./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3611242581 <...> Warning: Permanently added '10.128.1.91' (ED25519) to the list of known hosts. execve("./syz-executor3611242581", ["./syz-executor3611242581"], 0x7ffec97bbde0 /* 10 vars */) = 0 brk(NULL) = 0x555581138000 brk(0x555581138d00) = 0x555581138d00 arch_prctl(ARCH_SET_FS, 0x555581138380) = 0 set_tid_address(0x555581138650) = 282 set_robust_list(0x555581138660, 24) = 0 rseq(0x555581138ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3611242581", 4096) = 28 getrandom("\xa0\xaa\x75\xf6\xf9\x70\xa3\xf5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555581138d00 brk(0x555581159d00) = 0x555581159d00 brk(0x55558115a000) = 0x55558115a000 mprotect(0x7f9b35ec2000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.LuBchL", 0700) = 0 chmod("./syzkaller.LuBchL", 0777) = 0 chdir("./syzkaller.LuBchL") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 283 ./strace-static-x86_64: Process 283 attached [pid 283] set_robust_list(0x555581138660, 24) = 0 [pid 283] chdir("./0") = 0 [ 25.247296][ T24] audit: type=1400 audit(1750093175.380:64): avc: denied { execmem } for pid=282 comm="syz-executor361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 283] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 283] setpgid(0, 0) = 0 [pid 283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 283] write(3, "1000", 4) = 4 [pid 283] close(3) = 0 [pid 283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 283] write(1, "executing program\n", 18) = 18 [pid 283] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 283] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 283] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 283] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 283] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 283] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 283] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 283] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 283] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 283] memfd_create("syzkaller", 0) = 5 [pid 283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 283] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 283] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 283] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 283] close(5) = 0 [pid 283] close(6) = 0 [pid 283] mkdir("./file0", 0777) = 0 [ 25.272784][ T24] audit: type=1400 audit(1750093175.400:65): avc: denied { read write } for pid=282 comm="syz-executor361" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.299878][ T24] audit: type=1400 audit(1750093175.400:66): avc: denied { open } for pid=282 comm="syz-executor361" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.325231][ T24] audit: type=1400 audit(1750093175.420:67): avc: denied { ioctl } for pid=282 comm="syz-executor361" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.353462][ T24] audit: type=1400 audit(1750093175.420:68): avc: denied { read write } for pid=283 comm="syz-executor361" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 25.379391][ T24] audit: type=1400 audit(1750093175.420:69): avc: denied { open } for pid=283 comm="syz-executor361" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 25.405892][ T24] audit: type=1400 audit(1750093175.420:70): avc: denied { ioctl } for pid=283 comm="syz-executor361" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [pid 283] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 283] chdir("./file0") = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 283] ioctl(6, LOOP_CLR_FD) = 0 [pid 283] close(6) = 0 [pid 283] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 283] write(6, "#! ./file1\n", 11) = 11 [ 25.434339][ T24] audit: type=1400 audit(1750093175.460:71): avc: denied { mounton } for pid=283 comm="syz-executor361" path="/root/syzkaller.LuBchL/0/file0" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.443572][ T283] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 283] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 283] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=283, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 25.481422][ T24] audit: type=1400 audit(1750093175.610:72): avc: denied { mount } for pid=283 comm="syz-executor361" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 25.505353][ T24] audit: type=1400 audit(1750093175.610:73): avc: denied { write } for pid=283 comm="syz-executor361" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.505412][ T285] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-283: bg 0: block 234: padding at end of block bitmap is not set umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 289 ./strace-static-x86_64: Process 289 attached [pid 289] set_robust_list(0x555581138660, 24) = 0 [pid 289] chdir("./1") = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] setpgid(0, 0) = 0 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "1000", 4) = 4 [pid 289] close(3) = 0 [pid 289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 289] write(1, "executing program\n", 18executing program ) = 18 [pid 289] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 289] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 289] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 289] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 289] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 289] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 289] memfd_create("syzkaller", 0) = 5 [pid 289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 289] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 289] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 289] close(5) = 0 [pid 289] close(6) = 0 [pid 289] mkdir("./file0", 0777) = 0 [pid 289] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 289] chdir("./file0") = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_CLR_FD) = 0 [pid 289] close(6) = 0 [pid 289] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 289] write(6, "#! ./file1\n", 11) = 11 [pid 289] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 289] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=289, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 25.683593][ T289] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.715398][ T290] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-289: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 294 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x555581138660, 24) = 0 [pid 294] chdir("./2") = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setpgid(0, 0) = 0 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "1000", 4) = 4 [pid 294] close(3) = 0 [pid 294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 294] write(1, "executing program\n", 18executing program ) = 18 [pid 294] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 294] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 294] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 294] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 294] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 294] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 