1 EBADF (Bad file descriptor) [pid 527] close(11) = -1 EBADF (Bad file descriptor) [pid 527] close(12) = -1 EBADF (Bad file descriptor) [pid 527] close(13) = -1 EBADF (Bad file descriptor) [pid 527] close(14) = -1 EBADF (Bad file descriptor) [pid 527] close(15) = -1 EBADF (Bad file descriptor) [pid 527] close(16) = -1 EBADF (Bad file descriptor) [pid 527] close(17) = -1 EBADF (Bad file descriptor) [pid 527] close(18) = -1 EBADF (Bad file descriptor) [pid 527] close(19) = -1 EBADF (Bad file descriptor) [pid 527] close(20) = -1 EBADF (Bad file descriptor) [pid 527] close(21) = -1 EBADF (Bad file descriptor) [pid 527] close(22) = -1 EBADF (Bad file descriptor) [pid 527] close(23) = -1 EBADF (Bad file descriptor) [pid 527] close(24) = -1 EBADF (Bad file descriptor) [pid 527] close(25) = -1 EBADF (Bad file descriptor) [pid 527] close(26) = -1 EBADF (Bad file descriptor) [pid 527] close(27) = -1 EBADF (Bad file descriptor) [pid 527] close(28) = -1 EBADF (Bad file descriptor) [pid 527] close(29) = -1 EBADF (Bad file descriptor) [pid 527] exit_group(0) = ? [pid 527] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 32.520248][ T527] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 32.551032][ T544] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 293] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./8/file0") = 0 [pid 292] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./8/binderfs") = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./8") = 0 [pid 292] mkdir("./9", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 544] <... openat resumed>) = 6 [pid 289] <... openat resumed>) = 3 [pid 544] ioctl(6, LOOP_CLR_FD [pid 289] ioctl(3, LOOP_CLR_FD [pid 544] <... ioctl resumed>) = 0 [pid 293] <... umount2 resumed>) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... umount2 resumed>) = 0 [pid 544] close(6 [pid 289] close(3 [pid 544] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 544] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 544] <... openat resumed>) = 6 [pid 288] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 544] write(6, "#! ./file1\n", 11 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 13 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 544] <... write resumed>) = 11 [pid 544] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 288] newfstatat(AT_FDCWD, "./10/file0", [pid 292] <... openat resumed>) = 3 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] ioctl(3, LOOP_CLR_FD [pid 288] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] close(3 [pid 288] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 4 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 293] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 11 [pid 288] getdents64(4, [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] newfstatat(AT_FDCWD, "./8/file0", [pid 288] getdents64(4, [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] close(4 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... close resumed>) = 0 [pid 293] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] rmdir("./10/file0" [pid 293] <... openat resumed>) = 4 [pid 288] <... rmdir resumed>) = 0 [pid 293] newfstatat(4, "", [pid 288] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] getdents64(4, [pid 288] newfstatat(AT_FDCWD, "./10/binderfs", [pid 293] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] getdents64(4, [pid 288] unlink("./10/binderfs" [pid 293] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] <... unlink resumed>) = 0 [pid 293] close(4 [pid 288] getdents64(3, [pid 293] <... close resumed>) = 0 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] rmdir("./8/file0" [pid 288] close(3 [pid 293] <... rmdir resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 293] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] rmdir("./10" [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... rmdir resumed>) = 0 [pid 293] newfstatat(AT_FDCWD, "./8/binderfs", [pid 288] mkdir("./11", 0777 [pid 293] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 293] unlink("./8/binderfs" [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 551 attached [pid 293] <... unlink resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 293] getdents64(3, [pid 288] ioctl(3, LOOP_CLR_FD [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 293] close(3 [pid 288] close(3 [pid 293] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 293] rmdir("./8" [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 551] set_robust_list(0x555565cde760, 24 [pid 293] <... rmdir resumed>) = 0 [pid 551] <... set_robust_list resumed>) = 0 [pid 293] mkdir("./9", 0777 [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 13 [pid 293] <... mkdir resumed>) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 551] chdir("./11" [pid 293] <... openat resumed>) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 551] <... chdir resumed>) = 0 [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 11 ./strace-static-x86_64: Process 552 attached [pid 552] set_robust_list(0x555565cde760, 24) = 0 [pid 552] chdir("./9") = 0 [pid 552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 552] setpgid(0, 0) = 0 [pid 552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 553 attached ./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x555565cde760, 24 [pid 553] set_robust_list(0x555565cde760, 24 [pid 554] <... set_robust_list resumed>) = 0 [pid 553] <... set_robust_list resumed>) = 0 [pid 553] chdir("./11" [pid 554] chdir("./9" [pid 552] <... openat resumed>) = 3 [pid 553] <... chdir resumed>) = 0 [pid 554] <... chdir resumed>) = 0 [pid 554] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 553] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 552] write(3, "1000", 4) = 4 [pid 551] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 553] <... prctl resumed>) = 0 [pid 552] close(3 [pid 554] <... prctl resumed>) = 0 [pid 553] setpgid(0, 0 [pid 552] <... close resumed>) = 0 [pid 554] setpgid(0, 0 [pid 552] symlink("/dev/binderfs", "./binderfs" [pid 553] <... setpgid resumed>) = 0 [pid 552] <... symlink resumed>) = 0 [pid 554] <... setpgid resumed>) = 0 [pid 553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 551] <... prctl resumed>) = 0 executing program [pid 554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 551] setpgid(0, 0 [pid 552] write(1, "executing program\n", 18) = 18 [pid 552] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 554] <... openat resumed>) = 3 [pid 551] <... setpgid resumed>) = 0 [pid 553] <... openat resumed>) = 3 [pid 554] write(3, "1000", 4 [pid 553] write(3, "1000", 4 [pid 551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 554] <... write resumed>) = 4 [pid 553] <... write resumed>) = 4 [pid 554] close(3 [pid 553] close(3 [pid 552] <... openat resumed>) = 3 [pid 554] <... close resumed>) = 0 [pid 553] <... close resumed>) = 0 [pid 553] symlink("/dev/binderfs", "./binderfs" [pid 552] ioctl(3, VHOST_SET_OWNER [pid 554] symlink("/dev/binderfs", "./binderfs" [pid 553] <... symlink resumed>) = 0 [pid 554] <... symlink resumed>) = 0 [pid 554] write(1, "executing program\n", 18 [pid 553] write(1, "executing program\n", 18 [pid 551] <... openat resumed>) = 3 [pid 544] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- executing program executing program [pid 551] write(3, "1000", 4 [pid 554] <... write resumed>) = 18 [pid 553] <... write resumed>) = 18 [pid 551] <... write resumed>) = 4 [pid 544] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 551] close(3 [pid 544] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 551] <... close resumed>) = 0 [pid 544] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 551] symlink("/dev/binderfs", "./binderfs" [pid 544] close(3 [pid 554] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 553] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 551] <... symlink resumed>) = 0 executing program [pid 554] <... openat resumed>) = 3 [pid 553] <... openat resumed>) = 3 [pid 551] write(1, "executing program\n", 18 [pid 554] ioctl(3, VHOST_SET_OWNER [pid 553] ioctl(3, VHOST_SET_OWNER [pid 551] <... write resumed>) = 18 [pid 551] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 554] <... ioctl resumed>, 0) = 0 [pid 554] ioctl(3, VHOST_SET_VRING_ADDR [pid 551] <... openat resumed>) = 3 [pid 554] <... ioctl resumed>, 0x200000000300) = 0 [pid 551] ioctl(3, VHOST_SET_OWNER [pid 554] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 554] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 554] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 554] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 554] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 554] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 554] memfd_create("syzkaller", 0) = 5 [pid 554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 554] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 551] <... ioctl resumed>, 0) = 0 [pid 551] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 551] ioctl(3, VHOST_SET_MEM_TABLE [pid 544] <... close resumed>) = 0 [pid 544] close(4) = 0 [pid 544] close(5) = 0 [pid 544] close(6) = 0 [pid 544] close(7) = -1 EBADF (Bad file descriptor) [pid 544] close(8) = -1 EBADF (Bad file descriptor) [pid 544] close(9) = -1 EBADF (Bad file descriptor) [pid 544] close(10) = -1 EBADF (Bad file descriptor) [pid 544] close(11) = -1 EBADF (Bad file descriptor) [pid 544] close(12) = -1 EBADF (Bad file descriptor) [pid 544] close(13) = -1 EBADF (Bad file descriptor) [pid 544] close(14) = -1 EBADF (Bad file descriptor) [pid 544] close(15) = -1 EBADF (Bad file descriptor) [pid 544] close(16) = -1 EBADF (Bad file descriptor) [pid 544] close(17) = -1 EBADF (Bad file descriptor) [pid 544] close(18) = -1 EBADF (Bad file descriptor) [pid 544] close(19) = -1 EBADF (Bad file descriptor) [pid 544] close(20) = -1 EBADF (Bad file descriptor) [pid 544] close(21) = -1 EBADF (Bad file descriptor) [pid 544] close(22 [pid 551] <... ioctl resumed>, 0x200000003380) = 0 [pid 544] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 551] eventfd2(118, EFD_SEMAPHORE [pid 544] close(23 [pid 551] <... eventfd2 resumed>) = 4 [pid 544] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 551] ioctl(3, VHOST_SET_VRING_ERR [pid 544] close(24 [pid 551] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 544] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 551] ioctl(3, VHOST_SET_VRING_ADDR [pid 544] close(25 [pid 551] <... ioctl resumed>, 0x200000000240) = 0 [pid 544] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 551] ioctl(3, VHOST_SET_VRING_KICK [pid 544] close(26 [pid 551] <... ioctl resumed>, 0x200000000000) = 0 [pid 544] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 551] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 544] close(27 [pid 551] <... ioctl resumed>, 0x200000000140) = 0 [pid 544] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 551] memfd_create("syzkaller", 0 [pid 544] close(28 [pid 551] <... memfd_create resumed>) = 5 [pid 544] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 544] close(29 [pid 551] <... mmap resumed>) = 0x7f12c0537000 [pid 544] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 551] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 544] exit_group(0) = ? [pid 544] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 554] <... write resumed>) = 1048576 [pid 554] munmap(0x7f12c0537000, 138412032) = 0 [pid 554] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 554] ioctl(6, LOOP_SET_FD, 5 [pid 551] <... write resumed>) = 1048576 [pid 553] <... ioctl resumed>, 0) = 0 [pid 553] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 553] ioctl(3, VHOST_SET_MEM_TABLE [pid 554] <... ioctl resumed>) = 0 [pid 554] close(5) = 0 [pid 554] close(6 [pid 294] <... restart_syscall resumed>) = 0 [pid 294] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 553] <... ioctl resumed>, 0x200000003380) = 0 [pid 551] munmap(0x7f12c0537000, 138412032 [pid 553] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 553] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 553] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 553] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 553] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 553] memfd_create("syzkaller", 0) = 5 [pid 552] <... ioctl resumed>, 0) = 0 [pid 553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 552] ioctl(3, VHOST_SET_VRING_ADDR [pid 553] <... mmap resumed>) = 0x7f12c0537000 [pid 552] <... ioctl resumed>, 0x200000000300) = 0 [pid 552] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 552] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 551] <... munmap resumed>) = 0 [pid 552] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 552] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 552] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 552] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 551] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 552] <... ioctl resumed>, 0x200000000140) = 0 [ 32.725895][ T546] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-544: bg 0: block 234: padding at end of block bitmap is not set [pid 552] memfd_create("syzkaller", 0) = 5 [pid 552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 554] <... close resumed>) = 0 [pid 554] mkdir("./file0", 0777) = 0 [pid 554] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 552] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 553] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 553] munmap(0x7f12c0537000, 138412032) = 0 [pid 552] <... write resumed>) = 1048576 [pid 553] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 552] munmap(0x7f12c0537000, 138412032) = 0 [pid 552] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 551] <... openat resumed>) = 6 [pid 551] ioctl(6, LOOP_SET_FD, 5 [pid 553] <... openat resumed>) = 6 [pid 552] <... openat resumed>) = 6 [pid 294] <... umount2 resumed>) = 0 [pid 552] ioctl(6, LOOP_SET_FD, 5 [pid 553] ioctl(6, LOOP_SET_FD, 5 [pid 294] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 551] <... ioctl resumed>) = 0 [pid 551] close(5) = 0 [pid 551] close(6 [pid 294] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 552] <... ioctl resumed>) = 0 [pid 552] close(5) = 0 [pid 294] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 552] close(6 [pid 294] <... openat resumed>) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./9/file0") = 0 [pid 294] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./9/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./9") = 0 [pid 294] mkdir("./10", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 553] <... ioctl resumed>) = 0 [pid 553] close(5) = 0 [pid 553] close(6 [pid 554] <... mount resumed>) = 0 [pid 554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 554] chdir("./file0") = 0 [pid 554] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 551] <... close resumed>) = 0 [pid 551] mkdir("./file0", 0777) = 0 [ 32.923444][ T554] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 551] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 552] <... close resumed>) = 0 [pid 294] <... openat resumed>) = 3 [pid 552] mkdir("./file0", 0777 [pid 294] ioctl(3, LOOP_CLR_FD [pid 552] <... mkdir resumed>) = 0 [pid 552] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 553] <... close resumed>) = 0 [pid 554] <... openat resumed>) = 6 [pid 553] mkdir("./file0", 0777 [pid 554] ioctl(6, LOOP_CLR_FD [pid 553] <... mkdir resumed>) = 0 [pid 553] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 554] <... ioctl resumed>) = 0 [pid 294] close(3 [pid 554] close(6 [pid 294] <... close resumed>) = 0 [pid 554] <... close resumed>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 554] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 554] write(6, "#! ./file1\n", 11) = 11 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 12 [pid 554] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 executing program ./strace-static-x86_64: Process 565 attached [pid 565] set_robust_list(0x555565cde760, 24) = 0 [pid 565] chdir("./10") = 0 [pid 565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 565] setpgid(0, 0) = 0 [pid 565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 565] write(3, "1000", 4) = 4 [pid 565] close(3) = 0 [pid 565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 565] write(1, "executing program\n", 18) = 18 [pid 565] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 565] ioctl(3, VHOST_SET_OWNER [pid 551] <... mount resumed>) = 0 [pid 551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 551] chdir("./file0") = 0 [pid 551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 551] ioctl(6, LOOP_CLR_FD) = 0 [pid 551] close(6) = 0 [pid 551] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 551] write(6, "#! ./file1\n", 11) = 11 [pid 551] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.141336][ T556] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm vhost-554: bg 0: block 234: padding at end of block bitmap is not set [ 33.159056][ T551] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 554] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 565] <... ioctl resumed>, 0) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 565] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 565] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 565] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 565] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 565] memfd_create("syzkaller", 0) = 5 [pid 565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 565] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 554] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 554] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 554] close(3 [pid 565] munmap(0x7f12c0537000, 138412032) = 0 [pid 565] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 565] ioctl(6, LOOP_SET_FD, 5 [pid 553] <... mount resumed>) = 0 [pid 553] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 553] chdir("./file0") = 0 [pid 553] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 554] <... close resumed>) = 0 [pid 554] close(4 [pid 551] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 551] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 551] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 551] close(3) = 0 [pid 551] close(4) = 0 [pid 551] close(5 [pid 554] <... close resumed>) = 0 [pid 551] <... close resumed>) = 0 [pid 551] close(6) = 0 [pid 551] close(7) = -1 EBADF (Bad file descriptor) [pid 551] close(8) = -1 EBADF (Bad file descriptor) [pid 551] close(9) = -1 EBADF (Bad file descriptor) [pid 551] close(10) = -1 EBADF (Bad file descriptor) [pid 551] close(11) = -1 EBADF (Bad file descriptor) [pid 551] close(12) = -1 EBADF (Bad file descriptor) [pid 551] close(13) = -1 EBADF (Bad file descriptor) [pid 551] close(14) = -1 EBADF (Bad file descriptor) [pid 551] close(15) = -1 EBADF (Bad file descriptor) [pid 551] close(16) = -1 EBADF (Bad file descriptor) [pid 551] close(17) = -1 EBADF (Bad file descriptor) [pid 551] close(18) = -1 EBADF (Bad file descriptor) [pid 551] close(19) = -1 EBADF (Bad file descriptor) [pid 551] close(20) = -1 EBADF (Bad file descriptor) [pid 551] close(21) = -1 EBADF (Bad file descriptor) [pid 551] close(22) = -1 EBADF (Bad file descriptor) [pid 551] close(23) = -1 EBADF (Bad file descriptor) [pid 551] close(24) = -1 EBADF (Bad file descriptor) [pid 551] close(25) = -1 EBADF (Bad file descriptor) [pid 551] close(26) = -1 EBADF (Bad file descriptor) [pid 551] close(27) = -1 EBADF (Bad file descriptor) [pid 551] close(28) = -1 EBADF (Bad file descriptor) [pid 551] close(29) = -1 EBADF (Bad file descriptor) [pid 551] exit_group(0 [pid 554] close(5 [pid 551] <... exit_group resumed>) = ? [pid 554] <... close resumed>) = 0 [pid 551] +++ exited with 0 +++ [pid 554] close(6 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 554] <... close resumed>) = 0 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 554] close(7) = -1 EBADF (Bad file descriptor) [pid 554] close(8) = -1 EBADF (Bad file descriptor) [pid 554] close(9) = -1 EBADF (Bad file descriptor) [pid 554] close(10) = -1 EBADF (Bad file descriptor) [pid 554] close(11) = -1 EBADF (Bad file descriptor) [pid 554] close(12) = -1 EBADF (Bad file descriptor) [ 33.178224][ T558] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-551: bg 0: block 234: padding at end of block bitmap is not set [ 33.181183][ T552] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 33.194060][ T553] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 554] close(13 [pid 565] <... ioctl resumed>) = 0 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 565] close(5 [pid 554] close(14 [pid 565] <... close resumed>) = 0 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 565] close(6 [pid 554] close(15 [pid 565] <... close resumed>) = 0 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 565] mkdir("./file0", 0777 [pid 554] close(16 [pid 565] <... mkdir resumed>) = 0 