./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1185262618 <...> Warning: Permanently added '10.128.0.23' (ED25519) to the list of known hosts. execve("./syz-executor1185262618", ["./syz-executor1185262618"], 0x7fffef3e26f0 /* 10 vars */) = 0 brk(NULL) = 0x555586f15000 brk(0x555586f15d00) = 0x555586f15d00 arch_prctl(ARCH_SET_FS, 0x555586f15380) = 0 set_tid_address(0x555586f15650) = 282 set_robust_list(0x555586f15660, 24) = 0 rseq(0x555586f15ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1185262618", 4096) = 28 getrandom("\xd7\x89\x3e\xcd\xa7\x6b\xf9\x7b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555586f15d00 brk(0x555586f36d00) = 0x555586f36d00 brk(0x555586f37000) = 0x555586f37000 mprotect(0x7f37089cb000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.odft9s", 0700) = 0 chmod("./syzkaller.odft9s", 0777) = 0 chdir("./syzkaller.odft9s") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 284 ./strace-static-x86_64: Process 284 attached [pid 284] set_robust_list(0x555586f15660, 24) = 0 [pid 284] chdir("./0") = 0 [pid 284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 284] setpgid(0, 0) = 0 [pid 284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 284] write(3, "1000", 4) = 4 [pid 284] close(3) = 0 [pid 284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 284] write(1, "executing program\n", 18executing program ) = 18 [pid 284] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 284] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 284] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 284] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 284] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 284] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 284] memfd_create("syzkaller", 0) = 5 [pid 284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 284] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 284] munmap(0x7f3700518000, 138412032) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 21.812665][ T24] audit: type=1400 audit(1750645637.820:64): avc: denied { execmem } for pid=282 comm="syz-executor118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.832122][ T24] audit: type=1400 audit(1750645637.830:65): avc: denied { read write } for pid=282 comm="syz-executor118" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 284] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 284] close(5) = 0 [pid 284] close(6) = 0 [pid 284] mkdir("./file0", 0777) = 0 [ 21.856580][ T24] audit: type=1400 audit(1750645637.830:66): avc: denied { open } for pid=282 comm="syz-executor118" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.880993][ T24] audit: type=1400 audit(1750645637.830:67): avc: denied { ioctl } for pid=282 comm="syz-executor118" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.907138][ T24] audit: type=1400 audit(1750645637.840:68): avc: denied { read write } for pid=284 comm="syz-executor118" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 21.931550][ T24] audit: type=1400 audit(1750645637.840:69): avc: denied { open } for pid=284 comm="syz-executor118" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 21.956034][ T24] audit: type=1400 audit(1750645637.850:70): avc: denied { ioctl } for pid=284 comm="syz-executor118" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 21.981793][ T24] audit: type=1400 audit(1750645637.890:71): avc: denied { mounton } for pid=284 comm="syz-executor118" path="/root/syzkaller.odft9s/0/file0" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 284] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 284] chdir("./file0") = 0 [pid 284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 284] ioctl(6, LOOP_CLR_FD) = 0 [pid 284] close(6) = 0 [pid 284] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 284] write(6, "#! ./file1\n", 11) = 11 [ 22.007631][ T284] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.027721][ T24] audit: type=1400 audit(1750645638.030:72): avc: denied { mount } for pid=284 comm="syz-executor118" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 284] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 284] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 284] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=284, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 22.049767][ T24] audit: type=1400 audit(1750645638.050:73): avc: denied { write } for pid=284 comm="syz-executor118" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.072225][ T284] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 289 ./strace-static-x86_64: Process 289 attached [pid 289] set_robust_list(0x555586f15660, 24) = 0 [pid 289] chdir("./1") = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] setpgid(0, 0) = 0 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "1000", 4) = 4 [pid 289] close(3) = 0 [pid 289] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 289] write(1, "executing program\n", 18) = 18 [pid 289] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 289] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 289] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 289] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 289] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 289] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 289] memfd_create("syzkaller", 0) = 5 [pid 289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 289] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 289] munmap(0x7f3700518000, 138412032) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 289] close(5) = 0 [pid 289] close(6) = 0 [pid 289] mkdir("./file0", 0777) = 0 [pid 289] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 289] chdir("./file0") = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_CLR_FD) = 0 [pid 289] close(6) = 0 [pid 289] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 289] write(6, "#! ./file1\n", 11) = 11 [pid 289] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 22.203441][ T289] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 289] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=289, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 22.243643][ T290] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-289: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 294 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x555586f15660, 24) = 0 [pid 294] chdir("./2") = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setpgid(0, 0) = 0 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "1000", 4) = 4 [pid 294] close(3) = 0 [pid 294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 294] write(1, "executing program\n", 18) = 18 [pid 294] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 294] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 294] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 294] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 294] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 294] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 294] memfd_create("syzkaller", 0) = 5 [pid 294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 294] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 294] munmap(0x7f3700518000, 138412032) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 294] close(5) = 0 [pid 294] close(6) = 0 [pid 294] mkdir("./file0", 0777) = 0 [pid 294] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 294] chdir("./file0") = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_CLR_FD) = 0 [pid 294] close(6) = 0 [pid 294] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 294] write(6, "#! ./file1\n", 11) = 11 [pid 294] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 294] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=294, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 22.453165][ T294] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.481387][ T295] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-294: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555586f15660, 24) = 0 [pid 300] chdir("./3") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 300] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 300] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 300] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 300] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 300] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 300] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 300] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 300] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 300] memfd_create("syzkaller", 0) = 5 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 300] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 300] munmap(0x7f3700518000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 300] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 300] close(5) = 0 [pid 300] close(6) = 0 [pid 300] mkdir("./file0", 0777) = 0 [pid 300] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 300] chdir("./file0") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 300] ioctl(6, LOOP_CLR_FD) = 0 [pid 300] close(6) = 0 [pid 300] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 300] write(6, "#! ./file1\n", 11) = 11 [pid 300] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 300] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 300] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=300, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 22.723359][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.752749][ T301] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-300: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 305 attached , child_tidptr=0x555586f15650) = 305 [pid 305] set_robust_list(0x555586f15660, 24) = 0 [pid 305] chdir("./4") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 305] write(1, "executing program\n", 18executing program ) = 18 [pid 305] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 305] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 305] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 305] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 305] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 305] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 305] memfd_create("syzkaller", 0) = 5 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 305] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 305] munmap(0x7f3700518000, 138412032) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 305] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 305] close(5) = 0 [pid 305] close(6) = 0 [pid 305] mkdir("./file0", 0777) = 0 [pid 305] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 305] chdir("./file0") = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 305] ioctl(6, LOOP_CLR_FD) = 0 [pid 305] close(6) = 0 [pid 305] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 305] write(6, "#! ./file1\n", 11) = 11 [pid 305] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 305] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=305, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 22.923152][ T305] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.945271][ T306] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-305: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 310 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x555586f15660, 24) = 0 [pid 310] chdir("./5") = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 310] write(1, "executing program\n", 18executing program ) = 18 [pid 310] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 310] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 310] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 310] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 310] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 310] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 310] memfd_create("syzkaller", 0) = 5 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 310] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 310] munmap(0x7f3700518000, 138412032) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 310] close(5) = 0 [pid 310] close(6) = 0 [pid 310] mkdir("./file0", 0777) = 0 [pid 310] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 310] chdir("./file0") = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_CLR_FD) = 0 [pid 310] close(6) = 0 [pid 310] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 310] write(6, "#! ./file1\n", 11) = 11 [pid 310] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 310] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=310, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 23.083282][ T310] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.104724][ T310] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 315 attached , child_tidptr=0x555586f15650) = 315 [pid 315] set_robust_list(0x555586f15660, 24) = 0 [pid 315] chdir("./6") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] write(1, "executing program\n", 18executing program ) = 18 [pid 315] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 315] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 315] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 315] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 315] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 315] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 315] memfd_create("syzkaller", 0) = 5 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 315] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 315] munmap(0x7f3700518000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 315] close(5) = 0 [pid 315] close(6) = 0 [pid 315] mkdir("./file0", 0777) = 0 [pid 315] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 315] chdir("./file0") = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_CLR_FD) = 0 [pid 315] close(6) = 0 [pid 315] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 315] write(6, "#! ./file1\n", 11) = 11 [pid 315] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.193346][ T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 315] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=315, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 23.234214][ T316] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-315: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 320 attached , child_tidptr=0x555586f15650) = 320 [pid 320] set_robust_list(0x555586f15660, 24) = 0 [pid 320] chdir("./7") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] write(1, "executing program\n", 18executing program ) = 18 [pid 320] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 320] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 320] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 320] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 320] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 320] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 320] memfd_create("syzkaller", 0) = 5 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 320] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 320] munmap(0x7f3700518000, 138412032) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 320] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 320] close(5) = 0 [pid 320] close(6) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 320] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 320] chdir("./file0") = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 320] ioctl(6, LOOP_CLR_FD) = 0 [pid 320] close(6) = 0 [pid 320] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 320] write(6, "#! ./file1\n", 11) = 11 [pid 320] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 320] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=320, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 23.403292][ T320] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.432063][ T321] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-320: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555586f15660, 24) = 0 [pid 325] chdir("./8") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] write(1, "executing program\n", 18executing program ) = 18 [pid 325] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 325] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 325] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 325] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 325] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 325] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 325] memfd_create("syzkaller", 0) = 5 [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 325] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 325] munmap(0x7f3700518000, 138412032) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 325] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 325] close(5) = 0 [pid 325] close(6) = 0 [pid 325] mkdir("./file0", 0777) = 0 [pid 325] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 325] chdir("./file0") = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 325] ioctl(6, LOOP_CLR_FD) = 0 [pid 325] close(6) = 0 [pid 325] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 325] write(6, "#! ./file1\n", 11) = 11 [pid 325] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 325] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=325, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 