294] memfd_create("syzkaller", 0) = 5 [pid 294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 294] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 294] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 294] close(5) = 0 [pid 294] close(6) = 0 [pid 294] mkdir("./file0", 0777) = 0 [pid 294] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 294] chdir("./file0") = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_CLR_FD) = 0 [pid 294] close(6) = 0 [pid 294] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 294] write(6, "#! ./file1\n", 11) = 11 [pid 294] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 294] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=294, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 25.878099][ T294] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.903076][ T294] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor361: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555581138650) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555581138660, 24) = 0 [pid 299] chdir("./3") = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] write(1, "executing program\n", 18) = 18 [pid 299] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 299] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 299] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 299] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 299] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 299] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 299] memfd_create("syzkaller", 0) = 5 [pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 299] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 299] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 299] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 299] close(5) = 0 [pid 299] close(6) = 0 [pid 299] mkdir("./file0", 0777) = 0 [pid 299] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 299] chdir("./file0") = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 299] ioctl(6, LOOP_CLR_FD) = 0 [pid 299] close(6) = 0 [pid 299] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 299] write(6, "#! ./file1\n", 11) = 11 [pid 299] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 299] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=299, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 26.025683][ T299] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.057384][ T300] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-299: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555581138660, 24) = 0 [pid 304] chdir("./4") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] write(1, "executing program\n", 18) = 18 [pid 304] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 304] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 304] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 304] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 304] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 304] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 304] memfd_create("syzkaller", 0) = 5 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 304] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 304] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 304] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 304] close(5) = 0 [pid 304] close(6) = 0 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 304] chdir("./file0") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 304] ioctl(6, LOOP_CLR_FD) = 0 [pid 304] close(6) = 0 [pid 304] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 304] write(6, "#! ./file1\n", 11) = 11 [pid 304] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 304] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 26.218660][ T304] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.243474][ T304] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor361: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555581138660, 24) = 0 [pid 309] chdir("./5") = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 [pid 309] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 309] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 309] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 309] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 309] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 309] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 309] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 309] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 309] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 309] memfd_create("syzkaller", 0) = 5 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 309] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 309] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 309] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 309] close(5) = 0 [pid 309] close(6) = 0 [pid 309] mkdir("./file0", 0777) = 0 [pid 309] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 309] chdir("./file0") = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 309] ioctl(6, LOOP_CLR_FD) = 0 [pid 309] close(6) = 0 [pid 309] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 309] write(6, "#! ./file1\n", 11) = 11 [pid 309] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.355820][ T309] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 309] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 309] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=309, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 26.399610][ T310] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-309: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 314 ./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x555581138660, 24) = 0 [pid 314] chdir("./6") = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 314] write(1, "executing program\n", 18executing program ) = 18 [pid 314] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 314] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 314] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 314] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 314] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 314] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 314] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 314] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 314] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 314] memfd_create("syzkaller", 0) = 5 [pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 314] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 314] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 314] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 314] close(5) = 0 [pid 314] close(6) = 0 [pid 314] mkdir("./file0", 0777) = 0 [pid 314] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 314] chdir("./file0") = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 314] ioctl(6, LOOP_CLR_FD) = 0 [pid 314] close(6) = 0 [pid 314] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 314] write(6, "#! ./file1\n", 11) = 11 [pid 314] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 314] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 314] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=314, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 26.578559][ T314] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.609276][ T315] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-314: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555581138660, 24) = 0 [pid 319] chdir("./7") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] write(1, "executing program\n", 18executing program ) = 18 [pid 319] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 319] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 319] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 319] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 319] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 319] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 319] memfd_create("syzkaller", 0) = 5 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 319] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 319] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 319] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 319] close(5) = 0 [pid 319] close(6) = 0 [pid 319] mkdir("./file0", 0777) = 0 [pid 319] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 319] chdir("./file0") = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 319] ioctl(6, LOOP_CLR_FD) = 0 [pid 319] close(6) = 0 [pid 319] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 319] write(6, "#! ./file1\n", 11) = 11 [pid 319] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 319] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 319] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=319, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555581138660, 24) = 0 [pid 324] chdir("./8") = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 324] write(1, "executing program\n", 18executing program ) = 18 [pid 324] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 324] ioctl(3, VHOST_SET_OWNER, 0) = 0 [ 26.798319][ T319] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.820579][ T319] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor361: bg 0: block 234: padding at end of block bitmap is not set [pid 324] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 324] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 324] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 324] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 324] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 324] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 324] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 324] memfd_create("syzkaller", 0) = 5 [pid 324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 324] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 324] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 324] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 324] close(5) = 0 [pid 324] close(6) = 0 [pid 324] mkdir("./file0", 0777) = 0 [pid 324] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 324] chdir("./file0") = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 324] ioctl(6, LOOP_CLR_FD) = 0 [pid 324] close(6) = 0 [pid 324] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 324] write(6, "#! ./file1\n", 11) = 11 [pid 324] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.933633][ T324] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 324] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 324] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=324, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 26.979432][ T325] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-324: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 329 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x555581138660, 24) = 0 [pid 329] chdir("./9") = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 329] write(1, "executing program\n", 18executing program ) = 18 [pid 329] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 329] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 329] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 329] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 329] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 329] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 329] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 329] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 329] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 329] memfd_create("syzkaller", 0) = 5 [pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 329] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 329] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 329] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 329] close(5) = 0 [pid 329] close(6) = 0 [pid 329] mkdir("./file0", 0777) = 0 [pid 329] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 329] chdir("./file0") = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 329] ioctl(6, LOOP_CLR_FD) = 0 [pid 329] close(6) = 0 [pid 329] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 329] write(6, "#! ./file1\n", 11) = 11 [pid 329] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 329] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 329] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=329, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 27.109332][ T329] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.140741][ T330] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-329: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555581138660, 24) = 0 [pid 334] chdir("./10") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 334] write(1, "executing program\n", 18) = 18 [pid 334] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 334] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 334] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 334] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 334] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 334] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 334] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 334] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 334] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 334] memfd_create("syzkaller", 0) = 5 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 334] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 334] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 334] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 334] close(5) = 0 [pid 334] close(6) = 0 [pid 334] mkdir("./file0", 0777) = 0 [pid 334] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 334] chdir("./file0") = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 334] ioctl(6, LOOP_CLR_FD) = 0 [pid 334] close(6) = 0 [pid 334] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 334] write(6, "#! ./file1\n", 11) = 11 [pid 334] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 334] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 334] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=334, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 27.268820][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.301345][ T335] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-334: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555581138660, 