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 565] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 554] close(17) = -1 EBADF (Bad file descriptor) [pid 554] close(18 [pid 553] <... openat resumed>) = 6 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 554] close(19 [pid 553] ioctl(6, LOOP_CLR_FD) = 0 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 554] close(20 [pid 553] close(6 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 554] close(21 [pid 553] <... close resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 553] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 554] close(22) = -1 EBADF (Bad file descriptor) [pid 554] close(23 [pid 553] <... openat resumed>) = 6 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 553] write(6, "#! ./file1\n", 11 [pid 554] close(24) = -1 EBADF (Bad file descriptor) [pid 554] close(25) = -1 EBADF (Bad file descriptor) [pid 553] <... write resumed>) = 11 [pid 554] close(26 [pid 553] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 554] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 554] close(27) = -1 EBADF (Bad file descriptor) [pid 554] close(28) = -1 EBADF (Bad file descriptor) [pid 554] close(29) = -1 EBADF (Bad file descriptor) [pid 554] exit_group(0 [pid 553] <... mmap resumed>) = 0x200000000000 [pid 554] <... exit_group resumed>) = ? [pid 554] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 293] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 293] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 552] <... mount resumed>) = 0 [pid 552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 552] chdir("./file0") = 0 [pid 552] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 565] <... mount resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 289] newfstatat(AT_FDCWD, "./11/file0", [pid 565] <... openat resumed>) = 5 [pid 553] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 565] chdir("./file0" [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 565] <... chdir resumed>) = 0 [pid 289] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 565] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./11/file0") = 0 [pid 289] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./11/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./11") = 0 [pid 289] mkdir("./12", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 552] <... openat resumed>) = 6 [pid 553] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 553] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 553] close(3) = 0 [pid 553] close(4) = 0 [pid 553] close(5) = 0 [pid 553] close(6) = 0 [pid 553] close(7) = -1 EBADF (Bad file descriptor) [pid 553] close(8) = -1 EBADF (Bad file descriptor) [pid 553] close(9) = -1 EBADF (Bad file descriptor) [pid 553] close(10) = -1 EBADF (Bad file descriptor) [pid 553] close(11) = -1 EBADF (Bad file descriptor) [pid 553] close(12) = -1 EBADF (Bad file descriptor) [pid 553] close(13) = -1 EBADF (Bad file descriptor) [pid 553] close(14) = -1 EBADF (Bad file descriptor) [pid 553] close(15 [pid 565] <... openat resumed>) = 6 [pid 289] <... openat resumed>) = 3 [pid 565] ioctl(6, LOOP_CLR_FD [ 33.283518][ T553] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 33.311103][ T565] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 552] ioctl(6, LOOP_CLR_FD [pid 553] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 553] close(16) = -1 EBADF (Bad file descriptor) [pid 553] close(17) = -1 EBADF (Bad file descriptor) [pid 553] close(18) = -1 EBADF (Bad file descriptor) [pid 553] close(19) = -1 EBADF (Bad file descriptor) [pid 553] close(20) = -1 EBADF (Bad file descriptor) [pid 553] close(21) = -1 EBADF (Bad file descriptor) [pid 553] close(22) = -1 EBADF (Bad file descriptor) [pid 553] close(23) = -1 EBADF (Bad file descriptor) [pid 553] close(24) = -1 EBADF (Bad file descriptor) [pid 553] close(25 [pid 293] <... umount2 resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 553] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 553] close(26) = -1 EBADF (Bad file descriptor) [pid 553] close(27) = -1 EBADF (Bad file descriptor) [pid 553] close(28) = -1 EBADF (Bad file descriptor) [pid 553] close(29) = -1 EBADF (Bad file descriptor) [pid 553] exit_group(0) = ? [pid 553] +++ exited with 0 +++ [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 565] <... ioctl resumed>) = 0 [pid 552] <... ioctl resumed>) = 0 [pid 289] close(3 [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 565] close(6 [pid 552] close(6 [pid 289] <... close resumed>) = 0 [pid 565] <... close resumed>) = 0 [pid 552] <... close resumed>) = 0 [pid 565] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 552] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 565] <... openat resumed>) = 6 [pid 552] <... openat resumed>) = 6 [pid 565] write(6, "#! ./file1\n", 11 [pid 552] write(6, "#! ./file1\n", 11 [pid 293] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 14 [pid 288] <... openat resumed>) = 3 [pid 288] newfstatat(3, "", [pid 565] <... write resumed>) = 11 [pid 552] <... write resumed>) = 11 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 565] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 552] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] getdents64(3, [pid 565] <... mmap resumed>) = 0x200000000000 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 552] <... mmap resumed>) = 0x200000000000 [pid 288] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 576 attached [pid 293] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 576] set_robust_list(0x555565cde760, 24 [pid 293] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 576] <... set_robust_list resumed>) = 0 [pid 552] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 293] <... openat resumed>) = 4 [pid 293] newfstatat(4, "", [pid 576] chdir("./12" [pid 552] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 576] <... chdir resumed>) = 0 [pid 552] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 293] getdents64(4, [pid 576] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 552] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 293] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 576] <... prctl resumed>) = 0 [pid 552] close(3 [pid 293] getdents64(4, [pid 576] setpgid(0, 0 [pid 293] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 576] <... setpgid resumed>) = 0 [pid 293] close(4) = 0 [pid 576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] rmdir("./9/file0") = 0 [pid 576] <... openat resumed>) = 3 [pid 293] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 576] write(3, "1000", 4 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 576] <... write resumed>) = 4 [pid 293] newfstatat(AT_FDCWD, "./9/binderfs", [pid 576] close(3 [pid 293] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 576] <... close resumed>) = 0 [pid 293] unlink("./9/binderfs" [pid 576] symlink("/dev/binderfs", "./binderfs" [pid 293] <... unlink resumed>) = 0 [pid 576] <... symlink resumed>) = 0 [pid 293] getdents64(3, [pid 576] write(1, "executing program\n", 18 [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 executing program [pid 576] <... write resumed>) = 18 [pid 293] close(3 [pid 576] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 293] <... close resumed>) = 0 [pid 576] <... openat resumed>) = 3 [pid 293] rmdir("./9" [pid 576] ioctl(3, VHOST_SET_OWNER [pid 293] <... rmdir resumed>) = 0 [pid 293] mkdir("./10", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 552] <... close resumed>) = 0 [pid 576] <... ioctl resumed>, 0) = 0 [pid 552] close(4 [pid 576] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 552] <... close resumed>) = 0 [pid 576] ioctl(3, VHOST_SET_MEM_TABLE [pid 552] close(5) = 0 [pid 552] close(6) = 0 [pid 552] close(7) = -1 EBADF (Bad file descriptor) [pid 552] close(8) = -1 EBADF (Bad file descriptor) [pid 576] <... ioctl resumed>, 0x200000003380) = 0 [pid 552] close(9 [ 33.378922][ T565] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 33.379325][ T555] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-552: bg 0: block 234: padding at end of block bitmap is not set [pid 576] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 552] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] ioctl(3, VHOST_SET_VRING_ERR [pid 552] close(10 [pid 576] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 552] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] ioctl(3, VHOST_SET_VRING_ADDR [pid 552] close(11 [pid 576] <... ioctl resumed>, 0x200000000240) = 0 [pid 552] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] ioctl(3, VHOST_SET_VRING_KICK [pid 552] close(12 [pid 576] <... ioctl resumed>, 0x200000000000) = 0 [pid 552] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 552] close(13 [pid 576] <... ioctl resumed>, 0x200000000140) = 0 [pid 552] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] memfd_create("syzkaller", 0 [pid 552] close(14 [pid 576] <... memfd_create resumed>) = 5 [pid 552] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 552] close(15 [pid 576] <... mmap resumed>) = 0x7f12c0537000 [pid 552] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 565] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 552] close(16) = -1 EBADF (Bad file descriptor) [pid 552] close(17) = -1 EBADF (Bad file descriptor) [pid 552] close(18) = -1 EBADF (Bad file descriptor) [pid 552] close(19) = -1 EBADF (Bad file descriptor) [pid 552] close(20) = -1 EBADF (Bad file descriptor) [pid 552] close(21) = -1 EBADF (Bad file descriptor) [pid 552] close(22) = -1 EBADF (Bad file descriptor) [pid 552] close(23) = -1 EBADF (Bad file descriptor) [pid 552] close(24) = -1 EBADF (Bad file descriptor) [pid 552] close(25) = -1 EBADF (Bad file descriptor) [pid 552] close(26) = -1 EBADF (Bad file descriptor) [pid 552] close(27) = -1 EBADF (Bad file descriptor) [pid 552] close(28) = -1 EBADF (Bad file descriptor) [pid 552] close(29) = -1 EBADF (Bad file descriptor) [pid 552] exit_group(0) = ? [pid 552] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 576] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 565] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 565] close(3 [pid 292] <... restart_syscall resumed>) = 0 [pid 292] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 576] <... write resumed>) = 1048576 [ 33.422358][ T565] EXT4-fs error (device loop1): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor126: lblock 0 mapped to illegal pblock 62218 (length 1) [ 33.422699][ T569] EXT4-fs error (device loop1): ext4_map_blocks:630: inode #18: block 62218: comm vhost-565: lblock 0 mapped to illegal pblock 62218 (length 1) [ 33.454474][ T569] EXT4-fs error (device loop1): ext4_map_blocks:630: inode #18: block 62218: comm vhost-565: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 576] munmap(0x7f12c0537000, 138412032 [pid 293] <... openat resumed>) = 3 [pid 288] <... umount2 resumed>) = 0 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 12 [pid 288] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./11/file0") = 0 [pid 288] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./11/binderfs") = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./11") = 0 [pid 288] mkdir("./12", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 14 [pid 576] <... munmap resumed>) = 0 [pid 576] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 578 attached [pid 578] set_robust_list(0x555565cde760, 24) = 0 [pid 578] chdir("./10") = 0 [pid 578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 578] setpgid(0, 0) = 0 [pid 578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 578] write(3, "1000", 4) = 4 [pid 578] close(3) = 0 [pid 578] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 578] write(1, "executing program\n", 18) = 18 [pid 578] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 578] ioctl(3, VHOST_SET_OWNER [pid 565] <... close resumed>) = 0 [pid 565] close(4) = 0 [pid 565] close(5) = 0 [pid 565] close(6) = 0 [pid 565] close(7) = -1 EBADF (Bad file descriptor) [pid 565] close(8) = -1 EBADF (Bad file descriptor) [pid 565] close(9) = -1 EBADF (Bad file descriptor) [pid 565] close(10) = -1 EBADF (Bad file descriptor) [pid 565] close(11) = -1 EBADF (Bad file descriptor) [pid 565] close(12) = -1 EBADF (Bad file descriptor) [pid 565] close(13) = -1 EBADF (Bad file descriptor) [pid 565] close(14) = -1 EBADF (Bad file descriptor) [pid 565] close(15) = -1 EBADF (Bad file descriptor) [pid 565] close(16) = -1 EBADF (Bad file descriptor) [pid 565] close(17) = -1 EBADF (Bad file descriptor) [pid 565] close(18) = -1 EBADF (Bad file descriptor) [pid 565] close(19) = -1 EBADF (Bad file descriptor) [pid 565] close(20) = -1 EBADF (Bad file descriptor) [pid 565] close(21) = -1 EBADF (Bad file descriptor) [pid 565] close(22) = -1 EBADF (Bad file descriptor) [pid 565] close(23) = -1 EBADF (Bad file descriptor) [pid 565] close(24) = -1 EBADF (Bad file descriptor) [pid 565] close(25) = -1 EBADF (Bad file descriptor) [pid 565] close(26) = -1 EBADF (Bad file descriptor) [pid 565] close(27) = -1 EBADF (Bad file descriptor) [pid 565] close(28) = -1 EBADF (Bad file descriptor) [pid 565] close(29) = -1 EBADF (Bad file descriptor) [pid 565] exit_group(0) = ? [pid 565] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x555565cde760, 24) = 0 [pid 579] chdir("./12") = 0 [pid 579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 579] setpgid(0, 0) = 0 [pid 579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 579] write(3, "1000", 4) = 4 [pid 579] close(3) = 0 [pid 579] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 579] write(1, "executing program\n", 18) = 18 [pid 579] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 579] ioctl(3, VHOST_SET_OWNER [pid 578] <... ioctl resumed>, 0) = 0 [pid 578] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 578] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 578] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 578] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 578] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 578] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 578] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 578] memfd_create("syzkaller", 0) = 5 [pid 578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 294] <... restart_syscall resumed>) = 0 [pid 294] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 578] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 578] munmap(0x7f12c0537000, 138412032 [pid 579] <... ioctl resumed>, 0) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 579] ioctl(3, VHOST_SET_MEM_TABLE [pid 578] <... munmap resumed>) = 0 [pid 578] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 579] <... ioctl resumed>, 0x200000003380) = 0 [pid 579] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 579] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 579] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 579] memfd_create("syzkaller", 0) = 5 [pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 579] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 292] <... umount2 resumed>) = 0 [pid 579] <... write resumed>) = 1048576 [pid 576] <... openat resumed>) = 6 [pid 579] munmap(0x7f12c0537000, 138412032 [pid 576] ioctl(6, LOOP_SET_FD, 5 [pid 579] <... munmap resumed>) = 0 [pid 579] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 292] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./9/file0") = 0 [pid 292] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./9/binderfs") = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./9") = 0 [pid 292] mkdir("./10", 0777) = 0 [ 33.470353][ T569] EXT4-fs error (device loop1): ext4_map_blocks:630: inode #18: block 62218: comm vhost-565: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 578] <... openat resumed>) = 6 [pid 578] ioctl(6, LOOP_SET_FD, 5 [pid 579] <... openat resumed>) = 6 [pid 576] <... ioctl resumed>) = 0 [pid 579] ioctl(6, LOOP_SET_FD, 5 [pid 292] <... openat resumed>) = 3 [pid 576] close(5) = 0 [pid 576] close(6 [pid 292] ioctl(3, LOOP_CLR_FD [pid 579] <... ioctl resumed>) = 0 [pid 294] <... umount2 resumed>) = 0 [pid 579] close(5) = 0 [pid 579] close(6 [pid 294] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./10/file0") = 0 [pid 294] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./10/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./10") = 0 [pid 294] mkdir("./11", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 578] <... ioctl resumed>) = 0 [pid 576] <... close resumed>) = 0 [pid 576] mkdir("./file0", 0777 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 578] close(5 [pid 576] <... mkdir resumed>) = 0 [pid 578] <... close resumed>) = 0 [pid 576] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 578] close(6 [pid 292] close(3 [pid 579] <... close resumed>) = 0 [pid 579] mkdir("./file0", 0777) = 0 [pid 579] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 578] <... close resumed>) = 0 [pid 292] <... close resumed>) = 0 [pid 578] mkdir("./file0", 0777) = 0 [pid 578] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 12 ./strace-static-x86_64: Process 585 attached [pid 585] set_robust_list(0x555565cde760, 24) = 0 [pid 585] chdir("./10") = 0 [pid 585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 585] setpgid(0, 0) = 0 [pid 585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 585] write(3, "1000", 4) = 4 [pid 585] close(3) = 0 [pid 585] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 585] write(1, "executing program\n", 18) = 18 [pid 585] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 585] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 585] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 585] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 585] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 585] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 585] memfd_create("syzkaller", 0) = 5 [pid 585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 585] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 585] munmap(0x7f12c0537000, 138412032 [pid 294] <... openat resumed>) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 13 ./strace-static-x86_64: Process 587 attached [pid 587] set_robust_list(0x555565cde760, 24) = 0 [pid 587] chdir("./11") = 0 [pid 587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 587] setpgid(0, 0) = 0 [pid 587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 587] write(3, "1000", 4) = 4 [pid 587] close(3) = 0 [pid 587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 587] write(1, "executing program\n", 18executing program ) = 18 [pid 587] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 587] ioctl(3, VHOST_SET_OWNER [pid 585] <... munmap resumed>) = 0 [pid 585] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_SET_FD, 5 [pid 576] <... mount resumed>) = 0 [pid 576] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 576] chdir("./file0") = 0 [pid 576] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 587] <... ioctl resumed>, 0) = 0 [pid 587] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 587] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 587] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 587] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 587] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 587] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 587] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 587] memfd_create("syzkaller", 0) = 5 [pid 587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 587] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 587] munmap(0x7f12c0537000, 138412032) = 0 [pid 587] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 585] <... ioctl resumed>) = 0 [pid 579] <... mount resumed>) = 0 [pid 578] <... mount resumed>) = 0 [pid 587] <... openat resumed>) = 6 [pid 579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 578] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 576] <... openat resumed>) = 6 [pid 587] ioctl(6, LOOP_SET_FD, 5 [pid 585] close(5 [pid 576] ioctl(6, LOOP_CLR_FD [pid 585] <... close resumed>) = 0 [pid 585] close(6 [pid 578] <... openat resumed>) = 5 [pid 579] <... openat resumed>) = 5 [pid 579] chdir("./file0" [pid 578] chdir("./file0" [pid 579] <... chdir resumed>) = 0 [pid 578] <... chdir resumed>) = 0 [pid 579] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 578] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 587] <... ioctl resumed>) = 0 [pid 587] close(5) = 0 [pid 587] close(6 [pid 578] <... openat resumed>) = 6 [pid 576] <... ioctl resumed>) = 0 [pid 576] close(6 [ 33.772586][ T576] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 33.791438][ T579] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 33.801003][ T578] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 578] ioctl(6, LOOP_CLR_FD [pid 585] <... close resumed>) = 0 [pid 579] <... openat resumed>) = 6 [pid 585] mkdir("./file0", 0777) = 0 [pid 585] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 579] ioctl(6, LOOP_CLR_FD [pid 587] <... close