23.533300][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.558019][ T325] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 330 ./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x555586f15660, 24) = 0 [pid 330] chdir("./9") = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 330] write(1, "executing program\n", 18) = 18 [pid 330] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 330] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 330] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 330] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 330] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 330] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 330] memfd_create("syzkaller", 0) = 5 [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 330] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 330] munmap(0x7f3700518000, 138412032) = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 330] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 330] close(5) = 0 [pid 330] close(6) = 0 [pid 330] mkdir("./file0", 0777) = 0 [pid 330] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 330] chdir("./file0") = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 330] ioctl(6, LOOP_CLR_FD) = 0 [pid 330] close(6) = 0 [pid 330] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 330] write(6, "#! ./file1\n", 11) = 11 [pid 330] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 330] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=330, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 23.643735][ T330] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.676596][ T331] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-330: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x555586f15660, 24) = 0 [pid 335] chdir("./10") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 335] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 335] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 335] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 335] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 335] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 335] memfd_create("syzkaller", 0) = 5 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 335] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 335] munmap(0x7f3700518000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 335] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 335] close(5) = 0 [pid 335] close(6) = 0 [pid 335] mkdir("./file0", 0777) = 0 [pid 335] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 335] chdir("./file0") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 335] ioctl(6, LOOP_CLR_FD) = 0 [pid 335] close(6) = 0 [pid 335] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 335] write(6, "#! ./file1\n", 11) = 11 [pid 335] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 335] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=335, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 23.803265][ T335] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.832460][ T336] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-335: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x555586f15660, 24) = 0 [pid 340] chdir("./11") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 340] write(1, "executing program\n", 18executing program ) = 18 [pid 340] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 340] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 340] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 340] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 340] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 340] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 340] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 340] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 340] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 340] memfd_create("syzkaller", 0) = 5 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 340] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 340] munmap(0x7f3700518000, 138412032) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 340] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 340] close(5) = 0 [pid 340] close(6) = 0 [pid 340] mkdir("./file0", 0777) = 0 [pid 340] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 340] chdir("./file0") = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 340] ioctl(6, LOOP_CLR_FD) = 0 [pid 340] close(6) = 0 [pid 340] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 340] write(6, "#! ./file1\n", 11) = 11 [pid 340] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.953326][ T340] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 340] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=340, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 23.993127][ T340] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555586f15660, 24) = 0 [pid 345] chdir("./12") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] write(1, "executing program\n", 18executing program ) = 18 [pid 345] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 345] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 345] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 345] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 345] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 345] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 345] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 345] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 345] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 345] memfd_create("syzkaller", 0) = 5 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 345] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 345] munmap(0x7f3700518000, 138412032) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 345] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 345] close(5) = 0 [pid 345] close(6) = 0 [pid 345] mkdir("./file0", 0777) = 0 [pid 345] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 345] chdir("./file0") = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 345] ioctl(6, LOOP_CLR_FD) = 0 [pid 345] close(6) = 0 [pid 345] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 345] write(6, "#! ./file1\n", 11) = 11 [pid 345] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 345] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=345, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 24.123361][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.152008][ T346] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-345: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 350 ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x555586f15660, 24) = 0 [pid 350] chdir("./13") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 350] write(1, "executing program\n", 18executing program ) = 18 [pid 350] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 350] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 350] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 350] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 350] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 350] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 350] memfd_create("syzkaller", 0) = 5 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 350] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 350] munmap(0x7f3700518000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 350] close(5) = 0 [pid 350] close(6) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 350] chdir("./file0") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_CLR_FD) = 0 [pid 350] close(6) = 0 [pid 350] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 350] write(6, "#! ./file1\n", 11) = 11 [pid 350] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 350] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=350, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 24.313352][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.342392][ T351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-350: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x555586f15660, 24) = 0 [pid 355] chdir("./14") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18executing program ) = 18 [pid 355] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 355] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 355] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 355] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 355] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 355] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 355] memfd_create("syzkaller", 0) = 5 