24) = 0 [pid 339] chdir("./11") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18executing program ) = 18 [pid 339] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 339] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 339] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 339] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 339] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 339] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 339] memfd_create("syzkaller", 0) = 5 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 339] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 339] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 339] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 339] close(5) = 0 [pid 339] close(6) = 0 [pid 339] mkdir("./file0", 0777) = 0 [pid 339] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 339] chdir("./file0") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 339] ioctl(6, LOOP_CLR_FD) = 0 [pid 339] close(6) = 0 [pid 339] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 339] write(6, "#! ./file1\n", 11) = 11 [pid 339] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 339] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 339] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=339, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 27.468714][ T339] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.500011][ T340] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-339: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 344 attached , child_tidptr=0x555581138650) = 344 [pid 344] set_robust_list(0x555581138660, 24) = 0 [pid 344] chdir("./12") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] write(1, "executing program\n", 18executing program ) = 18 [pid 344] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 344] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 344] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 344] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 344] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 344] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 344] memfd_create("syzkaller", 0) = 5 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 344] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 344] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 344] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 344] close(5) = 0 [pid 344] close(6) = 0 [pid 344] mkdir("./file0", 0777) = 0 [pid 344] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 344] chdir("./file0") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 344] ioctl(6, LOOP_CLR_FD) = 0 [pid 344] close(6) = 0 [pid 344] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 344] write(6, "#! ./file1\n", 11) = 11 [pid 344] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 344] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=344, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 27.668672][ T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.699930][ T345] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-344: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x555581138660, 24) = 0 [pid 349] chdir("./13") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(1, "executing program\n", 18executing program ) = 18 [pid 349] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 349] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 349] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 349] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 349] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 349] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 349] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 349] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 349] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 349] memfd_create("syzkaller", 0) = 5 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 349] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 349] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 349] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 349] close(5) = 0 [pid 349] close(6) = 0 [pid 349] mkdir("./file0", 0777) = 0 [pid 349] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 349] chdir("./file0") = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 349] ioctl(6, LOOP_CLR_FD) = 0 [pid 349] close(6) = 0 [pid 349] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 349] write(6, "#! ./file1\n", 11) = 11 [pid 349] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 349] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=349, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 27.982507][ T349] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.012825][ T350] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-349: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 354 ./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x555581138660, 24) = 0 [pid 354] chdir("./14") = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] write(1, "executing program\n", 18executing program ) = 18 [pid 354] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 354] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 354] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 354] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 354] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 354] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 354] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 354] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 354] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 354] memfd_create("syzkaller", 0) = 5 [pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 354] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 354] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 354] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 354] close(5) = 0 [pid 354] close(6) = 0 [pid 354] mkdir("./file0", 0777) = 0 [pid 354] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 354] chdir("./file0") = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 354] ioctl(6, LOOP_CLR_FD) = 0 [pid 354] close(6) = 0 [pid 354] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 354] write(6, "#! ./file1\n", 11) = 11 [pid 354] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 354] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=354, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 28.158627][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.190284][ T355] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-354: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x555581138660, 24) = 0 [pid 359] chdir("./15") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] write(1, "executing program\n", 18executing program ) = 18 [pid 359] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 359] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 359] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 359] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 359] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 359] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 359] memfd_create("syzkaller", 