resumed>) = 0 [pid 578] <... ioctl resumed>) = 0 [pid 576] <... close resumed>) = 0 [pid 576] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 576] write(6, "#! ./file1\n", 11) = 11 [pid 576] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 587] mkdir("./file0", 0777 [pid 579] <... ioctl resumed>) = 0 [pid 578] close(6 [pid 579] close(6 [pid 578] <... close resumed>) = 0 [pid 587] <... mkdir resumed>) = 0 [pid 579] <... close resumed>) = 0 [pid 578] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 587] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 579] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 578] <... openat resumed>) = 6 [pid 579] write(6, "#! ./file1\n", 11 [pid 578] write(6, "#! ./file1\n", 11 [pid 579] <... write resumed>) = 11 [pid 579] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 578] <... write resumed>) = 11 [pid 579] <... mmap resumed>) = 0x200000000000 [pid 578] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.941131][ T576] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 33.959856][ T579] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 33.975282][ T578] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 587] <... mount resumed>) = 0 [pid 587] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 587] chdir("./file0") = 0 [pid 587] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 587] ioctl(6, LOOP_CLR_FD) = 0 [pid 587] close(6) = 0 [pid 587] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 587] write(6, "#! ./file1\n", 11) = 11 [ 34.009697][ T587] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 34.036858][ T585] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 587] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 576] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 587] <... mmap resumed>) = 0x200000000000 [pid 585] <... mount resumed>) = 0 [pid 579] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 576] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 587] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 576] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 587] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 585] <... openat resumed>) = 5 [pid 587] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 576] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 585] chdir("./file0" [pid 587] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(3 [pid 587] close(3 [pid 585] <... chdir resumed>) = 0 [pid 576] <... close resumed>) = 0 [pid 585] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 587] <... close resumed>) = 0 [pid 587] close(4 [pid 576] close(4 [pid 587] <... close resumed>) = 0 [pid 576] <... close resumed>) = 0 [pid 587] close(5) = 0 [pid 576] close(5 [pid 585] <... openat resumed>) = 6 [pid 587] close(6 [pid 585] ioctl(6, LOOP_CLR_FD [pid 576] <... close resumed>) = 0 [pid 587] <... close resumed>) = 0 [pid 576] close(6 [pid 585] <... ioctl resumed>) = 0 [pid 587] close(7 [pid 576] <... close resumed>) = 0 [pid 585] close(6 [pid 587] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(7 [pid 587] close(8) = -1 EBADF (Bad file descriptor) [pid 587] close(9) = -1 EBADF (Bad file descriptor) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 587] close(10 [pid 576] close(8 [pid 585] <... close resumed>) = 0 [pid 587] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 585] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 587] close(11) = -1 EBADF (Bad file descriptor) [pid 576] close(9 [pid 587] close(12) = -1 EBADF (Bad file descriptor) [pid 587] close(13) = -1 EBADF (Bad file descriptor) [pid 587] close(14) = -1 EBADF (Bad file descriptor) [pid 587] close(15) = -1 EBADF (Bad file descriptor) [pid 587] close(16) = -1 EBADF (Bad file descriptor) [pid 587] close(17) = -1 EBADF (Bad file descriptor) [pid 587] close(18) = -1 EBADF (Bad file descriptor) [pid 587] close(19) = -1 EBADF (Bad file descriptor) [pid 585] <... openat resumed>) = 6 [pid 587] close(20 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 587] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 587] close(21) = -1 EBADF (Bad file descriptor) [pid 587] close(22) = -1 EBADF (Bad file descriptor) [pid 587] close(23) = -1 EBADF (Bad file descriptor) [pid 587] close(24) = -1 EBADF (Bad file descriptor) [pid 587] close(25) = -1 EBADF (Bad file descriptor) [pid 587] close(26) = -1 EBADF (Bad file descriptor) [pid 587] close(27) = -1 EBADF (Bad file descriptor) [pid 587] close(28) = -1 EBADF (Bad file descriptor) [pid 587] close(29) = -1 EBADF (Bad file descriptor) [pid 587] exit_group(0) = ? [pid 587] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 576] close(10 [pid 585] write(6, "#! ./file1\n", 11 [pid 294] <... restart_syscall resumed>) = 0 [pid 294] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 585] <... write resumed>) = 11 [pid 576] close(11 [pid 585] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 578] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 585] <... mmap resumed>) = 0x200000000000 [ 34.067070][ T591] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-587: bg 0: block 234: padding at end of block bitmap is not set [pid 579] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 578] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 576] close(12 [pid 579] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 578] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(13 [pid 579] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 578] close(3 [pid 579] close(3 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] close(14) = -1 EBADF (Bad file descriptor) [pid 576] close(15) = -1 EBADF (Bad file descriptor) [pid 576] close(16 [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 576] close(17 [pid 585] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 585] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 579] <... close resumed>) = 0 [pid 576] close(18 [pid 585] close(3 [pid 579] close(4 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] <... close resumed>) = 0 [pid 576] close(19 [pid 579] close(5 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 585] <... close resumed>) = 0 [pid 579] <... close resumed>) = 0 [pid 576] close(20 [pid 585] close(4 [pid 579] close(6 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 585] <... close resumed>) = 0 [pid 579] <... close resumed>) = 0 [pid 576] close(21 [pid 585] close(5) = 0 [pid 585] close(6) = 0 [pid 585] close(7) = -1 EBADF (Bad file descriptor) [pid 585] close(8) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = 0 [pid 585] close(9 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(7 [pid 578] close(4 [pid 576] close(22 [pid 585] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 585] close(10) = -1 EBADF (Bad file descriptor) [pid 585] close(11) = -1 EBADF (Bad file descriptor) [pid 585] close(12) = -1 EBADF (Bad file descriptor) [pid 585] close(13) = -1 EBADF (Bad file descriptor) [pid 585] close(14) = -1 EBADF (Bad file descriptor) [pid 585] close(15) = -1 EBADF (Bad file descriptor) [pid 585] close(16) = -1 EBADF (Bad file descriptor) [pid 585] close(17) = -1 EBADF (Bad file descriptor) [pid 585] close(18) = -1 EBADF (Bad file descriptor) [pid 585] close(19) = -1 EBADF (Bad file descriptor) [pid 585] close(20) = -1 EBADF (Bad file descriptor) [pid 585] close(21) = -1 EBADF (Bad file descriptor) [pid 585] close(22) = -1 EBADF (Bad file descriptor) [pid 585] close(23) = -1 EBADF (Bad file descriptor) [pid 585] close(24) = -1 EBADF (Bad file descriptor) [pid 585] close(25) = -1 EBADF (Bad file descriptor) [pid 585] close(26) = -1 EBADF (Bad file descriptor) [pid 585] close(27) = -1 EBADF (Bad file descriptor) [pid 585] close(28) = -1 EBADF (Bad file descriptor) [pid 585] close(29) = -1 EBADF (Bad file descriptor) [pid 585] exit_group(0 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = 0 [pid 585] <... exit_group resumed>) = ? [pid 579] close(8 [pid 578] close(5 [pid 576] close(23 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = 0 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(9 [pid 585] +++ exited with 0 +++ [pid 578] close(6 [pid 576] close(24 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = 0 [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 579] close(10 [pid 578] close(7 [pid 576] close(25 [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(11 [pid 578] close(8 [pid 576] close(26 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(12 [pid 578] close(9 [pid 576] close(27 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(13 [pid 578] close(10 [pid 576] close(28 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(14 [pid 578] close(11 [pid 576] close(29 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(15 [pid 578] close(12 [pid 576] exit_group(0 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 576] <... exit_group resumed>) = ? [pid 579] close(16 [pid 578] close(13) = -1 EBADF (Bad file descriptor) [pid 578] close(14) = -1 EBADF (Bad file descriptor) [pid 578] close(15) = -1 EBADF (Bad file descriptor) [pid 576] +++ exited with 0 +++ [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(17 [pid 578] close(16 [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] <... restart_syscall resumed>) = 0 [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 579] close(18 [pid 578] close(17 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] close(18 [pid 579] close(19 [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] close(19 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] close(20 [pid 579] close(20 [pid 292] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(21 [pid 578] close(21 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] close(22) = -1 EBADF (Bad file descriptor) [pid 579] close(22 [pid 578] close(23 [pid 292] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] close(23 [pid 578] close(24 [pid 292] <... openat resumed>) = 3 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] close(25 [pid 292] newfstatat(3, "", [pid 579] close(24 [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] close(26 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 579] close(25 [pid 578] close(27 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] getdents64(3, [pid 579] close(26 [pid 578] close(28 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 579] close(27 [pid 578] close(29 [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 579] close(28 [pid 578] exit_group(0) = ? [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 578] +++ exited with 0 +++ [pid 579] close(29 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 579] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 579] exit_group(0) = ? [pid 579] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 294] <... umount2 resumed>) = 0 [pid 293] <... restart_syscall resumed>) = 0 [pid 292] <... umount2 resumed>) = 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 294] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./10/file0", [pid 293] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] newfstatat(AT_FDCWD, "./11/file0", [pid 293] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] <... openat resumed>) = 3 [pid 292] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] newfstatat(3, "", [pid 292] <... openat resumed>) = 4 [pid 289] <... openat resumed>) = 3 [pid 288] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] newfstatat(4, "", [pid 289] newfstatat(3, "", [pid 288] <... openat resumed>) = 3 [pid 294] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 293] getdents64(3, [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(3, "", [pid 294] <... openat resumed>) = 4 [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] getdents64(4, [pid 289] getdents64(3, [pid 294] newfstatat(4, "", [pid 293] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, [pid 294] getdents64(4, [pid 292] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] getdents64(3, [pid 294] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] close(4) = 0 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] rmdir("./10/file0") = 0 [pid 292] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./10/binderfs") = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./10") = 0 [pid 292] mkdir("./11", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./11/file0") = 0 [pid 294] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./11/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./11") = 0 [pid 294] mkdir("./12", 0777) = 0 [ 34.110907][ T586] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-585: bg 0: block 234: padding at end of block bitmap is not set [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 292] <... openat resumed>) = 3 [pid 294] ioctl(3, LOOP_CLR_FD [pid 293] <... umount2 resumed>) = 0 [pid 292] ioctl(3, LOOP_CLR_FD [pid 289] <... umount2 resumed>) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 293] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] close(3 [pid 293] newfstatat(AT_FDCWD, "./10/file0", [pid 292] <... close resumed>) = 0 [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 13 [pid 293] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 293] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./10/file0") = 0 [pid 293] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./10/binderfs") = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./10") = 0 [pid 293] mkdir("./11", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 13 [pid 294] close(3 [pid 289] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] newfstatat(AT_FDCWD, "./12/file0", [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 601 attached [pid 601] set_robust_list(0x555565cde760, 24) = 0 [pid 288] newfstatat(AT_FDCWD, "./12/file0", [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 14 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 289] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] <... openat resumed>) = 4 [pid 288] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 289] newfstatat(4, "", [pid 288] <... openat resumed>) = 4 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(4, "", [pid 289] getdents64(4, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 603 attached ./strace-static-x86_64: Process 602 attached [pid 289] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, [pid 289] getdents64(4, [pid 288] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] getdents64(4, [pid 603] set_robust_list(0x555565cde760, 24 [pid 289] close(4 [pid 603] <... set_robust_list resumed>) = 0 [pid 602] set_robust_list(0x555565cde760, 24 [pid 601] chdir("./11" [pid 288] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] <... close resumed>) = 0 [pid 288] close(4 [pid 289] rmdir("./12/file0" [pid 288] <... close resumed>) = 0 [pid 603] chdir("./12" [pid 289] <... rmdir resumed>) = 0 [pid 288] rmdir("./12/file0" [pid 603] <... chdir resumed>) = 0 [pid 602] <... set_robust_list resumed>) = 0 [pid 289] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... rmdir resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 603] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] newfstatat(AT_FDCWD, "./12/binderfs", [pid 288] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 603] <... prctl resumed>) = 0 [pid 602] chdir("./11" [pid 601] <... chdir resumed>) = 0 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 289] unlink("./12/binderfs" [pid 603] setpgid(0, 0 [pid 601] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] <... unlink resumed>) = 0 [pid 288] newfstatat(AT_FDCWD, "./12/binderfs", [pid 603] <... setpgid resumed>) = 0 [pid 602] <... chdir resumed>) = 0 [pid 601] <... prctl resumed>) = 0 [pid 289] getdents64(3, [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] unlink("./12/binderfs" [pid 289] close(3 [pid 603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 602] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 289] <... close resumed>) = 0 [pid 288] <... unlink resumed>) = 0 [pid 601] setpgid(0, 0 [pid 289] rmdir("./12") = 0 [pid 288] getdents64(3, [pid 603] <... openat resumed>) = 3 [pid 602] <... prctl resumed>) = 0 [pid 289] mkdir("./13", 0777 [pid 601] <... setpgid resumed>) = 0 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 603] write(3, "1000", 4 [pid 602] setpgid(0, 0 [pid 289] <... mkdir resumed>) = 0 [pid 288] close(3 [pid 601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] <... close resumed>) = 0 [pid 603] <... write resumed>) = 4 [pid 602] <... setpgid resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 288] rmdir("./12" [pid 601] <... openat resumed>) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] <... rmdir resumed>) = 0 [pid 603] close(3 [pid 602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 601] write(3, "1000", 4 [pid 289] close(3 [pid 288] mkdir("./13", 0777 [pid 603] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 288] <... mkdir resumed>) = 0 [pid 603] symlink("/dev/binderfs", "./binderfs" [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 603] <... symlink resumed>) = 0 [pid 602] <... openat resumed>) = 3 [pid 601] <... write resumed>) = 4 [pid 288] <... openat resumed>) = 3 [pid 603] write(1, "executing program\n", 18executing program [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 15 [pid 288] ioctl(3, LOOP_CLR_FD [pid 602] write(3, "1000", 4 [pid 601] close(3 [pid 603] <... write resumed>) = 18 [pid 602] <... write resumed>) = 4 [pid 601] <... close resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 603] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 602] close(3 [pid 601] symlink("/dev/binderfs", "./binderfs" [pid 288] close(3 [pid 603] <... openat resumed>) = 3 [pid 602] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 602] symlink("/dev/binderfs", "./binderfs" [pid 601] <... symlink resumed>) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 603] ioctl(3, VHOST_SET_OWNER./strace-static-x86_64: Process 604 attached [pid 604] set_robust_list(0x555565cde760, 24) = 0 [pid 604] chdir("./13" [pid 602] <... symlink resumed>) = 0 [pid 601] write(1, "executing program\n", 18 [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 15 executing program [pid 604] <... chdir resumed>) = 0 [pid 602] write(1, "executing program\n", 18 [pid 601] <... write resumed>) = 18 [pid 604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 604] setpgid(0, 0executing program [pid 602] <... write resumed>) = 18 [pid 601] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 604] <... setpgid resumed>) = 0 [pid 604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 604] write(3, "1000", 4) = 4 [pid 604] close(3) = 0 [pid 604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 604] write(1, "executing program\n", 18executing program ) = 18 [pid 604] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 602] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 601] <... openat resumed>) = 3 [pid 602] <... openat resumed>) = 3 [pid 601] ioctl(3, VHOST_SET_OWNER [pid 604] <... openat resumed>) = 3 [pid 604] ioctl(3, VHOST_SET_OWNER./strace-static-x86_64: Process 605 attached [pid 605] set_robust_list(0x555565cde760, 24) = 0 [pid 602] ioctl(3, VHOST_SET_OWNER [pid 605] chdir("./13") = 0 [pid 605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 603] <... ioctl resumed>, 0) = 0 [pid 603] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 603] ioctl(3, VHOST_SET_MEM_TABLE [pid 605] setpgid(0, 0) = 0 [pid 605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 603] <... ioctl resumed>, 0x200000003380) = 0 [pid 603] eventfd2(118, EFD_SEMAPHORE [pid 601] <... ioctl resumed>, 0) = 0 [pid 605] <... openat resumed>) = 3 [pid 603] <... eventfd2 resumed>) = 4 [pid 601] ioctl(3, VHOST_SET_VRING_ADDR [pid 603] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 601] <... ioctl resumed>, 0x200000000300) = 0 [pid 603] ioctl(3, VHOST_SET_VRING_ADDR [pid 601] ioctl(3, VHOST_SET_MEM_TABLE [pid 603] <... ioctl resumed>, 0x200000000240) = 0 [pid 603] ioctl(3, VHOST_SET_VRING_KICK [pid 601] <... ioctl resumed>, 0x200000003380) = 0 [pid 603] <... ioctl resumed>, 0x200000000000) = 0 [pid 601] eventfd2(118, EFD_SEMAPHORE [pid 603] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 601] <... eventfd2 resumed>) = 4 [pid 603] <... ioctl resumed>, 0x200000000140) = 0 [pid 601] ioctl(3, VHOST_SET_VRING_ERR [pid 603] memfd_create("syzkaller", 0 [pid 601] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 603] <... memfd_create resumed>) = 5 [pid 601] ioctl(3, VHOST_SET_VRING_ADDR [pid 603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 601] <... ioctl resumed>, 0x200000000240) = 0 [pid 605] write(3, "1000", 4 [pid 603] <... mmap resumed>) = 0x7f12c0537000 [pid 601] ioctl(3, VHOST_SET_VRING_KICK [pid 605] <... write resumed>) = 4 [pid 605] close(3) = 0 [pid 605] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 605] write(1, "executing program\n", 18) = 18 [pid 605] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 605] ioctl(3, VHOST_SET_OWNER [pid 604] <... ioctl