0) = 5 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 359] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 359] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 359] close(5) = 0 [pid 359] close(6) = 0 [pid 359] mkdir("./file0", 0777) = 0 [pid 359] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 359] chdir("./file0") = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_CLR_FD) = 0 [pid 359] close(6) = 0 [pid 359] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 359] write(6, "#! ./file1\n", 11) = 11 [pid 359] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 359] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=359, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [ 28.329315][ T359] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 28.368923][ T360] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-359: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 364 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x555581138660, 24) = 0 [pid 364] chdir("./16") = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 364] write(1, "executing program\n", 18executing program ) = 18 [pid 364] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 364] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 364] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 364] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 364] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 364] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 364] memfd_create("syzkaller", 0) = 5 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 364] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 364] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 364] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 364] close(5) = 0 [pid 364] close(6) = 0 [pid 364] mkdir("./file0", 0777) = 0 [pid 364] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 364] chdir("./file0") = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 364] ioctl(6, LOOP_CLR_FD) = 0 [pid 364] close(6) = 0 [pid 364] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 364] write(6, "#! ./file1\n", 11) = 11 [pid 364] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 364] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 364] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=364, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 28.548748][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.581718][ T365] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-364: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 369 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555581138660, 24) = 0 [pid 369] chdir("./17") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 369] write(1, "executing program\n", 18) = 18 [pid 369] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 369] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 369] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 369] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 369] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 369] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 369] memfd_create("syzkaller", 0) = 5 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 369] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 369] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 369] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 369] close(5) = 0 [pid 369] close(6) = 0 [pid 369] mkdir("./file0", 0777) = 0 [pid 369] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 369] chdir("./file0") = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 369] ioctl(6, LOOP_CLR_FD) = 0 [pid 369] close(6) = 0 [pid 369] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 369] write(6, "#! ./file1\n", 11) = 11 [pid 369] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 369] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 369] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=369, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 28.689090][ T369] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.718982][ T369] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor361: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 374 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x555581138660, 24) = 0 [pid 374] chdir("./18") = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 374] write(1, "executing program\n", 18) = 18 [pid 374] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 374] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 374] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 374] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 374] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 374] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 374] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 374] memfd_create("syzkaller", 0) = 5 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 374] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 374] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 374] close(5) = 0 [pid 374] close(6) = 0 [pid 374] mkdir("./file0", 0777) = 0 [pid 374] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 374] chdir("./file0") = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_CLR_FD) = 0 [pid 374] close(6) = 0 [pid 374] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 374] write(6, "#! ./file1\n", 11) = 11 [pid 374] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 374] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 374] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=374, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 28.859396][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.885635][ T374] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor361: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x555581138660, 24) = 0 [pid 379] chdir("./19") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18executing program ) = 18 [pid 379] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 379] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 379] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 379] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 379] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 379] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 379] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 379] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 379] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 379] memfd_create("syzkaller", 0) = 5 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 379] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 379] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 379] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 379] close(5) = 0 [pid 379] close(6) = 0 [pid 379] mkdir("./file0", 0777) = 0 [pid 379] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 379] chdir("./file0") = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 379] ioctl(6, LOOP_CLR_FD) = 0 [pid 379] close(6) = 0 [pid 379] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 379] write(6, "#! ./file1\n", 11) = 11 [pid 379] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 379] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 379] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=379, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 28.998582][ T379] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.030564][ T380] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-379: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555581138650) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x555581138660, 24) = 0 [pid 384] chdir("./20") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 384] write(1, "executing program\n", 18) = 18 [pid 384] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 384] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 384] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 384] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 384] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 384] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 384] memfd_create("syzkaller", 0) = 5 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 384] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 384] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 384] close(5) = 0 [pid 384] close(6) = 0 [pid 384] mkdir("./file0", 0777) = 0 [pid 384] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 384] chdir("./file0") = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_CLR_FD) = 0 [pid 384] close(6) = 0 [pid 384] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 384] write(6, "#! ./file1\n", 11) = 11 [pid 384] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 384] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=384, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 29.118481][ T384] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.148386][ T385] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-384: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 389 ./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x555581138660, 24) = 0 [pid 389] chdir("./21") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] write(1, "executing program\n", 18executing program ) = 18 [pid 389] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 389] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 389] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 389] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 389] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 389] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 389] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 389] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 389] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 389] memfd_create("syzkaller", 0) = 5 [pid 389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 389] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 389] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 389] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 389] close(5) = 0 [pid 389] close(6) = 0 [pid 389] mkdir("./file0", 0777) = 0 [pid 389] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 389] chdir("./file0") = 0 [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 389] ioctl(6, LOOP_CLR_FD) = 0 [pid 389] close(6) = 0 [pid 389] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 389] write(6, "#! ./file1\n", 11) = 11 [pid 389] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 389] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 389] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=389, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 29.298481][ T389] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.330002][ T390] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-389: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 394 attached , child_tidptr=0x555581138650) = 394 [pid 394] set_robust_list(0x555581138660, 24) = 0 [pid 394] chdir("./22") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 394] write(1, "executing program\n", 18executing program ) = 18 [pid 394] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 394] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 394] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 394] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 394] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 394] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 394] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 394] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 394] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 394] memfd_create("syzkaller", 0) = 5 [pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 394] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 394] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 394] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 394] close(5) = 0 [pid 394] close(6) = 0 [pid 394] mkdir("./file0", 0777) = 0 [pid 394] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 394] chdir("./file0") = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 394] ioctl(6, LOOP_CLR_FD) = 0 [pid 394] close(6) = 0 [pid 394] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 394] write(6, "#! ./file1\n", 11) = 11 [pid 394] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 394] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 394] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=394, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 29.478959][ T394] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.509158][ T394] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor361: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 399 ./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x555581138660, 24) = 0 [pid 399] chdir("./23") = 0 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 399] setpgid(0, 0) = 0 [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 399] write(3, "1000", 4) = 4 [pid 399] close(3) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 399] write(1, "executing program\n", 18executing program ) = 18 [pid 399] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 399] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 399] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 399] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 399] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 399] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 399] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 399] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 399] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 399] memfd_create("syzkaller", 0) = 5 [pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 399] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 399] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 399] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 399] close(5) = 0 [pid 399] close(6) = 0 [pid 399] mkdir("./file0", 0777) = 0 [pid 399] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 399] chdir("./file0") = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 399] ioctl(6, LOOP_CLR_FD) = 0 [pid 399] close(6) = 0 [pid 399] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 399] write(6, "#! ./file1\n", 11) = 11 [pid 399] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 399] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 399] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=399, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 29.830311][ T399] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.860257][ T400] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-399: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 404 attached , child_tidptr=0x555581138650) = 404 [pid 404] set_robust_list(0x555581138660, 24) = 0 [pid 404] chdir("./24") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] write(1, "executing program\n", 18executing program ) = 18 [pid 404] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 404] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 404] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 404] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 404] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 404] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 404] memfd_create("syzkaller", 0) = 5 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 404] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 404] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 404] close(5) = 0 [pid 404] close(6) = 0 [pid 404] mkdir("./file0", 0777) = 0 [pid 404] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_CLR_FD) = 0 [pid 404] close(6) = 0 [pid 404] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 404] write(6, "#! ./file1\n", 11) = 11 [pid 404] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 404] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 404] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=404, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 30.028871][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.061007][ T404] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor361: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 409 ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x555581138660, 24) = 0 [pid 409] chdir("./25") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 409] write(1, "executing program\n", 18executing program ) = 18 [pid 409] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 409] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 409] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 409] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 409] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 409] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 409] memfd_create("syzkaller", 0) = 5 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 409] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 409] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 409] close(5) = 0 [pid 409] close(6) = 0 [pid 409] mkdir("./file0", 0777) = 0 [pid 409] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 409] chdir("./file0") = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_CLR_FD) = 0 [pid 409] close(6) = 0 [pid 409] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 409] write(6, "#! ./file1\n", 11) = 11 [pid 409] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 409] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=409, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 30.197305][ T409] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.229011][ T410] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-409: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x555581138660, 24) = 0 [pid 414] chdir("./26") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4executing program ) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] write(1, "executing program\n", 18) = 18 [pid 414] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 414] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 414] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 414] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 414] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 414] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 414] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 414] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 414] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 414] memfd_create("syzkaller", 0) = 5 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 414] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 414] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 414] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 414] close(5) = 0 [pid 414] close(6) = 0 [pid 414] mkdir("./file0", 0777) = 0 [pid 414] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 414] chdir("./file0") = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 414] ioctl(6, LOOP_CLR_FD) = 0 [pid 414] close(6) = 0 [pid 414] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 414] write(6, "#! ./file1\n", 11) = 11 [pid 414] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 414] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 414] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=414, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 30.340105][ T414] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.363603][ T414] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor361: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 419 ./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x555581138660, 24) = 0 [pid 419] chdir("./27") = 0 [pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 419] setpgid(0, 0) = 0 [pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 419] write(3, "1000", 4) = 4 [pid 419] close(3) = 0 [pid 419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 419] write(1, "executing program\n", 18executing program ) = 18 [pid 419] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 419] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 419] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 419] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 419] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 419] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 419] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 419] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 419] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 419] memfd_create("syzkaller", 0) = 5 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 419] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 419] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 419] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 419] close(5) = 0 [pid 419] close(6) = 0 [pid 419] mkdir("./file0", 0777) = 0 [pid 419] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 419] chdir("./file0") = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 419] ioctl(6, LOOP_CLR_FD) = 0 [pid 419] close(6) = 0 [pid 419] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 419] write(6, "#! ./file1\n", 11) = 11 [pid 419] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 419] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000284} --- [pid 419] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=419, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 30.508864][ T419] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.540876][ T420] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-419: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555581141730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555581141730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555811396f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581138650) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x555581138660, 24) = 0 [pid 424] chdir("./28") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 424] write(1, "executing program\n", 18) = 18 [pid 424] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 424] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 424] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 424] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 424] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 424] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 424] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 424] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 424] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 424] memfd_create("syzkaller", 0) = 5 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b2da0f000 [pid 424] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 424] munmap(0x7f9b2da0f000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 424] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 424] close(5) = 0 [pid 424] close(6) = 0 [pid 424] mkdir("./file0", 0777) = 0 [pid 424] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 424] chdir("./file0") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 424] ioctl(6, LOOP_CLR_FD) = 0 [pid 424] close(6) = 0 [pid 424] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 424] write(6, "#! ./file1\n", 11) = 11 [pid 424] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 424] ioctl(-1, KVM_SET_IRQCHIP, 0x200000000280) = -1 EBADF (Bad file descriptor) [pid 424] exit_group(0) = ? [ 30.748584][ T424] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555811396f0 /* 4 entries */, 32768) = 112 [ 30.788785][ T425] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-424: bg 0: block 234: padding at end of block bitmap is not set [ 30.815271][ T9] ------------[ cut here ]------------ [ 30.821496][ T9] kernel BUG at fs/ext4/inode.c:2778! [ 30.826980][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 30.833685][ T9] CPU: 0 PID: 9 Comm: kworker/u4:1 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 30.843488][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 30.853571][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 30.860230][ T9] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 30.865958][ T9] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 30.886119][ T9] RSP: 0018:ffffc90000097180 EFLAGS: 00010293 [ 30.892475][ T9] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810024bb40 [ 30.900645][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 30.909169][ T9] RBP: ffffc900000974f0 R08: dffffc0000000000 R09: ffffed10242a6185 [ 30.917449][ T9] R10: ffffed10242a6185 R11: 1ffff110242a6184 R12: dffffc0000000000 [ 30.925423][ T9] R13: ffff888105ff4000 R14: 0000008000000000 R15: ffff888121530c20 [ 30.933402][ T9] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 30.942631][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.949408][ T9] CR2: 00007ffd48589ca8 CR3: 00000001079d8000 CR4: 00000000003506b0 [ 30.957484][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.965728][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.973805][ T9] Call Trace: [ 30.977121][ T9] ? unwind_next_frame+0x3d5/0x700 [ 30.982222][ T9] ? stack_trace_save+0xe0/0xe0 [ 30.987071][ T9] ? ext4_readpage+0x220/0x220 [ 30.992192][ T9] ? ret_from_fork+0x1f/0x30 [ 30.996805][ T9] ? stack_trace_save+0x98/0xe0 [ 31.001907][ T9] ? stack_trace_snprint+0xf0/0xf0 [ 31.007224][ T9] ? process_one_work+0x6e1/0xba0 [ 31.012247][ T9] ? __es_insert_extent+0x73c/0x1800 [ 31.017607][ T9] ? ext4_es_insert_extent+0x516/0x2af0 [ 31.023343][ T9] ? ext4_map_blocks+0xe45/0x1bc0 [ 31.028679][ T9] ? ext4_convert_unwritten_extents+0x21c/0x3f0 [ 31.035152][ T9] ? ext4_convert_unwritten_io_end_vec+0x103/0x180 [ 31.042452][ T9] ? ext4_readpage+0x220/0x220 [ 31.047360][ T9] do_writepages+0x12a/0x270 [ 31.051963][ T9] ? __writepage+0x130/0x130 [ 31.056689][ T9] ? __kasan_check_write+0x14/0x20 [ 31.061794][ T9] ? _raw_spin_lock+0x8e/0xe0 [ 31.066789][ T9] ? __kasan_check_write+0x14/0x20 [ 31.072250][ T9] __writeback_single_inode+0xd5/0xa20 [ 31.077812][ T9] ? wbc_attach_and_unlock_inode+0x385/0x590 [ 31.084274][ T9] writeback_sb_inodes+0x860/0x1400 [ 31.089876][ T9] ? queue_io+0x4c0/0x4c0 [ 31.094630][ T9] ? __kasan_check_read+0x11/0x20 [ 31.099648][ T9] ? queue_io+0x385/0x4c0 [ 31.104263][ T9] wb_writeback+0x3e3/0xb90 [ 31.109053][ T9] ? wb_io_lists_depopulated+0x180/0x180 [ 31.114886][ T9] ? set_worker_desc+0x155/0x1c0 [ 31.120075][ T9] ? update_load_avg+0x4dc/0x14f0 [ 31.125087][ T9] ? __kasan_check_write+0x14/0x20 [ 31.130182][ T9] ? newidle_balance+0x590/0xa90 [ 31.135106][ T9] wb_workfn+0x38f/0xe20 [ 31.139420][ T9] ? inode_wait_for_writeback+0x200/0x200 [ 31.145118][ T9] ? __update_idle_core+0x2a0/0x2a0 [ 31.150482][ T9] ? psi_task_change+0x1fe/0x330 [ 31.155634][ T9] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.160855][ T9] ? finish_task_switch+0x12e/0x5a0 [ 31.166095][ T9] ? __switch_to_asm+0x34/0x60 [ 31.170878][ T9] ? __schedule+0xb4f/0x1310 [ 31.175712][ T9] ? __kasan_check_read+0x11/0x20 [ 31.181135][ T9] ? read_word_at_a_time+0x12/0x20 [ 31.186523][ T9] ? strscpy+0x9b/0x290 [ 31.190776][ T9] process_one_work+0x6e1/0xba0 [ 31.195768][ T9] worker_thread+0xa6a/0x13b0 [ 31.200450][ T9] kthread+0x346/0x3d0 [ 31.204535][ T9] ? worker_clr_flags+0x190/0x190 [ 31.209586][ T9] ? kthread_blkcg+0xd0/0xd0 [ 31.214325][ T9] ret_from_fork+0x1f/0x30 [ 31.219093][ T9] Modules linked in: [ 31.223515][ T9] ---[ end trace 87dee552aebd133d ]--- [ 31.229593][ T9] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 31.235488][ T9] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 31.255933][ T9] RSP: 0018:ffffc90000097180 EFLAGS: 00010293 [ 31.262372][ T9] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88810024bb40 [ 31.270453][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 31.279041][ T9] RBP: ffffc900000974f0 R08: dffffc0000000000 R09: ffffed10242a6185 [ 31.287117][ T9] R10: ffffed10242a6185 R11: 1ffff110242a6184 R12: dffffc0000000000 [ 31.295113][ T9] R13: ffff888105ff4000 R14: 0000008000000000 R15: ffff888121530c20 [ 31.303194][ T9] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 31.312408][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.319289][ T9] CR2: 00007ffd48589ca8 CR3: 00000001079d8000 CR4: 00000000003506b0 [ 31.327675][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.335797][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.343840][ T9] Kernel panic - not syncing: Fatal exception [ 31.345092][ T24] kauditd_printk_skb: 6 callbacks suppressed [ 31.345102][ T24] audit: type=1400 audit(1750093181.480:80): avc: denied { read } for pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 31.350230][ T9] Kernel Offset: disabled [ 31.384036][ T9] Rebooting in 86400 seconds..