resumed>, 0) = 0 [pid 604] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 604] ioctl(3, VHOST_SET_MEM_TABLE [pid 601] <... ioctl resumed>, 0x200000000000) = 0 [pid 604] <... ioctl resumed>, 0x200000003380) = 0 [pid 604] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 604] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 604] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 604] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 604] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 604] memfd_create("syzkaller", 0) = 5 [pid 604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 604] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 603] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 602] <... ioctl resumed>, 0) = 0 [pid 601] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 602] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 601] <... ioctl resumed>, 0x200000000140) = 0 [pid 602] ioctl(3, VHOST_SET_MEM_TABLE [pid 601] memfd_create("syzkaller", 0) = 5 [pid 601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 604] <... write resumed>) = 1048576 [pid 601] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 604] munmap(0x7f12c0537000, 138412032) = 0 [pid 603] <... write resumed>) = 1048576 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 604] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 604] close(5) = 0 [pid 604] close(6) = 0 [pid 604] mkdir("./file0", 0777) = 0 [pid 604] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 601] <... write resumed>) = 1048576 [pid 603] munmap(0x7f12c0537000, 138412032 [pid 602] <... ioctl resumed>, 0x200000003380) = 0 [pid 602] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 602] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 605] <... ioctl resumed>, 0) = 0 [pid 603] <... munmap resumed>) = 0 [pid 602] ioctl(3, VHOST_SET_VRING_ADDR [pid 605] ioctl(3, VHOST_SET_VRING_ADDR [pid 603] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 602] <... ioctl resumed>, 0x200000000240) = 0 [pid 605] <... ioctl resumed>, 0x200000000300) = 0 [pid 602] ioctl(3, VHOST_SET_VRING_KICK [pid 605] ioctl(3, VHOST_SET_MEM_TABLE [pid 602] <... ioctl resumed>, 0x200000000000) = 0 [pid 603] <... openat resumed>) = 6 [pid 602] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 602] memfd_create("syzkaller", 0) = 5 [pid 602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 602] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 605] <... ioctl resumed>, 0x200000003380) = 0 [pid 605] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 605] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 605] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 605] memfd_create("syzkaller", 0) = 5 [pid 605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 605] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 605] munmap(0x7f12c0537000, 138412032) = 0 [pid 605] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 605] ioctl(6, LOOP_SET_FD, 5 [pid 603] ioctl(6, LOOP_SET_FD, 5 [pid 605] <... ioctl resumed>) = 0 [pid 605] close(5) = 0 [pid 605] close(6) = 0 [pid 605] mkdir("./file0", 0777) = 0 [pid 605] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 603] <... ioctl resumed>) = 0 [pid 603] close(5) = 0 [pid 602] <... write resumed>) = 1048576 [pid 603] close(6 [pid 601] munmap(0x7f12c0537000, 138412032) = 0 [pid 602] munmap(0x7f12c0537000, 138412032 [pid 601] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 602] <... munmap resumed>) = 0 [ 34.540448][ T604] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 604] <... mount resumed>) = 0 [pid 602] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 605] <... mount resumed>) = 0 [pid 605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 604] chdir("./file0") = 0 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 605] <... openat resumed>) = 5 [pid 605] chdir("./file0") = 0 [pid 605] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 603] <... close resumed>) = 0 [pid 601] <... openat resumed>) = 6 [pid 603] mkdir("./file0", 0777 [pid 601] ioctl(6, LOOP_SET_FD, 5 [pid 603] <... mkdir resumed>) = 0 [ 34.591099][ T605] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 603] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 602] <... openat resumed>) = 6 [pid 605] <... openat resumed>) = 6 [pid 604] <... openat resumed>) = 6 [pid 602] ioctl(6, LOOP_SET_FD, 5 [pid 605] ioctl(6, LOOP_CLR_FD [pid 604] ioctl(6, LOOP_CLR_FD [pid 601] <... ioctl resumed>) = 0 [pid 601] close(5) = 0 [pid 601] close(6 [pid 602] <... ioctl resumed>) = 0 [pid 605] <... ioctl resumed>) = 0 [pid 604] <... ioctl resumed>) = 0 [pid 601] <... close resumed>) = 0 [pid 604] close(6 [pid 605] close(6 [pid 604] <... close resumed>) = 0 [pid 605] <... close resumed>) = 0 [pid 601] mkdir("./file0", 0777 [pid 605] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 604] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 601] <... mkdir resumed>) = 0 [pid 605] <... openat resumed>) = 6 [pid 605] write(6, "#! ./file1\n", 11 [pid 604] <... openat resumed>) = 6 [pid 605] <... write resumed>) = 11 [pid 604] write(6, "#! ./file1\n", 11 [pid 605] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 604] <... write resumed>) = 11 [pid 605] <... mmap resumed>) = 0x200000000000 [pid 604] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 602] close(5 [pid 601] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 602] <... close resumed>) = 0 [pid 602] close(6) = 0 [pid 602] mkdir("./file0", 0777) = 0 [pid 602] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 605] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 605] close(3 [pid 604] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 604] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 604] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 604] close(3) = 0 [pid 604] close(4) = 0 [pid 604] close(5) = 0 [pid 604] close(6) = 0 [pid 604] close(7) = -1 EBADF (Bad file descriptor) [pid 604] close(8) = -1 EBADF (Bad file descriptor) [pid 604] close(9) = -1 EBADF (Bad file descriptor) [pid 604] close(10) = -1 EBADF (Bad file descriptor) [pid 604] close(11) = -1 EBADF (Bad file descriptor) [pid 604] close(12) = -1 EBADF (Bad file descriptor) [pid 604] close(13) = -1 EBADF (Bad file descriptor) [pid 604] close(14) = -1 EBADF (Bad file descriptor) [pid 604] close(15) = -1 EBADF (Bad file descriptor) [pid 604] close(16) = -1 EBADF (Bad file descriptor) [pid 604] close(17) = -1 EBADF (Bad file descriptor) [pid 604] close(18) = -1 EBADF (Bad file descriptor) [pid 604] close(19) = -1 EBADF (Bad file descriptor) [pid 604] close(20) = -1 EBADF (Bad file descriptor) [pid 604] close(21) = -1 EBADF (Bad file descriptor) [pid 604] close(22) = -1 EBADF (Bad file descriptor) [pid 604] close(23) = -1 EBADF (Bad file descriptor) [pid 604] close(24) = -1 EBADF (Bad file descriptor) [pid 604] close(25) = -1 EBADF (Bad file descriptor) [pid 604] close(26) = -1 EBADF (Bad file descriptor) [pid 604] close(27) = -1 EBADF (Bad file descriptor) [pid 604] close(28) = -1 EBADF (Bad file descriptor) [pid 604] close(29) = -1 EBADF (Bad file descriptor) [pid 604] exit_group(0) = ? [pid 604] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [ 34.690168][ T605] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 34.705578][ T604] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 602] <... mount resumed>) = 0 [pid 603] <... mount resumed>) = 0 [pid 602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 602] chdir("./file0" [pid 603] <... openat resumed>) = 5 [pid 602] <... chdir resumed>) = 0 [pid 602] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 603] chdir("./file0") = 0 [pid 603] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 605] <... close resumed>) = 0 [pid 605] close(4) = 0 [pid 605] close(5) = 0 [pid 605] close(6) = 0 [pid 605] close(7) = -1 EBADF (Bad file descriptor) [pid 605] close(8) = -1 EBADF (Bad file descriptor) [pid 605] close(9) = -1 EBADF (Bad file descriptor) [pid 605] close(10) = -1 EBADF (Bad file descriptor) [pid 605] close(11) = -1 EBADF (Bad file descriptor) [pid 605] close(12) = -1 EBADF (Bad file descriptor) [pid 605] close(13) = -1 EBADF (Bad file descriptor) [pid 605] close(14) = -1 EBADF (Bad file descriptor) [pid 605] close(15) = -1 EBADF (Bad file descriptor) [pid 605] close(16) = -1 EBADF (Bad file descriptor) [pid 605] close(17) = -1 EBADF (Bad file descriptor) [pid 605] close(18) = -1 EBADF (Bad file descriptor) [pid 605] close(19) = -1 EBADF (Bad file descriptor) [pid 605] close(20) = -1 EBADF (Bad file descriptor) [pid 605] close(21) = -1 EBADF (Bad file descriptor) [pid 605] close(22) = -1 EBADF (Bad file descriptor) [pid 605] close(23) = -1 EBADF (Bad file descriptor) [pid 605] close(24) = -1 EBADF (Bad file descriptor) [pid 605] close(25) = -1 EBADF (Bad file descriptor) [pid 605] close(26) = -1 EBADF (Bad file descriptor) [pid 605] close(27) = -1 EBADF (Bad file descriptor) [pid 605] close(28) = -1 EBADF (Bad file descriptor) [pid 605] close(29) = -1 EBADF (Bad file descriptor) [pid 605] exit_group(0) = ? [pid 605] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 34.762855][ T602] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 34.774647][ T603] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 288] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 601] <... mount resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 603] <... openat resumed>) = 6 [pid 602] <... openat resumed>) = 6 [pid 601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 603] ioctl(6, LOOP_CLR_FD [pid 602] ioctl(6, LOOP_CLR_FD [pid 601] <... openat resumed>) = 5 [pid 601] chdir("./file0") = 0 [pid 601] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 289] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./13/file0") = 0 [pid 289] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./13/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./13") = 0 [pid 289] mkdir("./14", 0777) = 0 [ 34.806494][ T601] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] <... umount2 resumed>) = 0 [pid 602] <... ioctl resumed>) = 0 [pid 603] <... ioctl resumed>) = 0 [pid 289] <... openat resumed>) = 3 [pid 603] close(6 [pid 601] <... openat resumed>) = 6 [pid 602] close(6 [pid 289] ioctl(3, LOOP_CLR_FD [pid 603] <... close resumed>) = 0 [pid 601] ioctl(6, LOOP_CLR_FD) = 0 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 601] close(6 [pid 602] <... close resumed>) = 0 [pid 289] close(3 [pid 603] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 601] <... close resumed>) = 0 [pid 602] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] <... close resumed>) = 0 [pid 601] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 602] <... openat resumed>) = 6 [pid 603] <... openat resumed>) = 6 [pid 601] <... openat resumed>) = 6 [pid 603] write(6, "#! ./file1\n", 11 [pid 602] write(6, "#! ./file1\n", 11 [pid 601] write(6, "#! ./file1\n", 11 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 16 [pid 288] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 602] <... write resumed>) = 11 [pid 603] <... write resumed>) = 11 [pid 601] <... write resumed>) = 11 [pid 602] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 603] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 601] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 602] <... mmap resumed>) = 0x200000000000 [pid 601] <... mmap resumed>) = 0x200000000000 [pid 603] <... mmap resumed>) = 0x200000000000 [pid 603] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 603] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 288] newfstatat(AT_FDCWD, "./13/file0", [pid 603] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 603] close(3 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 626 attached [pid 288] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 626] set_robust_list(0x555565cde760, 24 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 626] <... set_robust_list resumed>) = 0 [pid 288] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./13/file0") = 0 [pid 288] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./13/binderfs") = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./13") = 0 [pid 288] mkdir("./14", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD [pid 626] chdir("./14" [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 626] <... chdir resumed>) = 0 [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 602] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 602] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 602] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 16 [pid 602] close(3./strace-static-x86_64: Process 627 attached [pid 627] set_robust_list(0x555565cde760, 24) = 0 [pid 627] chdir("./14") = 0 [pid 627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 627] setpgid(0, 0) = 0 [pid 627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 627] write(3, "1000", 4) = 4 [pid 627] close(3) = 0 [pid 627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 627] write(1, "executing program\n", 18executing program ) = 18 [pid 627] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 626] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 627] ioctl(3, VHOST_SET_OWNER [pid 626] <... prctl resumed>) = 0 [pid 627] <... ioctl resumed>, 0) = 0 [pid 627] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 627] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 627] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 627] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 627] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 627] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 627] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 627] memfd_create("syzkaller", 0) = 5 [pid 627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 627] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 626] setpgid(0, 0) = 0 [pid 601] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 626] write(3, "1000", 4 [pid 603] <... close resumed>) = 0 [pid 603] close(4 [pid 626] <... write resumed>) = 4 [pid 603] <... close resumed>) = 0 [pid 626] close(3 [pid 603] close(5 [pid 626] <... close resumed>) = 0 [pid 626] symlink("/dev/binderfs", "./binderfs" [pid 603] <... close resumed>) = 0 [pid 626] <... symlink resumed>) = 0 [pid 603] close(6) = 0 [pid 626] write(1, "executing program\n", 18 [pid 603] close(7executing program [pid 626] <... write resumed>) = 18 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] <... close resumed>) = 0 [pid 601] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 603] close(8 [pid 602] close(4 [pid 626] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 626] <... openat resumed>) = 3 [pid 603] close(9 [pid 602] <... close resumed>) = 0 [pid 601] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 626] ioctl(3, VHOST_SET_OWNER [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] close(3 [pid 603] close(10 [pid 602] close(5 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 603] close(11 [pid 602] <... close resumed>) = 0 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(6 [pid 603] close(12 [pid 602] <... close resumed>) = 0 [pid 601] <... close resumed>) = 0 [pid 626] <... ioctl resumed>, 0) = 0 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(7 [pid 601] close(4 [pid 627] <... write resumed>) = 1048576 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR [pid 603] close(13 [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] <... close resumed>) = 0 [pid 627] munmap(0x7f12c0537000, 138412032 [pid 626] <... ioctl resumed>, 0x200000000300) = 0 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(8 [pid 601] close(5 [pid 626] ioctl(3, VHOST_SET_MEM_TABLE [pid 603] close(14 [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 626] <... ioctl resumed>, 0x200000003380) = 0 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(9 [pid 601] <... close resumed>) = 0 [pid 627] <... munmap resumed>) = 0 [pid 626] eventfd2(118, EFD_SEMAPHORE [pid 603] close(15 [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [ 34.891668][ T606] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-603: bg 0: block 234: padding at end of block bitmap is not set [ 34.891781][ T602] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 34.920892][ T601] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 627] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 626] <... eventfd2 resumed>) = 4 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(10 [pid 601] close(6 [pid 627] <... openat resumed>) = 6 [pid 626] ioctl(3, VHOST_SET_VRING_ERR [pid 603] close(16 [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 627] ioctl(6, LOOP_SET_FD, 5 [pid 626] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(11 [pid 601] <... close resumed>) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR [pid 603] close(17 [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(12 [pid 601] close(7 [pid 626] <... ioctl resumed>, 0x200000000240) = 0 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 626] ioctl(3, VHOST_SET_VRING_KICK [pid 603] close(18 [pid 602] close(13 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 626] <... ioctl resumed>, 0x200000000000) = 0 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 626] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 603] close(19 [pid 602] close(14 [pid 601] close(8 [pid 626] <... ioctl resumed>, 0x200000000140) = 0 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 626] memfd_create("syzkaller", 0 [pid 603] close(20 [pid 602] close(15 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 626] <... memfd_create resumed>) = 5 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(16 [pid 601] close(9 [pid 626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 603] close(21 [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 626] <... mmap resumed>) = 0x7f12c0537000 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(17 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 602] close(18) = -1 EBADF (Bad file descriptor) [pid 602] close(19) = -1 EBADF (Bad file descriptor) [pid 602] close(20) = -1 EBADF (Bad file descriptor) [pid 602] close(21) = -1 EBADF (Bad file descriptor) [pid 602] close(22) = -1 EBADF (Bad file descriptor) [pid 602] close(23) = -1 EBADF (Bad file descriptor) [pid 602] close(24) = -1 EBADF (Bad file descriptor) [pid 602] close(25) = -1 EBADF (Bad file descriptor) [pid 602] close(26) = -1 EBADF (Bad file descriptor) [pid 602] close(27) = -1 EBADF (Bad file descriptor) [pid 602] close(28) = -1 EBADF (Bad file descriptor) [pid 602] close(29) = -1 EBADF (Bad file descriptor) [pid 602] exit_group(0) = ? [pid 602] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 601] close(10 [pid 603] close(22 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 603] close(23 [pid 601] close(11 [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 603] close(24) = -1 EBADF (Bad file descriptor) [pid 601] close(12 [pid 603] close(25 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] close(13 [pid 603] close(26 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] close(14 [pid 603] close(27 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] close(15 [pid 603] close(28 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] close(16 [pid 603] close(29 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 603] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] close(17 [pid 603] exit_group(0 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 603] <... exit_group resumed>) = ? [pid 601] close(18 [pid 626] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 603] +++ exited with 0 +++ [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] <... restart_syscall resumed>) = 0 [pid 601] close(19) = -1 EBADF (Bad file descriptor) [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 601] close(20 [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 293] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 601] close(21 [pid 293] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] <... openat resumed>) = 3 [pid 601] close(22 [pid 293] newfstatat(3, "", [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 601] close(23 [pid 293] getdents64(3, [pid 627] <... ioctl resumed>) = 0 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 627] close(5 [pid 601] close(24 [pid 293] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 627] <... close resumed>) = 0 [pid 601] close(25 [pid 627] close(6 [pid 601] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 601] close(26) = -1 EBADF (Bad file descriptor) [pid 601] close(27) = -1 EBADF (Bad file descriptor) [pid 601] close(28) = -1 EBADF (Bad file descriptor) [pid 601] close(29) = -1 EBADF (Bad file descriptor) [pid 601] exit_group(0) = ? [pid 294] <... restart_syscall resumed>) = 0 [pid 601] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 294] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... restart_syscall resumed>) = 0 [pid 292] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 626] <... write resumed>) = 1048576 [pid 626] munmap(0x7f12c0537000, 138412032) = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 293] <... umount2 resumed>) = 0 [pid 627] <... close resumed>) = 0 [pid 627] mkdir("./file0", 0777 [pid 293] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 627] <... mkdir resumed>) = 0 [pid 627] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./11/file0") = 0 [pid 293] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./11/binderfs") = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./11") = 0 [pid 293] mkdir("./12", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 626] <... openat resumed>) = 6 [pid 626] ioctl(6, LOOP_SET_FD, 5 [pid 294] <... umount2 resumed>) = 0 [pid 293] <... openat resumed>) = 3 [pid 292] <... umount2 resumed>) = 0 [pid 293] ioctl(3, LOOP_CLR_FD [pid 294] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./12/file0", [pid 292] newfstatat(AT_FDCWD, "./11/file0", [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 294] <... openat resumed>) = 4 [pid 294] newfstatat(4, "", [pid 292] <... openat resumed>) = 4 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] newfstatat(4, "", [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, [pid 292] getdents64(4, [pid 294] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] close(4 [pid 292] getdents64(4, [pid 294] <... close resumed>) = 0 [pid 292] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] rmdir("./12/file0" [pid 292] close(4 [pid 294] <... rmdir resumed>) = 0 [pid 292] <... close resumed>) = 0 [pid 294] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] rmdir("./11/file0" [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./12/binderfs", [pid 292] <... rmdir resumed>) = 0 [pid 294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] unlink("./12/binderfs" [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... unlink resumed>) = 0 [pid 292] newfstatat(AT_FDCWD, "./11/binderfs", [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] close(3 [pid 292] unlink("./11/binderfs" [pid 294] <... close resumed>) = 0 [pid 292] <... unlink resumed>) = 0 [pid 294] rmdir("./12" [pid 292] getdents64(3, [pid 294] <... rmdir resumed>) = 0 [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] mkdir("./13", 0777 [pid 292] close(3 [pid 294] <... mkdir resumed>) = 0 [pid 292] <... close resumed>) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 292] rmdir("./11") = 0 [pid 292] mkdir("./12", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 626] <... ioctl resumed>) = 0 [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] <... openat resumed>) = 3 [pid 626] close(5 [pid 294] <... openat resumed>) = 3 [pid 293] close(3 [pid 292] ioctl(3, LOOP_CLR_FD [pid 626] <... close resumed>) = 0 [pid 294] ioctl(3, LOOP_CLR_FD [pid 293] <... close resumed>) = 0 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] close(3 [pid 294] close(3 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 626] close(6 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 14 [pid 626] <... close resumed>) = 0 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 15 [pid 626] mkdir("./file0", 0777 [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 14 [pid 626] <... mkdir resumed>) = 0 [pid 626] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 633 attached [pid 633] set_robust_list(0x555565cde760, 24) = 0 [pid 633] chdir("./12") = 0 [pid 633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 633] setpgid(0, 0) = 0 [pid 633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 633] write(3, "1000", 4) = 4 [pid 633] close(3) = 0 [pid 633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 633] write(1, "executing program\n", 18executing program ) = 18 [pid 633] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 633] ioctl(3, VHOST_SET_OWNER./strace-static-x86_64: Process 634 attached ./strace-static-x86_64: Process 635 attached [pid 635] set_robust_list(0x555565cde760, 24 [pid 634] set_robust_list(0x555565cde760, 24 [pid 635] <... set_robust_list resumed>) = 0 [pid 634] <... set_robust_list resumed>) = 0 [pid 633] <... ioctl resumed>, 0) = 0 [pid 633] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 633] ioctl(3, VHOST_SET_MEM_TABLE [pid 634] chdir("./12" [pid 635] chdir("./13" [pid 634] <... chdir resumed>) = 0 [pid 635] <... chdir resumed>) = 0 [pid 635] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 634] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 633] <... ioctl resumed>, 0x200000003380) = 0 [pid 635] <... prctl resumed>) = 0 [pid 634] <... prctl resumed>) = 0 [pid 635] setpgid(0, 0 [pid 634] setpgid(0, 0 [pid 633] eventfd2(118, EFD_SEMAPHORE [pid 635] <... setpgid resumed>) = 0 [pid 634] <... setpgid resumed>) = 0 [pid 635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 633] <... eventfd2 resumed>) = 4 [pid 633] ioctl(3, VHOST_SET_VRING_ERR [pid 635] <... openat resumed>) = 3 [pid 635] write(3, "1000", 4 [pid 634] <... openat resumed>) = 3 [pid 633] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 635] <... write resumed>) = 4 [pid 634] write(3, "1000", 4 [pid 633] ioctl(3, VHOST_SET_VRING_ADDR [pid 635] close(3 [pid 634] <... write resumed>) = 4 [pid 635] <... close resumed>) = 0 [pid 634] close(3 [pid 635] symlink("/dev/binderfs", "./binderfs" [pid 634] <... close resumed>) = 0 [pid 633] <... ioctl resumed>, 0x200000000240) = 0 [pid 635] <... symlink resumed>) = 0 [pid 634] symlink("/dev/binderfs", "./binderfs" [pid 633] ioctl(3, VHOST_SET_VRING_KICK [pid 635] write(1, "executing program\n", 18executing program ) = 18 [pid 634] <... symlink resumed>) = 0 [pid 633] <... ioctl resumed>, 0x200000000000) = 0 [pid 633] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 635] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 634] write(1, "executing program\n", 18 [pid 633] <... ioctl resumed>, 0x200000000140) = 0 [pid 635] <... openat resumed>) = 3 [pid 633] memfd_create("syzkaller", 0) = 5 [pid 633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program ) = 0x7f12c0537000 [pid 635] ioctl(3, VHOST_SET_OWNER [pid 634] <... write resumed>) = 18 [pid 633] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 634] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 633] <... write resumed>) = 1048576 [pid 634] <... openat resumed>) = 3 [pid 634] ioctl(3, VHOST_SET_OWNER [pid 627] <... mount resumed>) = 0 [pid 627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 626] <... mount resumed>) = 0 [pid 627] chdir("./file0" [pid 626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 633] munmap(0x7f12c0537000, 138412032) = 0 [pid 633] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 633] ioctl(6, LOOP_SET_FD, 5 [pid 627] <... chdir resumed>) = 0 [pid 626] <... openat resumed>) = 5 [pid 627] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 626] chdir("./file0") = 0 [pid 635] <... ioctl resumed>, 0) = 0 [pid 634] <... ioctl resumed>, 0) = 0 [pid 635] ioctl(3, VHOST_SET_VRING_ADDR [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 634] ioctl(3, VHOST_SET_VRING_ADDR [pid 635] <... ioctl resumed>, 0x200000000300) = 0 [pid 634] <... ioctl resumed>, 0x200000000300) = 0 [pid 635] ioctl(3, VHOST_SET_MEM_TABLE [pid 634] ioctl(3, VHOST_SET_MEM_TABLE [pid 635] <... ioctl resumed>, 0x200000003380) = 0 [pid 634] <... ioctl resumed>, 0x200000003380) = 0 [pid 635] eventfd2(118, EFD_SEMAPHORE [pid 634] eventfd2(118, EFD_SEMAPHORE [pid 635] <... eventfd2 resumed>) = 4 [pid 634] <... eventfd2 resumed>) = 4 [pid 635] ioctl(3, VHOST_SET_VRING_ERR [pid 634] ioctl(3, VHOST_SET_VRING_ERR [pid 635] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 635] ioctl(3, VHOST_SET_VRING_ADDR [pid 634] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 635] <... ioctl resumed>, 0x200000000240) = 0 [pid 634] ioctl(3, VHOST_SET_VRING_ADDR [pid 635] ioctl(3, VHOST_SET_VRING_KICK [pid 634] <... ioctl resumed>, 0x200000000240) = 0 [pid 635] <... ioctl resumed>, 0x200000000000) = 0 [pid 635] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 634] ioctl(3, VHOST_SET_VRING_KICK [pid 635] <... ioctl resumed>, 0x200000000140) = 0 [pid 634] <... ioctl resumed>, 0x200000000000) = 0 [pid 635] memfd_create("syzkaller", 0 [pid 634] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 635] <... memfd_create resumed>) = 5 [pid 634] <... ioctl resumed>, 0x200000000140) = 0 [pid 635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 634] memfd_create("syzkaller", 0 [pid 635] <... mmap resumed>) = 0x7f12c0537000 [pid 634] <... memfd_create resumed>) = 5 [pid 635] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 634] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 633] <... ioctl resumed>) = 0 [pid 633] close(5) = 0 [pid 633] close(6) = 0 [pid 633] mkdir("./file0", 0777) = 0 [pid 633] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 627] <... openat resumed>) = 6 [pid 626] <... openat resumed>) = 6 [pid 627] ioctl(6, LOOP_CLR_FD [pid 626] ioctl(6, LOOP_CLR_FD [pid 627] <... ioctl resumed>) = 0 [pid 626] <... ioctl resumed>) = 0 [pid 627] close(6 [ 35.194635][ T627] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 35.204249][ T626] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 626] close(6 [pid 627] <... close resumed>) = 0 [pid 627] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 626] <... close resumed>) = 0 [pid 626] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 635] <... write resumed>) = 1048576 [pid 627] <... openat resumed>) = 6 [pid 626] <... openat resumed>) = 6 [pid 627] write(6, "#! ./file1\n", 11 [pid 626] write(6, "#! ./file1\n", 11 [pid 627] <... write resumed>) = 11 [pid 626] <... write resumed>) = 11 [pid 627] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 626] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 627] <... mmap resumed>) = 0x200000000000 [pid 626] <... mmap resumed>) = 0x200000000000 [pid 634] munmap(0x7f12c0537000, 138412032 [pid 635] munmap(0x7f12c0537000, 138412032 [pid 634] <... munmap resumed>) = 0 [pid 635] <... munmap resumed>) = 0 [pid 634] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 635] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 634] ioctl(6, LOOP_SET_FD, 5 [pid 635] <... openat resumed>) = 6 [pid 635] ioctl(6, LOOP_SET_FD, 5 [pid 626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 627] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 627] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 627] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [ 35.276744][ T627] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 35.291655][ T629] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-626: bg 0: block 234: padding at end of block bitmap is not set [pid 627] close(3) = 0 [pid 627] close(4) = 0 [pid 627] close(5) = 0 [pid 627] close(6) = 0 [pid 627] close(7) = -1 EBADF (Bad file descriptor) [pid 627] close(8) = -1 EBADF (Bad file descriptor) [pid 627] close(9) = -1 EBADF (Bad file descriptor) [pid 627] close(10) = -1 EBADF (Bad file descriptor) [pid 627] close(11) = -1 EBADF (Bad file descriptor) [pid 627] close(12) = -1 EBADF (Bad file descriptor) [pid 627] close(13) = -1 EBADF (Bad file descriptor) [pid 627] close(14) = -1 EBADF (Bad file descriptor) [pid 627] close(15) = -1 EBADF (Bad file descriptor) [pid 627] close(16) = -1 EBADF (Bad file descriptor) [pid 627] close(17) = -1 EBADF (Bad file descriptor) [pid 627] close(18) = -1 EBADF (Bad file descriptor) [pid 627] close(19) = -1 EBADF (Bad file descriptor) [pid 627] close(20) = -1 EBADF (Bad file descriptor) [pid 627] close(21) = -1 EBADF (Bad file descriptor) [pid 627] close(22) = -1 EBADF (Bad file descriptor) [pid 627] close(23) = -1 EBADF (Bad file descriptor) [pid 627] close(24) = -1 EBADF (Bad file descriptor) [pid 627] close(25) = -1 EBADF (Bad file descriptor) [pid 627] close(26) = -1 EBADF (Bad file descriptor) [pid 627] close(27) = -1 EBADF (Bad file descriptor) [pid 627] close(28) = -1 EBADF (Bad file descriptor) [pid 627] close(29) = -1 EBADF (Bad file descriptor) [pid 627] exit_group(0) = ? [pid 627] +++ exited with 0 +++ [pid 626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 634] <... ioctl resumed>) = 0 [pid 634] close(5 [pid 626] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 634] <... close resumed>) = 0 [pid 626] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 634] close(6 [pid 626] close(3 [pid 635] <... ioctl resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 634] <... close resumed>) = 0 [pid 288] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 635] close(5 [pid 634] mkdir("./file0", 0777 [pid 288] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 635] <... close resumed>) = 0 [pid 634] <... mkdir resumed>) = 0 [pid 288] newfstatat(3, "", [pid 635] close(6 [pid 634] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 635] <... close resumed>) = 0 [pid 288] getdents64(3, [pid 635] mkdir("./file0", 0777 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 635] <... mkdir resumed>) = 0 [pid 635] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 288] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 626] <... close resumed>) = 0 [pid 626] close(4) = 0 [pid 626] close(5) = 0 [pid 626] close(6) = 0 [pid 626] close(7) = -1 EBADF (Bad file descriptor) [pid 626] close(8) = -1 EBADF (Bad file descriptor) [pid 626] close(9) = -1 EBADF (Bad file descriptor) [pid 626] close(10) = -1 EBADF (Bad file descriptor) [pid 626] close(11) = -1 EBADF (Bad file descriptor) [pid 626] close(12) = -1 EBADF (Bad file descriptor) [pid 626] close(13) = -1 EBADF (Bad file descriptor) [pid 626] close(14) = -1 EBADF (Bad file descriptor) [pid 626] close(15) = -1 EBADF (Bad file descriptor) [pid 626] close(16) = -1 EBADF (Bad file descriptor) [pid 626] close(17) = -1 EBADF (Bad file descriptor) [pid 626] close(18) = -1 EBADF (Bad file descriptor) [pid 626] close(19) = -1 EBADF (Bad file descriptor) [pid 626] close(20) = -1 EBADF (Bad file descriptor) [pid 626] close(21) = -1 EBADF (Bad file descriptor) [pid 626] close(22 [pid 633] <... mount resumed>) = 0 [pid 626] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 626] close(23 [pid 633] <... openat resumed>) = 5 [pid 626] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 633] chdir("./file0" [pid 626] close(24 [pid 633] <... chdir resumed>) = 0 [pid 626] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 633] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 626] close(25) = -1 EBADF (Bad file descriptor) [pid 626] close(26) = -1 EBADF (Bad file descriptor) [pid 626] close(27) = -1 EBADF (Bad file descriptor) [ 35.320550][ T633] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 626] close(28) = -1 EBADF (Bad file descriptor) [pid 626] close(29) = -1 EBADF (Bad file descriptor) [pid 626] exit_group(0) = ? [pid 626] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./14/file0") = 0 [pid 288] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./14/binderfs") = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./14") = 0 [pid 288] mkdir("./15", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 17 ./strace-static-x86_64: Process 651 attached [pid 651] set_robust_list(0x555565cde760, 24 [pid 635] <... mount resumed>) = 0 [pid 634] <... mount resumed>) = 0 [pid 651] <... set_robust_list resumed>) = 0 [pid 635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 651] chdir("./15" [pid 634] <... openat resumed>) = 5 [pid 635] <... openat resumed>) = 5 [pid 651] <... chdir resumed>) = 0 [pid 634] chdir("./file0" [pid 651] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 635] chdir("./file0" [pid 651] <... prctl resumed>) = 0 [pid 634] <... chdir resumed>) = 0 [pid 635] <... chdir resumed>) = 0 [pid 651] setpgid(0, 0 [pid 635] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 634] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 651] <... setpgid resumed>) = 0 [pid 651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 651] write(3, "1000", 4) = 4 [ 35.379110][ T635] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 35.389131][ T634] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 651] close(3 [pid 633] <... openat resumed>) = 6 [pid 633] ioctl(6, LOOP_CLR_FD [pid 634] <... openat resumed>) = 6 [pid 633] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 633] close(6) = 0 [pid 633] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 289] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 633] write(6, "#! ./file1\n", 11 [pid 634] ioctl(6, LOOP_CLR_FD [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 651] <... close resumed>) = 0 [pid 635] <... openat resumed>) = 6 [pid 634] <... ioctl resumed>) = 0 [pid 633] <... write resumed>) = 11 [pid 633] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 289] newfstatat(AT_FDCWD, "./14/file0", [pid 651] symlink("/dev/binderfs", "./binderfs" [pid 635] ioctl(6, LOOP_CLR_FD [pid 634] close(6 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, [pid 634] <... close resumed>) = 0 [pid 289] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 634] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 651] <... symlink resumed>) = 0 [pid 635] <... ioctl resumed>) = 0 [pid 289] close(4 [pid 634] <... openat resumed>) = 6 [pid 651] write(1, "executing program\n", 18 [pid 635] close(6 [pid 289] <... close resumed>) = 0 [pid 634] write(6, "#! ./file1\n", 11 [pid 635] <... close resumed>) = 0 [pid 289] rmdir("./14/file0" [pid 635] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] <... rmdir resumed>) = 0 [pid 289] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./14/binderfs", executing program [pid 634] <... write resumed>) = 11 [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 651] <... write resumed>) = 18 [pid 635] <... openat resumed>) = 6 [pid 634] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 289] unlink("./14/binderfs" [pid 651] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 635] write(6, "#! ./file1\n", 11 [pid 289] <... unlink resumed>) = 0 [pid 634] <... mmap resumed>) = 0x200000000000 [pid 289] getdents64(3, [pid 651] <... openat resumed>) = 3 [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 635] <... write resumed>) = 11 [pid 289] close(3) = 0 [pid 289] rmdir("./14") = 0 [pid 289] mkdir("./15", 0777) = 0 [pid 651] ioctl(3, VHOST_SET_OWNER [pid 635] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 635] <... mmap resumed>) = 0x200000000000 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 653 attached [pid 653] set_robust_list(0x555565cde760, 24) = 0 [pid 653] chdir("./15") = 0 [pid 653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 653] setpgid(0, 0) = 0 [pid 653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 653] write(3, "1000", 4) = 4 [pid 653] close(3) = 0 [pid 653] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 653] write(1, "executing program\n", 18) = 18 [pid 653] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [ 35.454590][ T633] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 35.482917][ T641] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-634: bg 0: block 234: padding at end of block bitmap is not set [pid 653] ioctl(3, VHOST_SET_OWNER [pid 634] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 17 [pid 634] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 634] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 634] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 635] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 634] close(3 [pid 635] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(3 [pid 653] <... ioctl resumed>, 0) = 0 [pid 653] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 653] ioctl(3, VHOST_SET_MEM_TABLE [pid 634] <... close resumed>) = 0 [pid 651] <... ioctl resumed>, 0) = 0 [pid 635] <... close resumed>) = 0 [pid 634] close(4 [pid 633] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 651] ioctl(3, VHOST_SET_VRING_ADDR [pid 635] close(4 [pid 634] <... close resumed>) = 0 [pid 653] <... ioctl resumed>, 0x200000003380) = 0 [pid 651] <... ioctl resumed>, 0x200000000300) = 0 [pid 635] <... close resumed>) = 0 [pid 634] close(5 [pid 651] ioctl(3, VHOST_SET_MEM_TABLE [pid 635] close(5 [pid 653] eventfd2(118, EFD_SEMAPHORE [pid 635] <... close resumed>) = 0 [pid 634] <... close resumed>) = 0 [pid 635] close(6 [pid 634] close(6 [pid 635] <... close resumed>) = 0 [pid 634] <... close resumed>) = 0 [pid 653] <... eventfd2 resumed>) = 4 [pid 635] close(7 [pid 634] close(7 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(8 [pid 634] close(8 [pid 653] ioctl(3, VHOST_SET_VRING_ERR [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(9 [pid 634] close(9 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(10 [pid 634] close(10 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(11 [pid 634] close(11 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(12 [pid 634] close(12 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(13 [pid 634] close(13 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(14 [pid 634] close(14 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(15 [pid 634] close(15 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 653] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 653] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 653] ioctl(3, VHOST_SET_VRING_KICK [pid 635] close(16 [pid 634] close(16 [pid 653] <... ioctl resumed>, 0x200000000000) = 0 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 653] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 635] close(17 [pid 634] close(17 [pid 653] <... ioctl resumed>, 0x200000000140) = 0 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 653] memfd_create("syzkaller", 0 [pid 635] close(18 [pid 634] close(18 [pid 653] <... memfd_create resumed>) = 5 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 635] close(19 [pid 634] close(19 [pid 653] <... mmap resumed>) = 0x7f12c0537000 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 653] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 635] close(20 [pid 634] close(20 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(21 [pid 634] close(21 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(22 [pid 634] close(22 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(23 [pid 634] close(23 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(24 [pid 634] close(24 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(25 [pid 634] close(25 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(26 [pid 634] close(26 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(27 [pid 634] close(27 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(28 [pid 634] close(28 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] close(29 [pid 634] close(29 [pid 635] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 634] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 635] exit_group(0 [pid 634] exit_group(0 [pid 635] <... exit_group resumed>) = ? [pid 634] <... exit_group resumed>) = ? [pid 635] +++ exited with 0 +++ [pid 634] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 294] <... restart_syscall resumed>) = 0 [pid 294] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... restart_syscall resumed>) = 0 [pid 651] <... ioctl resumed>, 0x200000003380) = 0 [pid 651] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 292] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 653] <... write resumed>) = 1048576 [pid 651] ioctl(3, VHOST_SET_VRING_ERR [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 651] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 292] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 651] ioctl(3, VHOST_SET_VRING_ADDR [pid 292] <... openat resumed>) = 3 [pid 651] <... ioctl resumed>, 0x200000000240) = 0 [pid 292] newfstatat(3, "", [pid 651] ioctl(3, VHOST_SET_VRING_KICK [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 651] <... ioctl resumed>, 0x200000000000) = 0 [pid 292] getdents64(3, [pid 651] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 35.491228][ T635] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 651] <... ioctl resumed>, 0x200000000140) = 0 [pid 292] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 651] memfd_create("syzkaller", 0) = 5 [pid 651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 653] munmap(0x7f12c0537000, 138412032) = 0 [pid 653] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 633] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 633] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 633] close(3) = 0 [pid 633] close(4) = 0 [pid 633] close(5) = 0 [pid 633] close(6) = 0 [pid 633] close(7) = -1 EBADF (Bad file descriptor) [pid 633] close(8) = -1 EBADF (Bad file descriptor) [pid 633] close(9) = -1 EBADF (Bad file descriptor) [pid 633] close(10) = -1 EBADF (Bad file descriptor) [pid 633] close(11) = -1 EBADF (Bad file descriptor) [pid 633] close(12) = -1 EBADF (Bad file descriptor) [pid 633] close(13) = -1 EBADF (Bad file descriptor) [pid 633] close(14) = -1 EBADF (Bad file descriptor) [pid 633] close(15) = -1 EBADF (Bad file descriptor) [pid 633] close(16) = -1 EBADF (Bad file descriptor) [pid 633] close(17) = -1 EBADF (Bad file descriptor) [pid 633] close(18) = -1 EBADF (Bad file descriptor) [pid 633] close(19) = -1 EBADF (Bad file descriptor) [pid 633] close(20) = -1 EBADF (Bad file descriptor) [pid 633] close(21) = -1 EBADF (Bad file descriptor) [pid 633] close(22) = -1 EBADF (Bad file descriptor) [pid 633] close(23) = -1 EBADF (Bad file descriptor) [pid 633] close(24) = -1 EBADF (Bad file descriptor) [pid 633] close(25) = -1 EBADF (Bad file descriptor) [pid 633] close(26) = -1 EBADF (Bad file descriptor) [pid 633] close(27) = -1 EBADF (Bad file descriptor) [pid 633] close(28) = -1 EBADF (Bad file descriptor) [pid 633] close(29) = -1 EBADF (Bad file descriptor) [pid 633] exit_group(0 [pid 651] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 633] <... exit_group resumed>) = ? [pid 633] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 651] <... write resumed>) = 1048576 [pid 293] <... restart_syscall resumed>) = 0 [pid 293] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 293] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 651] munmap(0x7f12c0537000, 138412032) = 0 [pid 651] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./13/file0") = 0 [pid 294] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./13/binderfs") = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./13") = 0 [pid 294] mkdir("./14", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 653] <... openat resumed>) = 6 [pid 651] <... openat resumed>) = 6 [pid 653] ioctl(6, LOOP_SET_FD, 5 [pid 651] ioctl(6, LOOP_SET_FD, 5 [pid 294] <... openat resumed>) = 3 [pid 294] ioctl(3, LOOP_CLR_FD [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./12/file0") = 0 [pid 292] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./12/binderfs") = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./12") = 0 [pid 292] mkdir("./13", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 653] <... ioctl resumed>) = 0 [pid 653] close(5) = 0 [pid 653] close(6 [pid 651] <... ioctl resumed>) = 0 [pid 293] <... umount2 resumed>) = 0 [pid 653] <... close resumed>) = 0 [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] <... openat resumed>) = 3 [pid 653] mkdir("./file0", 0777 [pid 651] close(5 [pid 294] close(3 [pid 292] ioctl(3, LOOP_CLR_FD [pid 653] <... mkdir resumed>) = 0 [pid 651] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 653] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 651] close(6 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] close(3) = 0 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 16 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 15 ./strace-static-x86_64: Process 657 attached [pid 657] set_robust_list(0x555565cde760, 24 [pid 293] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 657] <... set_robust_list resumed>) = 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 657] chdir("./14" [pid 293] newfstatat(AT_FDCWD, "./12/file0", [pid 657] <... chdir resumed>) = 0 [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 657] setpgid(0, 0 [pid 293] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 657] <... setpgid resumed>) = 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./12/file0") = 0 [pid 293] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./12/binderfs") = 0 [pid 293] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./12") = 0 [pid 293] mkdir("./13", 0777 [pid 657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... mkdir resumed>) = 0 [pid 657] <... openat resumed>) = 3 [pid 657] write(3, "1000", 4 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 657] <... write resumed>) = 4 [pid 657] close(3) = 0 [pid 657] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 657] write(1, "executing program\n", 18) = 18 [pid 657] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 657] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 657] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 657] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 657] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 657] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 657] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 657] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 657] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 ./strace-static-x86_64: Process 658 attached [pid 658] set_robust_list(0x555565cde760, 24) = 0 [pid 658] chdir("./13") = 0 [pid 658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 657] memfd_create("syzkaller", 0 [pid 658] setpgid(0, 0) = 0 [pid 658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 658] write(3, "1000", 4) = 4 [pid 658] close(3) = 0 [pid 658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 658] write(1, "executing program\n", 18executing program ) = 18 [pid 658] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 658] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 658] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 658] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 658] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 658] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 658] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 658] memfd_create("syzkaller", 0) = 5 [pid 658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 657] <... memfd_create resumed>) = 5 [pid 657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 658] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 657] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 651] <... close resumed>) = 0 [pid 651] mkdir("./file0", 0777 [pid 293] <... openat resumed>) = 3 [pid 651] <... mkdir resumed>) = 0 [pid 651] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 15 [pid 657] <... write resumed>) = 1048576 [pid 657] munmap(0x7f12c0537000, 138412032) = 0 [pid 657] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 653] <... mount resumed>) = 0 [pid 657] <... openat resumed>) = 6 [pid 653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 657] ioctl(6, LOOP_SET_FD, 5 [pid 653] <... openat resumed>) = 5 [pid 658] <... write resumed>) = 1048576 [pid 653] chdir("./file0") = 0 [pid 653] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 663 attached [pid 663] set_robust_list(0x555565cde760, 24) = 0 [pid 663] chdir("./13") = 0 [pid 663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 663] setpgid(0, 0) = 0 [pid 663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 663] write(3, "1000", 4) = 4 [pid 663] close(3) = 0 [pid 663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 663] write(1, "executing program\n", 18executing program [pid 657] <... ioctl resumed>) = 0 [pid 653] <... openat resumed>) = 6 [pid 663] <... write resumed>) = 18 [pid 663] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 663] ioctl(3, VHOST_SET_OWNER [pid 658] munmap(0x7f12c0537000, 138412032) = 0 [pid 658] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 653] ioctl(6, LOOP_CLR_FD [pid 657] close(5 [pid 653] <... ioctl resumed>) = 0 [pid 657] <... close resumed>) = 0 [pid 653] close(6 [ 35.747866][ T653] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 657] close(6 [pid 653] <... close resumed>) = 0 [pid 653] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 653] write(6, "#! ./file1\n", 11) = 11 [pid 653] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 657] <... close resumed>) = 0 [pid 657] mkdir("./file0", 0777 [pid 658] <... openat resumed>) = 6 [pid 658] ioctl(6, LOOP_SET_FD, 5 [pid 657] <... mkdir resumed>) = 0 [pid 657] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 663] <... ioctl resumed>, 0) = 0 [pid 663] ioctl(3, VHOST_SET_VRING_ADDR [pid 651] <... mount resumed>) = 0 [pid 663] <... ioctl resumed>, 0x200000000300) = 0 [pid 651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 663] ioctl(3, VHOST_SET_MEM_TABLE [pid 651] <... openat resumed>) = 5 [pid 651] chdir("./file0" [pid 663] <... ioctl resumed>, 0x200000003380) = 0 [pid 651] <... chdir resumed>) = 0 [pid 663] eventfd2(118, EFD_SEMAPHORE [pid 651] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 663] <... eventfd2 resumed>) = 4 [pid 663] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 663] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 663] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 663] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 663] memfd_create("syzkaller", 0) = 5 [pid 663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 663] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 658] <... ioctl resumed>) = 0 [pid 663] munmap(0x7f12c0537000, 138412032) = 0 [pid 663] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 658] close(5) = 0 [pid 658] close(6) = 0 [pid 658] mkdir("./file0", 0777) = 0 [pid 658] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [ 35.812074][ T653] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 35.838856][ T651] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 663] ioctl(6, LOOP_SET_FD, 5 [pid 653] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 653] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 653] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 653] close(3 [pid 663] <... ioctl resumed>) = 0 [pid 651] <... openat resumed>) = 6 [pid 663] close(5 [pid 651] ioctl(6, LOOP_CLR_FD [pid 663] <... close resumed>) = 0 [pid 651] <... ioctl resumed>) = 0 [pid 663] close(6 [pid 651] close(6) = 0 [pid 651] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 651] write(6, "#! ./file1\n", 11) = 11 [pid 651] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 653] <... close resumed>) = 0 [pid 653] close(4) = 0 [pid 653] close(5) = 0 [pid 653] close(6) = 0 [pid 653] close(7) = -1 EBADF (Bad file descriptor) [pid 653] close(8) = -1 EBADF (Bad file descriptor) [pid 653] close(9) = -1 EBADF (Bad file descriptor) [pid 653] close(10) = -1 EBADF (Bad file descriptor) [pid 653] close(11) = -1 EBADF (Bad file descriptor) [pid 653] close(12) = -1 EBADF (Bad file descriptor) [pid 653] close(13) = -1 EBADF (Bad file descriptor) [pid 653] close(14) = -1 EBADF (Bad file descriptor) [pid 653] close(15) = -1 EBADF (Bad file descriptor) [pid 653] close(16) = -1 EBADF (Bad file descriptor) [pid 653] close(17) = -1 EBADF (Bad file descriptor) [pid 653] close(18) = -1 EBADF (Bad file descriptor) [pid 653] close(19) = -1 EBADF (Bad file descriptor) [pid 653] close(20) = -1 EBADF (Bad file descriptor) [pid 653] close(21) = -1 EBADF (Bad file descriptor) [pid 653] close(22) = -1 EBADF (Bad file descriptor) [pid 653] close(23) = -1 EBADF (Bad file descriptor) [pid 653] close(24) = -1 EBADF (Bad file descriptor) [pid 653] close(25) = -1 EBADF (Bad file descriptor) [pid 653] close(26) = -1 EBADF (Bad file descriptor) [pid 653] close(27) = -1 EBADF (Bad file descriptor) [pid 653] close(28) = -1 EBADF (Bad file descriptor) [pid 653] close(29) = -1 EBADF (Bad file descriptor) [pid 653] exit_group(0) = ? [pid 653] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 663] <... close resumed>) = 0 [pid 663] mkdir("./file0", 0777) = 0 [ 35.914878][ T651] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 35.943438][ T658] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 663] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 658] <... mount resumed>) = 0 [pid 658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 658] chdir("./file0") = 0 [pid 658] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 657] <... mount resumed>) = 0 [pid 657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 651] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 657] chdir("./file0") = 0 [pid 657] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 658] <... openat resumed>) = 6 [ 35.961246][ T657] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [pid 658] ioctl(6, LOOP_CLR_FD) = 0 [pid 657] <... openat resumed>) = 6 [pid 651] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 289] <... umount2 resumed>) = 0 [pid 658] close(6 [pid 657] ioctl(6, LOOP_CLR_FD [pid 651] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 289] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 658] <... close resumed>) = 0 [pid 657] <... ioctl resumed>) = 0 [pid 651] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 658] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 657] close(6 [pid 651] close(3 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 657] <... close resumed>) = 0 [pid 289] newfstatat(AT_FDCWD, "./15/file0", [pid 658] <... openat resumed>) = 6 [pid 657] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 658] write(6, "#! ./file1\n", 11 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 658] <... write resumed>) = 11 [pid 657] <... openat resumed>) = 6 [pid 289] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 658] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 657] write(6, "#! ./file1\n", 11 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 658] <... mmap resumed>) = 0x200000000000 [pid 289] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 657] <... write resumed>) = 11 [pid 289] newfstatat(4, "", [pid 657] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 651] <... close resumed>) = 0 [pid 289] close(4 [pid 651] close(4 [pid 289] <... close resumed>) = 0 [pid 651] <... close resumed>) = 0 [pid 289] rmdir("./15/file0" [pid 651] close(5) = 0 [pid 289] <... rmdir resumed>) = 0 [pid 651] close(6 [pid 289] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 651] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 651] close(7 [pid 289] newfstatat(AT_FDCWD, "./15/binderfs", [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 651] close(8 [pid 289] unlink("./15/binderfs" [pid 663] <... mount resumed>) = 0 [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] <... unlink resumed>) = 0 [pid 651] close(9 [pid 289] getdents64(3, [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 657] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 651] close(10 [pid 289] close(3 [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] <... close resumed>) = 0 [pid 651] close(11 [pid 289] rmdir("./15" [pid 657] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] <... openat resumed>) = 5 [pid 657] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 651] close(12 [pid 289] <... rmdir resumed>) = 0 [pid 663] chdir("./file0" [pid 657] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] mkdir("./16", 0777 [pid 651] close(13 [pid 663] <... chdir resumed>) = 0 [pid 657] close(3 [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] <... mkdir resumed>) = 0 [pid 651] close(14 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 651] close(15 [pid 289] <... openat resumed>) = 3 [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] ioctl(3, LOOP_CLR_FD [pid 663] <... openat resumed>) = 6 [pid 651] close(16 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 663] ioctl(6, LOOP_CLR_FD [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] close(3 [pid 651] close(17 [pid 289] <... close resumed>) = 0 [pid 658] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 658] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 658] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 658] close(3 [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 658] <... close resumed>) = 0 [pid 658] close(4) = 0 [pid 658] close(5) = 0 [pid 658] close(6) = 0 [pid 658] close(7) = -1 EBADF (Bad file descriptor) [pid 658] close(8) = -1 EBADF (Bad file descriptor) [pid 658] close(9) = -1 EBADF (Bad file descriptor) [pid 663] <... ioctl resumed>) = 0 [pid 658] close(10 [pid 651] close(18) = -1 EBADF (Bad file descriptor) [pid 663] close(6 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 18 [pid 651] close(19 [pid 663] <... close resumed>) = 0 [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 651] close(20 [pid 663] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 651] close(21) = -1 EBADF (Bad file descriptor) [pid 651] close(22 [pid 658] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] close(11 [pid 651] close(23) = -1 EBADF (Bad file descriptor) [pid 663] <... openat resumed>) = 6 [pid 651] close(24 [pid 658] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] write(6, "#! ./file1\n", 11 [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] close(12 [pid 651] close(25 [pid 658] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] close(13 [pid 651] close(26 [pid 658] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] close(14 [pid 651] close(27 [pid 658] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] <... write resumed>) = 11 [pid 651] close(28 [pid 658] close(15 [pid 663] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 658] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 651] close(29 [pid 663] <... mmap resumed>) = 0x200000000000 [ 36.010900][ T658] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 36.027437][ T657] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 36.048901][ T663] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [pid 658] close(16) = -1 EBADF (Bad file descriptor) [pid 658] close(17) = -1 EBADF (Bad file descriptor) [pid 658] close(18) = -1 EBADF (Bad file descriptor) [pid 658] close(19) = -1 EBADF (Bad file descriptor) [pid 658] close(20) = -1 EBADF (Bad file descriptor) [pid 658] close(21) = -1 EBADF (Bad file descriptor) [pid 658] close(22) = -1 EBADF (Bad file descriptor) [pid 658] close(23) = -1 EBADF (Bad file descriptor) [pid 658] close(24) = -1 EBADF (Bad file descriptor) [pid 658] close(25) = -1 EBADF (Bad file descriptor) [pid 658] close(26) = -1 EBADF (Bad file descriptor) [pid 658] close(27) = -1 EBADF (Bad file descriptor) [pid 658] close(28) = -1 EBADF (Bad file descriptor) [pid 658] close(29) = -1 EBADF (Bad file descriptor) [pid 658] exit_group(0) = ? [pid 658] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 651] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 292] <... restart_syscall resumed>) = 0 [pid 651] exit_group(0) = ? [pid 292] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", [pid 651] +++ exited with 0 +++ [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 657] <... close resumed>) = 0 [pid 292] getdents64(3, [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 657] close(4 [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 663] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 657] <... close resumed>) = 0 [pid 292] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 663] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 657] close(5 [pid 663] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 657] <... close resumed>) = 0 [pid 663] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 657] close(6 [pid 663] close(3 [pid 657] <... close resumed>) = 0 [pid 657] close(7 [pid 663] <... close resumed>) = 0 [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(4 [pid 657] close(8 [pid 663] <... close resumed>) = 0 [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(5 [pid 657] close(9 [pid 663] <... close resumed>) = 0 [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(6 [pid 657] close(10 [pid 663] <... close resumed>) = 0 [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(7 [pid 657] close(11 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(8 [pid 657] close(12 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(9 [pid 657] close(13 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(10 [pid 657] close(14./strace-static-x86_64: Process 676 attached [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(11 [pid 657] close(15 [pid 676] set_robust_list(0x555565cde760, 24 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(12 [pid 657] close(16 [pid 676] <... set_robust_list resumed>) = 0 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(13 [pid 657] close(17 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(14 [pid 657] close(18 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(15 [pid 657] close(19 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(16 [pid 657] close(20 [pid 676] chdir("./16" [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(17 [pid 657] close(21 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(18 [pid 657] close(22 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 676] <... chdir resumed>) = 0 [pid 663] close(19 [pid 657] close(23 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(20 [pid 657] close(24 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(21 [pid 657] close(25 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(22 [pid 657] close(26 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(23 [pid 657] close(27 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(24 [pid 657] close(28 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(25 [pid 657] close(29 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 676] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 663] close(26 [pid 657] exit_group(0 [pid 676] <... prctl resumed>) = 0 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 657] <... exit_group resumed>) = ? [pid 676] setpgid(0, 0 [pid 663] close(27 [pid 657] +++ exited with 0 +++ [pid 288] <... restart_syscall resumed>) = 0 [pid 676] <... setpgid resumed>) = 0 [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 663] close(28 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 663] close(29 [pid 288] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 663] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 663] exit_group(0 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 676] <... openat resumed>) = 3 [pid 663] <... exit_group resumed>) = ? [pid 288] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 676] write(3, "1000", 4 [pid 663] +++ exited with 0 +++ [pid 294] <... openat resumed>) = 3 [pid 288] <... openat resumed>) = 3 [pid 294] newfstatat(3, "", [pid 676] <... write resumed>) = 4 [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 288] newfstatat(3, "", [pid 676] close(3 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 676] <... close resumed>) = 0 [pid 294] getdents64(3, [pid 676] symlink("/dev/binderfs", "./binderfs" [pid 288] getdents64(3, [pid 294] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 294] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 676] <... symlink resumed>) = 0 [pid 676] write(1, "executing program\n", 18) = 18 [pid 676] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 676] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 676] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 676] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 676] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 676] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 676] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 676] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 676] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 676] memfd_create("syzkaller", 0) = 5 [pid 676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 676] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... restart_syscall resumed>) = 0 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./13/file0", [pid 293] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... openat resumed>) = 3 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(3, "", [pid 292] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, [pid 292] <... openat resumed>) = 4 [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] newfstatat(4, "", [pid 293] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./13/file0") = 0 [pid 292] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 676] <... write resumed>) = 1048576 [pid 292] newfstatat(AT_FDCWD, "./13/binderfs", [pid 676] munmap(0x7f12c0537000, 138412032 [pid 292] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./13/binderfs") = 0 [pid 292] getdents64(3, [pid 676] <... munmap resumed>) = 0 [pid 292] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./13") = 0 [pid 292] mkdir("./14", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 36.079628][ T667] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm vhost-663: bg 0: block 234: padding at end of block bitmap is not set [pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] <... umount2 resumed>) = 0 [pid 293] <... umount2 resumed>) = 0 [pid 292] <... openat resumed>) = 3 [pid 288] <... umount2 resumed>) = 0 [pid 676] ioctl(6, LOOP_SET_FD, 5 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3 [pid 288] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, [pid 676] <... ioctl resumed>) = 0 [pid 292] <... close resumed>) = 0 [pid 676] close(5 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 676] <... close resumed>) = 0 [pid 676] close(6 [pid 292] <... clone resumed>, child_tidptr=0x555565cde750) = 16 [pid 676] <... close resumed>) = 0 [pid 676] mkdir("./file0", 0777) = 0 [pid 676] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 288] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] getdents64(4, [pid 294] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] newfstatat(AT_FDCWD, "./13/file0", [pid 288] close(4 [pid 294] newfstatat(AT_FDCWD, "./14/file0", [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... close resumed>) = 0 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] rmdir("./15/file0" [pid 294] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... rmdir resumed>) = 0 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 293] <... openat resumed>) = 4 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... openat resumed>) = 4 [pid 293] newfstatat(4, "", [pid 288] newfstatat(AT_FDCWD, "./15/binderfs", [pid 294] newfstatat(4, "", [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, [pid 288] unlink("./15/binderfs" [pid 294] getdents64(4, [pid 293] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] <... unlink resumed>) = 0 [pid 294] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, [pid 288] getdents64(3, [pid 294] getdents64(4, [pid 293] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 294] <... getdents64 resumed>0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 293] close(4 [pid 288] close(3 [pid 294] close(4 [pid 293] <... close resumed>) = 0 [pid 288] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 293] rmdir("./13/file0" [pid 288] rmdir("./15" [pid 294] rmdir("./14/file0" [pid 293] <... rmdir resumed>) = 0 [pid 288] <... rmdir resumed>) = 0 [pid 294] <... rmdir resumed>) = 0 [pid 293] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] mkdir("./16", 0777 [pid 294] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 288] <... mkdir resumed>) = 0 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./13/binderfs", [pid 288] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 294] newfstatat(AT_FDCWD, "./14/binderfs", [pid 293] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] <... openat resumed>) = 3 [pid 294] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./13/binderfs" [pid 288] ioctl(3, LOOP_CLR_FD [pid 294] unlink("./14/binderfs" [pid 293] <... unlink resumed>) = 0 [pid 288] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 294] <... unlink resumed>) = 0 [pid 293] getdents64(3, [pid 288] close(3 [pid 294] getdents64(3, [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] <... close resumed>) = 0 [pid 294] <... getdents64 resumed>0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 293] close(3 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] close(3 [pid 293] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 293] rmdir("./13" [pid 294] rmdir("./14" [pid 293] <... rmdir resumed>) = 0 [pid 294] <... rmdir resumed>) = 0 [pid 293] mkdir("./14", 0777 [pid 294] mkdir("./15", 0777 [pid 293] <... mkdir resumed>) = 0 [pid 288] <... clone resumed>, child_tidptr=0x555565cde750) = 18 [pid 294] <... mkdir resumed>) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 293] <... openat resumed>) = 3 [pid 294] <... openat resumed>) = 3 [pid 293] ioctl(3, LOOP_CLR_FD [pid 294] ioctl(3, LOOP_CLR_FD [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 293] close(3 [pid 294] close(3 [pid 293] <... close resumed>) = 0 ./strace-static-x86_64: Process 681 attached [pid 294] <... close resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... clone resumed>, child_tidptr=0x555565cde750) = 16 [pid 294] <... clone resumed>, child_tidptr=0x555565cde750) = 17 ./strace-static-x86_64: Process 679 attached [pid 679] set_robust_list(0x555565cde760, 24./strace-static-x86_64: Process 683 attached ./strace-static-x86_64: Process 684 attached ) = 0 [pid 684] set_robust_list(0x555565cde760, 24 [pid 683] set_robust_list(0x555565cde760, 24 [pid 679] chdir("./14" [pid 684] <... set_robust_list resumed>) = 0 [pid 683] <... set_robust_list resumed>) = 0 [pid 684] chdir("./15" [pid 683] chdir("./14" [pid 679] <... chdir resumed>) = 0 [pid 679] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 684] <... chdir resumed>) = 0 [pid 683] <... chdir resumed>) = 0 [pid 684] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 679] <... prctl resumed>) = 0 [pid 679] setpgid(0, 0 [pid 683] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 684] <... prctl resumed>) = 0 [pid 684] setpgid(0, 0 [pid 679] <... setpgid resumed>) = 0 [pid 683] <... prctl resumed>) = 0 [pid 683] setpgid(0, 0 [pid 679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 684] <... setpgid resumed>) = 0 [pid 684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 683] <... setpgid resumed>) = 0 [pid 683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 684] <... openat resumed>) = 3 [pid 683] <... openat resumed>) = 3 [pid 679] <... openat resumed>) = 3 [pid 683] write(3, "1000", 4 [pid 679] write(3, "1000", 4 [pid 683] <... write resumed>) = 4 [pid 679] <... write resumed>) = 4 [pid 684] write(3, "1000", 4 [pid 683] close(3 [pid 679] close(3 [pid 684] <... write resumed>) = 4 [pid 683] <... close resumed>) = 0 [pid 679] <... close resumed>) = 0 [pid 684] close(3 [pid 683] symlink("/dev/binderfs", "./binderfs" [pid 679] symlink("/dev/binderfs", "./binderfs" [pid 684] <... close resumed>) = 0 [pid 683] <... symlink resumed>) = 0 [pid 679] <... symlink resumed>) = 0 executing program executing program [pid 684] symlink("/dev/binderfs", "./binderfs" [pid 683] write(1, "executing program\n", 18 [pid 679] write(1, "executing program\n", 18 [pid 684] <... symlink resumed>) = 0 [pid 683] <... write resumed>) = 18 [pid 681] set_robust_list(0x555565cde760, 24 [pid 679] <... write resumed>) = 18 [pid 676] <... mount resumed>) = 0 [pid 681] <... set_robust_list resumed>) = 0 executing program [pid 684] write(1, "executing program\n", 18 [pid 683] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 681] chdir("./16" [pid 679] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 684] <... write resumed>) = 18 [pid 683] <... openat resumed>) = 3 [pid 681] <... chdir resumed>) = 0 [pid 679] <... openat resumed>) = 3 [pid 676] <... openat resumed>) = 5 [pid 681] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 676] chdir("./file0" [pid 681] <... prctl resumed>) = 0 [pid 684] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 683] ioctl(3, VHOST_SET_OWNER [pid 681] setpgid(0, 0 [pid 679] ioctl(3, VHOST_SET_OWNER [pid 676] <... chdir resumed>) = 0 [pid 684] <... openat resumed>) = 3 [pid 681] <... setpgid resumed>) = 0 [pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 684] ioctl(3, VHOST_SET_OWNER [pid 681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 676] <... openat resumed>) = 6 [pid 681] <... openat resumed>) = 3 [pid 676] ioctl(6, LOOP_CLR_FD [pid 681] write(3, "1000", 4 [pid 676] <... ioctl resumed>) = 0 [pid 681] <... write resumed>) = 4 [pid 676] close(6 [pid 681] close(3 [pid 676] <... close resumed>) = 0 [pid 681] <... close resumed>) = 0 [pid 676] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 681] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 681] write(1, "executing program\n", 18 [pid 683] <... ioctl resumed>, 0) = 0 [pid 681] <... write resumed>) = 18 [pid 679] <... ioctl resumed>, 0) = 0 [pid 676] <... openat resumed>) = 6 [pid 684] <... ioctl resumed>, 0) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_ADDR [pid 681] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 679] ioctl(3, VHOST_SET_VRING_ADDR [pid 676] write(6, "#! ./file1\n", 11 [pid 684] ioctl(3, VHOST_SET_VRING_ADDR [pid 683] <... ioctl resumed>, 0x200000000300) = 0 [pid 679] <... ioctl resumed>, 0x200000000300) = 0 [pid 684] <... ioctl resumed>, 0x200000000300) = 0 [pid 683] ioctl(3, VHOST_SET_MEM_TABLE [pid 681] <... openat resumed>) = 3 [pid 679] ioctl(3, VHOST_SET_MEM_TABLE [pid 676] <... write resumed>) = 11 [pid 684] ioctl(3, VHOST_SET_MEM_TABLE [pid 683] <... ioctl resumed>, 0x200000003380) = 0 [pid 681] ioctl(3, VHOST_SET_OWNER [pid 679] <... ioctl resumed>, 0x200000003380) = 0 [pid 683] eventfd2(118, EFD_SEMAPHORE [pid 679] eventfd2(118, EFD_SEMAPHORE [pid 676] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 683] <... eventfd2 resumed>) = 4 [pid 679] <... eventfd2 resumed>) = 4 [pid 684] <... ioctl resumed>, 0x200000003380) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_ERR [pid 679] ioctl(3, VHOST_SET_VRING_ERR [pid 676] <... mmap resumed>) = 0x200000000000 [pid 684] eventfd2(118, EFD_SEMAPHORE [pid 683] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 679] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 684] <... eventfd2 resumed>) = 4 [pid 683] ioctl(3, VHOST_SET_VRING_ADDR [pid 679] ioctl(3, VHOST_SET_VRING_ADDR [pid 684] ioctl(3, VHOST_SET_VRING_ERR [pid 683] <... ioctl resumed>, 0x200000000240) = 0 [pid 679] <... ioctl resumed>, 0x200000000240) = 0 [pid 684] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_KICK [pid 679] ioctl(3, VHOST_SET_VRING_KICK [pid 684] ioctl(3, VHOST_SET_VRING_ADDR [pid 683] <... ioctl resumed>, 0x200000000000) = 0 [pid 679] <... ioctl resumed>, 0x200000000000) = 0 [pid 684] <... ioctl resumed>, 0x200000000240) = 0 [pid 683] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 679] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 684] ioctl(3, VHOST_SET_VRING_KICK [pid 683] <... ioctl resumed>, 0x200000000140) = 0 [pid 679] <... ioctl resumed>, 0x200000000140) = 0 [pid 684] <... ioctl resumed>, 0x200000000000) = 0 [pid 683] memfd_create("syzkaller", 0 [pid 679] memfd_create("syzkaller", 0 [pid 684] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 683] <... memfd_create resumed>) = 5 [pid 679] <... memfd_create resumed>) = 5 [pid 684] <... ioctl resumed>, 0x200000000140) = 0 [pid 683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 684] memfd_create("syzkaller", 0 [pid 683] <... mmap resumed>) = 0x7f12c0537000 [pid 679] <... mmap resumed>) = 0x7f12c0537000 [pid 684] <... memfd_create resumed>) = 5 [pid 683] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 679] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 683] <... write resumed>) = 1048576 [pid 684] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 681] <... ioctl resumed>, 0) = 0 [pid 679] <... write resumed>) = 1048576 [pid 681] ioctl(3, VHOST_SET_VRING_ADDR [pid 676] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 681] <... ioctl resumed>, 0x200000000300) = 0 [pid 681] ioctl(3, VHOST_SET_MEM_TABLE [pid 676] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 676] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 676] close(3 [pid 679] munmap(0x7f12c0537000, 138412032 [pid 681] <... ioctl resumed>, 0x200000003380) = 0 [pid 679] <... munmap resumed>) = 0 [pid 681] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 679] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 681] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 679] <... openat resumed>) = 6 [pid 681] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 681] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 681] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 681] memfd_create("syzkaller", 0) = 5 [pid 681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 681] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 683] munmap(0x7f12c0537000, 138412032 [ 36.304515][ T676] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 36.326247][ T676] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 679] ioctl(6, LOOP_SET_FD, 5 [pid 676] <... close resumed>) = 0 [pid 684] <... write resumed>) = 1048576 [pid 676] close(4) = 0 [pid 676] close(5) = 0 [pid 676] close(6) = 0 [pid 676] close(7) = -1 EBADF (Bad file descriptor) [pid 676] close(8) = -1 EBADF (Bad file descriptor) [pid 676] close(9) = -1 EBADF (Bad file descriptor) [pid 676] close(10) = -1 EBADF (Bad file descriptor) [pid 676] close(11) = -1 EBADF (Bad file descriptor) [pid 681] <... write resumed>) = 1048576 [pid 676] close(12 [pid 681] munmap(0x7f12c0537000, 138412032 [pid 676] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 684] munmap(0x7f12c0537000, 138412032 [pid 681] <... munmap resumed>) = 0 [pid 676] close(13 [pid 684] <... munmap resumed>) = 0 [pid 681] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 676] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 684] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 676] close(14) = -1 EBADF (Bad file descriptor) [pid 676] close(15) = -1 EBADF (Bad file descriptor) [pid 676] close(16) = -1 EBADF (Bad file descriptor) [pid 676] close(17) = -1 EBADF (Bad file descriptor) [pid 676] close(18) = -1 EBADF (Bad file descriptor) [pid 676] close(19) = -1 EBADF (Bad file descriptor) [pid 676] close(20) = -1 EBADF (Bad file descriptor) [pid 676] close(21) = -1 EBADF (Bad file descriptor) [pid 676] close(22) = -1 EBADF (Bad file descriptor) [pid 676] close(23) = -1 EBADF (Bad file descriptor) [pid 676] close(24) = -1 EBADF (Bad file descriptor) [pid 676] close(25) = -1 EBADF (Bad file descriptor) [pid 676] close(26) = -1 EBADF (Bad file descriptor) [pid 676] close(27) = -1 EBADF (Bad file descriptor) [pid 676] close(28) = -1 EBADF (Bad file descriptor) [pid 676] close(29) = -1 EBADF (Bad file descriptor) [pid 676] exit_group(0) = ? [pid 676] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 679] <... ioctl resumed>) = 0 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 679] close(5) = 0 [pid 289] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 684] <... openat resumed>) = 6 [pid 681] <... openat resumed>) = 6 [pid 679] close(6 [pid 289] <... openat resumed>) = 3 [pid 684] ioctl(6, LOOP_SET_FD, 5 [pid 681] ioctl(6, LOOP_SET_FD, 5 [pid 679] <... close resumed>) = 0 [pid 289] newfstatat(3, "", [pid 679] mkdir("./file0", 0777 [pid 289] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 679] <... mkdir resumed>) = 0 [pid 289] getdents64(3, [pid 679] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 289] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 289] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 683] <... munmap resumed>) = 0 [pid 683] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 684] <... ioctl resumed>) = 0 [pid 684] close(5) = 0 [pid 684] close(6 [pid 681] <... ioctl resumed>) = 0 [pid 681] close(5) = 0 [pid 681] close(6 [pid 683] <... openat resumed>) = 6 [pid 684] <... close resumed>) = 0 [pid 684] mkdir("./file0", 0777 [pid 683] ioctl(6, LOOP_SET_FD, 5 [pid 684] <... mkdir resumed>) = 0 [pid 684] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 679] <... mount resumed>) = 0 [pid 679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 679] chdir("./file0") = 0 [ 36.447893][ T679] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [pid 679] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 681] <... close resumed>) = 0 [pid 289] <... umount2 resumed>) = 0 [pid 681] mkdir("./file0", 0777) = 0 [pid 681] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 289] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./16/file0") = 0 [pid 289] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./16/binderfs") = 0 [pid 289] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./16") = 0 [pid 289] mkdir("./17", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 683] <... ioctl resumed>) = 0 [pid 679] <... openat resumed>) = 6 [pid 679] ioctl(6, LOOP_CLR_FD [pid 289] <... openat resumed>) = 3 [pid 679] <... ioctl resumed>) = 0 [pid 289] ioctl(3, LOOP_CLR_FD [pid 679] close(6 [pid 289] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 683] close(5) = 0 [pid 683] close(6) = 0 [pid 679] <... close resumed>) = 0 [pid 289] close(3 [pid 683] mkdir("./file0", 0777) = 0 [pid 679] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] <... close resumed>) = 0 [pid 683] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 679] <... openat resumed>) = 6 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 679] write(6, "#! ./file1\n", 11) = 11 [pid 289] <... clone resumed>, child_tidptr=0x555565cde750) = 19 [pid 679] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 684] <... mount resumed>) = 0 [pid 684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 684] chdir("./file0") = 0 [pid 684] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 697 attached [pid 697] set_robust_list(0x555565cde760, 24) = 0 [pid 697] chdir("./17") = 0 [pid 697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 697] setpgid(0, 0) = 0 [pid 697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 697] write(3, "1000", 4) = 4 [pid 697] close(3) = 0 [pid 697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 697] write(1, "executing program\n", 18executing program ) = 18 [pid 697] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 697] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 697] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 697] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 697] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 697] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 697] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 697] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 697] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 697] memfd_create("syzkaller", 0) = 5 [pid 697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [ 36.566947][ T684] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 36.569227][ T679] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [pid 697] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 684] <... openat resumed>) = 6 [pid 684] ioctl(6, LOOP_CLR_FD) = 0 [pid 684] close(6) = 0 [pid 684] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 684] write(6, "#! ./file1\n", 11) = 11 [pid 684] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 684] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=EPOLLOUT|EPOLLEXCLUSIVE|EPOLLET, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 679] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 684] close(3 [pid 679] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 679] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}}) = -1 EBADF (Bad file descriptor) [pid 679] close(3) = 0 [pid 679] close(4) = 0 [pid 679] close(5) = 0 [pid 679] close(6) = 0 [pid 679] close(7) = -1 EBADF (Bad file descriptor) [pid 679] close(8) = -1 EBADF (Bad file descriptor) [pid 679] close(9) = -1 EBADF (Bad file descriptor) [pid 679] close(10) = -1 EBADF (Bad file descriptor) [pid 679] close(11) = -1 EBADF (Bad file descriptor) [pid 679] close(12) = -1 EBADF (Bad file descriptor) [pid 679] close(13) = -1 EBADF (Bad file descriptor) [pid 679] close(14) = -1 EBADF (Bad file descriptor) [pid 679] close(15) = -1 EBADF (Bad file descriptor) [pid 679] close(16) = -1 EBADF (Bad file descriptor) [pid 679] close(17) = -1 EBADF (Bad file descriptor) [pid 679] close(18) = -1 EBADF (Bad file descriptor) [pid 679] close(19) = -1 EBADF (Bad file descriptor) [pid 679] close(20) = -1 EBADF (Bad file descriptor) [pid 679] close(21) = -1 EBADF (Bad file descriptor) [pid 679] close(22) = -1 EBADF (Bad file descriptor) [pid 679] close(23) = -1 EBADF (Bad file descriptor) [pid 679] close(24) = -1 EBADF (Bad file descriptor) [pid 679] close(25) = -1 EBADF (Bad file descriptor) [pid 679] close(26) = -1 EBADF (Bad file descriptor) [pid 679] close(27) = -1 EBADF (Bad file descriptor) [pid 679] close(28) = -1 EBADF (Bad file descriptor) [pid 679] close(29) = -1 EBADF (Bad file descriptor) [pid 679] exit_group(0) = ? [pid 679] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 292] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 292] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 697] <... write resumed>) = 1048576 [pid 697] munmap(0x7f12c0537000, 138412032) = 0 [ 36.641470][ T687] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-684: bg 0: block 234: padding at end of block bitmap is not set [ 36.643152][ T681] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [pid 697] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 683] <... mount resumed>) = 0 [pid 684] <... close resumed>) = 0 [pid 684] close(4) = 0 [pid 684] close(5) = 0 [pid 684] close(6) = 0 [pid 684] close(7) = -1 EBADF (Bad file descriptor) [pid 684] close(8) = -1 EBADF (Bad file descriptor) [pid 684] close(9) = -1 EBADF (Bad file descriptor) [pid 684] close(10) = -1 EBADF (Bad file descriptor) [pid 684] close(11) = -1 EBADF (Bad file descriptor) [pid 684] close(12) = -1 EBADF (Bad file descriptor) [pid 684] close(13) = -1 EBADF (Bad file descriptor) [pid 684] close(14) = -1 EBADF (Bad file descriptor) [pid 684] close(15) = -1 EBADF (Bad file descriptor) [pid 684] close(16) = -1 EBADF (Bad file descriptor) [pid 684] close(17) = -1 EBADF (Bad file descriptor) [pid 684] close(18) = -1 EBADF (Bad file descriptor) [pid 684] close(19) = -1 EBADF (Bad file descriptor) [pid 684] close(20) = -1 EBADF (Bad file descriptor) [pid 684] close(21) = -1 EBADF (Bad file descriptor) [pid 684] close(22) = -1 EBADF (Bad file descriptor) [pid 684] close(23) = -1 EBADF (Bad file descriptor) [pid 684] close(24) = -1 EBADF (Bad file descriptor) [pid 684] close(25) = -1 EBADF (Bad file descriptor) [pid 684] close(26) = -1 EBADF (Bad file descriptor) [pid 684] close(27) = -1 EBADF (Bad file descriptor) [pid 684] close(28) = -1 EBADF (Bad file descriptor) [pid 684] close(29) = -1 EBADF (Bad file descriptor) [pid 684] exit_group(0) = ? [pid 684] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 681] <... mount resumed>) = 0 [pid 683] <... openat resumed>) = 5 [pid 681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 683] chdir("./file0" [pid 681] <... openat resumed>) = 5 [pid 683] <... chdir resumed>) = 0 [pid 681] chdir("./file0" [pid 683] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 681] <... chdir resumed>) = 0 [pid 697] <... openat resumed>) = 6 [pid 683] <... openat resumed>) = 6 [pid 681] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 294] <... restart_syscall resumed>) = 0 [pid 292] <... umount2 resumed>) = 0 [pid 681] <... openat resumed>) = 6 [pid 697] ioctl(6, LOOP_SET_FD, 5 [pid 683] ioctl(6, LOOP_CLR_FD [pid 681] ioctl(6, LOOP_CLR_FD) = 0 [pid 681] close(6 [pid 294] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555565cdf7f0 /* 4 entries */, 32768) = 112 [ 36.700491][ T683] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 36.740799][ T7] ------------[ cut here ]------------ [pid 294] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./14/file0") = 0 [pid 292] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./14/binderfs") = 0 [pid 292] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./14") = 0 [pid 292] mkdir("./15", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 697] <... ioctl resumed>) = 0 [pid 683] <... ioctl resumed>) = 0 [pid 681] <... close resumed>) = 0 [pid 683] close(6) = 0 [pid 697] close(5 [pid 683] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 697] <... close resumed>) = 0 [pid 697] close(6 [pid 681] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 292] <... openat resumed>) = 3 [pid 292] ioctl(3, LOOP_CLR_FD [pid 683] <... openat resumed>) = 6 [pid 681] <... openat resumed>) = 6 [pid 681] write(6, "#! ./file1\n", 11 [pid 683] write(6, "#! ./file1\n", 11 [pid 681] <... write resumed>) = 11 [pid 683] <... write resumed>) = 11 [pid 681] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 683] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 681] <... mmap resumed>) = 0x200000000000 [pid 683] <... mmap resumed>) = 0x200000000000 [ 36.748144][ T7] kernel BUG at fs/ext4/inode.c:2778! [ 36.774924][ T683] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 36.785961][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 36.789692][ T681] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set [ 36.795726][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.10.238-syzkaller-00008-g59e9a7228857 #0 [pid 683] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 683] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 681] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 683] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 681] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c4} --- [pid 683] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [pid 681] epoll_ctl(-1, EPOLL_CTL_ADD, 6, {events=0, data={u32=0, u64=0}} [pid 683] close(3 [pid 681] <... epoll_ctl resumed>) = -1 EBADF (Bad file descriptor) [ 36.820786][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.830978][ T7] Workqueue: writeback wb_workfn (flush-7:1) [ 36.837001][ T7] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 36.843053][ T7] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 36.862764][ T7] RSP: 0018:ffffc90000077180 EFLAGS: 00010293 [ 36.869055][ T7] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810024bb40 [ 36.877237][ T7] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 36.885661][ T7] RBP: ffffc900000774f0 R08: dffffc0000000000 R09: ffffed10242b2479 [ 36.893647][ T7] R10: ffffed10242b2479 R11: 1ffff110242b2478 R12: dffffc0000000000 [ 36.901631][ T7] R13: ffff88810aea3000 R14: 0000008000000000 R15: ffff8881215923c0 [ 36.909616][ T7] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 36.918555][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.925144][ T7] CR2: 0000200000000500 CR3: 0000000120d3f000 CR4: 00000000003506b0 [ 36.933123][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.941101][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.949077][ T7] Call Trace: [ 36.952389][ T7] ? __kasan_check_write+0x14/0x20 [ 36.957504][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 36.962318][ T7] ? write_boundary_block+0x140/0x140 [ 36.967715][ T7] ? ext4_readpage+0x220/0x220 [ 36.972582][ T7] ? enqueue_task_fair+0xac3/0x2250 [ 36.977798][ T7] ? __getblk_gfp+0x3b/0x780 [ 36.982498][ T7] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 36.988244][ T7] ? ext4_readpage+0x220/0x220 [ 36.993025][ T7] do_writepages+0x12a/0x270 [ 36.997624][ T7] ? __writepage+0x130/0x130 [ 37.002228][ T7] ? __kasan_check_write+0x14/0x20 [ 37.007497][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 37.012185][ T7] ? __kasan_check_write+0x14/0x20 [ 37.017304][ T7] __writeback_single_inode+0xd5/0xa20 [ 37.022783][ T7] ? wbc_attach_and_unlock_inode+0x385/0x590 [ 37.028778][ T7] writeback_sb_inodes+0x860/0x1400 [ 37.033985][ T7] ? __kasan_check_write+0x14/0x20 [ 37.039107][ T7] ? queue_io+0x4c0/0x4c0 [ 37.043447][ T7] ? __kasan_check_read+0x11/0x20 [ 37.048476][ T7] ? queue_io+0x385/0x4c0 [ 37.053002][ T7] wb_writeback+0x3e3/0xb90 [ 37.057611][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 37.063250][ T7] ? set_worker_desc+0x155/0x1c0 [ 37.068206][ T7] ? __kasan_check_write+0x14/0x20 [ 37.073506][ T7] wb_workfn+0x38f/0xe20 [ 37.077755][ T7] ? inode_wait_for_writeback+0x200/0x200 [ 37.083494][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 37.088699][ T7] ? finish_task_switch+0x12e/0x5a0 [ 37.093992][ T7] ? switch_mm_irqs_off+0x763/0x9a0 [ 37.099521][ T7] ? __switch_to_asm+0x34/0x60 [ 37.104304][ T7] ? __schedule+0xb4f/0x1310 [ 37.108905][ T7] ? __kasan_check_read+0x11/0x20 [ 37.113936][ T7] ? read_word_at_a_time+0x12/0x20 [ 37.119059][ T7] ? strscpy+0x9b/0x290 [pid 681] close(3 [pid 683] <... close resumed>) = 0 [pid 683] close(4) = 0 [pid 683] close(5) = 0 [pid 683] close(6) = 0 [pid 683] close(7) = -1 EBADF (Bad file descriptor) [pid 683] close(8) = -1 EBADF (Bad file descriptor) [pid 683] close(9) = -1 EBADF (Bad file descriptor) [pid 683] close(10) = -1 EBADF (Bad file descriptor) [pid 683] close(11) = -1 EBADF (Bad file descriptor) [pid 683] close(12) = -1 EBADF (Bad file descriptor) [pid 683] close(13) = -1 EBADF (Bad file descriptor) [pid 683] close(14) = -1 EBADF (Bad file descriptor) [pid 683] close(15) = -1 EBADF (Bad file descriptor) [pid 683] close(16) = -1 EBADF (Bad file descriptor) [pid 683] close(17) = -1 EBADF (Bad file descriptor) [pid 683] close(18) = -1 EBADF (Bad file descriptor) [pid 683] close(19) = -1 EBADF (Bad file descriptor) [pid 683] close(20) = -1 EBADF (Bad file descriptor) [pid 683] close(21) = -1 EBADF (Bad file descriptor) [pid 683] close(22) = -1 EBADF (Bad file descriptor) [pid 683] close(23) = -1 EBADF (Bad file descriptor) [pid 683] close(24) = -1 EBADF (Bad file descriptor) [pid 683] close(25) = -1 EBADF (Bad file descriptor) [pid 683] close(26) = -1 EBADF (Bad file descriptor) [pid 683] close(27) = -1 EBADF (Bad file descriptor) [pid 683] close(28) = -1 EBADF (Bad file descriptor) [pid 683] close(29) = -1 EBADF (Bad file descriptor) [pid 683] exit_group(0) = ? [pid 683] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [ 37.123263][ T7] process_one_work+0x6e1/0xba0 [ 37.128126][ T7] worker_thread+0xa6a/0x13b0 [ 37.132815][ T7] kthread+0x346/0x3d0 [ 37.136992][ T7] ? worker_clr_flags+0x190/0x190 [ 37.142019][ T7] ? kthread_blkcg+0xd0/0xd0 [ 37.146617][ T7] ret_from_fork+0x1f/0x30 [ 37.151041][ T7] Modules linked in: [ 37.155437][ T7] ---[ end trace d7238a5b7fd5e529 ]--- [ 37.161305][ T7] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [pid 681] <... close resumed>) = 0 [pid 681] close(4) = 0 [pid 681] close(5) = 0 [pid 681] close(6) = 0 [pid 681] close(7) = -1 EBADF (Bad file descriptor) [pid 681] close(8) = -1 EBADF (Bad file descriptor) [pid 681] close(9) = -1 EBADF (Bad file descriptor) [pid 681] close(10) = -1 EBADF (Bad file descriptor) [pid 681] close(11) = -1 EBADF (Bad file descriptor) [pid 681] close(12) = -1 EBADF (Bad file descriptor) [pid 681] close(13) = -1 EBADF (Bad file descriptor) [pid 681] close(14) = -1 EBADF (Bad file descriptor) [pid 681] close(15) = -1 EBADF (Bad file descriptor) [pid 681] close(16) = -1 EBADF (Bad file descriptor) [pid 681] close(17) = -1 EBADF (Bad file descriptor) [pid 681] close(18) = -1 EBADF (Bad file descriptor) [pid 681] close(19) = -1 EBADF (Bad file descriptor) [pid 681] close(20) = -1 EBADF (Bad file descriptor) [pid 681] close(21) = -1 EBADF (Bad file descriptor) [pid 681] close(22) = -1 EBADF (Bad file descriptor) [pid 681] close(23) = -1 EBADF (Bad file descriptor) [pid 681] close(24) = -1 EBADF (Bad file descriptor) [pid 681] close(25) = -1 EBADF (Bad file descriptor) [pid 681] close(26) = -1 EBADF (Bad file descriptor) [pid 681] close(27) = -1 EBADF (Bad file descriptor) [pid 681] close(28) = -1 EBADF (Bad file descriptor) [pid 681] close(29) = -1 EBADF (Bad file descriptor) [pid 681] exit_group(0) = ? [pid 681] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 288] restart_syscall(<... resuming interrupted clone ...> [pid 697] <... close resumed>) = 0 [pid 697] mkdir("./file0", 0777 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555565cde750) = 17 [pid 697] <... mkdir resumed>) = 0 [pid 288] <... restart_syscall resumed>) = 0 [pid 697] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 293] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 37.167501][ T7] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 37.188409][ T7] RSP: 0018:ffffc90000077180 EFLAGS: 00010293 [ 37.195257][ T7] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810024bb40 [ 37.204056][ T7] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 37.213753][ T7] RBP: ffffc900000774f0 R08: dffffc0000000000 R09: ffffed10242b2479 [pid 293] <... openat resumed>) = 3 [pid 288] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 293] newfstatat(3, "", [pid 288] <... openat resumed>) = 3 [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 288] newfstatat(3, "", [pid 293] getdents64(3, [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 293] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] getdents64(3, [pid 293] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 288] <... getdents64 resumed>0x555565cdf7f0 /* 4 entries */, 32768) = 112 [pid 288] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 704 attached [pid 704] set_robust_list(0x555565cde760, 24) = 0 [pid 704] chdir("./15") = 0 [pid 704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 704] setpgid(0, 0) = 0 [pid 704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 704] write(3, "1000", 4) = 4 [pid 704] close(3) = 0 [pid 704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 704] write(1, "executing program\n", 18executing program ) = 18 [pid 704] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 704] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 704] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 704] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 704] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 704] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 704] memfd_create("syzkaller", 0) = 5 [pid 704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f12c0537000 [pid 704] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 697] <... mount resumed>) = 0 [ 37.222354][ T7] R10: ffffed10242b2479 R11: 1ffff110242b2478 R12: dffffc0000000000 [ 37.230666][ T7] R13: ffff88810aea3000 R14: 0000008000000000 R15: ffff8881215923c0 [ 37.239760][ T7] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 37.249139][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.256439][ T7] CR2: 0000555565cde438 CR3: 0000000120d55000 CR4: 00000000003506b0 [ 37.266425][ T697] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 704] <... write resumed>) = 1048576 [pid 704] munmap(0x7f12c0537000, 138412032) = 0 [pid 704] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 288] <... umount2 resumed>) = 0 [pid 288] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 697] chdir("./file0" [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, [pid 697] <... chdir resumed>) = 0 [pid 697] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 288] <... getdents64 resumed>0x555565ce7830 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555565ce7830 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./16/file0") = 0 [pid 288] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./16/binderfs") = 0 [pid 288] getdents64(3, 0x555565cdf7f0 /* 0 entries */, 32768) = 0 [pid 288] close(3) = 0 [pid 288] rmdir("./16") = 0 [pid 288] mkdir("./17", 0777) = 0 [ 37.276702][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.286551][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.295503][ T7] Kernel panic - not syncing: Fatal exception [ 37.301923][ T7] Kernel Offset: disabled [ 37.306370][ T7] Rebooting in 86400 seconds..