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 355] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 355] munmap(0x7f3700518000, 138412032) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 355] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 355] close(5) = 0 [pid 355] close(6) = 0 [pid 355] mkdir("./file0", 0777) = 0 [pid 355] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 355] chdir("./file0") = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 355] ioctl(6, LOOP_CLR_FD) = 0 [pid 355] close(6) = 0 [pid 355] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 355] write(6, "#! ./file1\n", 11) = 11 [pid 355] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 355] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 24.483351][ T355] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.512078][ T356] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-355: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555586f15660, 24) = 0 [pid 360] chdir("./15") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 360] write(1, "executing program\n", 18) = 18 [pid 360] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 360] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 360] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 360] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 360] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 360] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 360] memfd_create("syzkaller", 0) = 5 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 360] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 360] munmap(0x7f3700518000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 360] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 360] close(5) = 0 [pid 360] close(6) = 0 [pid 360] mkdir("./file0", 0777) = 0 [pid 360] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 360] chdir("./file0") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 360] ioctl(6, LOOP_CLR_FD) = 0 [pid 360] close(6) = 0 [pid 360] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 360] write(6, "#! ./file1\n", 11) = 11 [pid 360] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 360] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=360, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 24.643321][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.671324][ T361] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-360: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555586f15660, 24) = 0 [pid 365] chdir("./16") = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 365] write(1, "executing program\n", 18executing program ) = 18 [pid 365] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 365] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 365] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 365] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 365] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 365] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 365] memfd_create("syzkaller", 0) = 5 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 365] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 365] munmap(0x7f3700518000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 365] close(5) = 0 [pid 365] close(6) = 0 [pid 365] mkdir("./file0", 0777) = 0 [pid 365] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 365] chdir("./file0") = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_CLR_FD) = 0 [pid 365] close(6) = 0 [pid 365] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 365] write(6, "#! ./file1\n", 11) = 11 [pid 365] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 365] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=365, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 24.842349][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.870273][ T366] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-365: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 370 attached , child_tidptr=0x555586f15650) = 370 [pid 370] set_robust_list(0x555586f15660, 24) = 0 [pid 370] chdir("./17") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] write(1, "executing program\n", 18executing program ) = 18 [pid 370] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 370] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 370] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 370] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 370] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 370] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 370] memfd_create("syzkaller", 0) = 5 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 370] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 370] munmap(0x7f3700518000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 370] close(5) = 0 [pid 370] close(6) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_CLR_FD) = 0 [pid 370] close(6) = 0 [pid 370] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 370] write(6, "#! ./file1\n", 11) = 11 [pid 370] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 370] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=370, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 25.042796][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.072376][ T371] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-370: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555586f15650) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x555586f15660, 24) = 0 [pid 375] chdir("./18") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 375] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 375] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 375] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 375] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 375] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 375] memfd_create("syzkaller", 0) = 5 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 375] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 375] munmap(0x7f3700518000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 375] close(5) = 0 [pid 375] close(6) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_CLR_FD) = 0 [pid 375] close(6) = 0 [pid 375] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 375] write(6, "#! ./file1\n", 11) = 11 [pid 375] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 375] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=375, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 25.240355][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.269436][ T376] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-375: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555586f15660, 24) = 0 [pid 380] chdir("./19") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] write(1, "executing program\n", 18executing program ) = 18 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] memfd_create("syzkaller", 0) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7f3700518000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] write(6, "#! ./file1\n", 11) = 11 [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 25.373579][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.401931][ T381] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-380: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 385 attached , child_tidptr=0x555586f15650) = 385 [pid 385] set_robust_list(0x555586f15660, 24) = 0 [pid 385] chdir("./20") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18executing program ) = 18 [pid 385] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 385] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 385] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 385] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 385] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 385] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 385] memfd_create("syzkaller", 0) = 5 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 385] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 385] munmap(0x7f3700518000, 138412032) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 385] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 385] close(5) = 0 [pid 385] close(6) = 0 [pid 385] mkdir("./file0", 0777) = 0 [pid 385] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 385] chdir("./file0") = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 385] ioctl(6, LOOP_CLR_FD) = 0 [pid 385] close(6) = 0 [pid 385] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 385] write(6, "#! ./file1\n", 11) = 11 [pid 385] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 385] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=385, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 25.563384][ T385] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.591863][ T386] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-385: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 390 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x555586f15660, 24) = 0 [pid 390] chdir("./21") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 390] write(1, "executing program\n", 18executing program ) = 18 [pid 390] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 390] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 390] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 390] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 390] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 390] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 390] memfd_create("syzkaller", 0) = 5 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 390] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 390] munmap(0x7f3700518000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 390] close(5) = 0 [pid 390] close(6) = 0 [pid 390] mkdir("./file0", 0777) = 0 [pid 390] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 390] chdir("./file0") = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_CLR_FD) = 0 [pid 390] close(6) = 0 [pid 390] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 390] write(6, "#! ./file1\n", 11) = 11 [pid 390] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 390] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=390, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 25.703188][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.727189][ T390] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x555586f15660, 24) = 0 [pid 395] chdir("./22") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] write(1, "executing program\n", 18executing program ) = 18 [pid 395] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 395] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 395] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 395] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 395] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 395] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 395] memfd_create("syzkaller", 0) = 5 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 395] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 395] munmap(0x7f3700518000, 138412032) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 395] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 395] close(5) = 0 [pid 395] close(6) = 0 [pid 395] mkdir("./file0", 0777) = 0 [pid 395] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 395] chdir("./file0") = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 395] ioctl(6, LOOP_CLR_FD) = 0 [pid 395] close(6) = 0 [pid 395] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 395] write(6, "#! ./file1\n", 11) = 11 [pid 395] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 395] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 25.883024][ T395] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.911270][ T396] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-395: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 400 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x555586f15660, 24) = 0 [pid 400] chdir("./23") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 400] write(1, "executing program\n", 18executing program ) = 18 [pid 400] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 400] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 400] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 400] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 400] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 400] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 400] memfd_create("syzkaller", 0) = 5 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 400] munmap(0x7f3700518000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 400] close(5) = 0 [pid 400] close(6) = 0 [pid 400] mkdir("./file0", 0777) = 0 [pid 400] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_CLR_FD) = 0 [pid 400] close(6) = 0 [pid 400] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 400] write(6, "#! ./file1\n", 11) = 11 [pid 400] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 400] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=400, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 26.053374][ T400] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.081883][ T401] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-400: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x555586f15660, 24) = 0 [pid 405] chdir("./24") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 405] write(1, "executing program\n", 18executing program ) = 18 [pid 405] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 405] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 405] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 405] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 405] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 405] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 405] memfd_create("syzkaller", 0) = 5 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 405] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 405] munmap(0x7f3700518000, 138412032) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 405] close(5) = 0 [pid 405] close(6) = 0 [pid 405] mkdir("./file0", 0777) = 0 [pid 405] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 405] chdir("./file0") = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_CLR_FD) = 0 [pid 405] close(6) = 0 [pid 405] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 405] write(6, "#! ./file1\n", 11) = 11 [pid 405] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.213465][ T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 405] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=405, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 26.253516][ T406] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-405: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555586f15650) = 410 ./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x555586f15660, 24) = 0 [pid 410] chdir("./25") = 0 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] setpgid(0, 0) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3) = 0 [pid 410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 410] write(1, "executing program\n", 18) = 18 [pid 410] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 410] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 410] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 410] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 410] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 410] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 410] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 410] memfd_create("syzkaller", 0) = 5 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 410] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 410] munmap(0x7f3700518000, 138412032) = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 410] close(5) = 0 [pid 410] close(6) = 0 [pid 410] mkdir("./file0", 0777) = 0 [pid 410] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 410] chdir("./file0") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_CLR_FD) = 0 [pid 410] close(6) = 0 [pid 410] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 410] write(6, "#! ./file1\n", 11) = 11 [pid 410] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 410] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=410, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 26.383392][ T410] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.408815][ T410] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x555586f15660, 24) = 0 [pid 415] chdir("./26") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 415] write(1, "executing program\n", 18executing program ) = 18 [pid 415] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 415] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 415] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 415] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 415] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 415] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 415] memfd_create("syzkaller", 0) = 5 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 415] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 415] munmap(0x7f3700518000, 138412032) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 415] close(5) = 0 [pid 415] close(6) = 0 [pid 415] mkdir("./file0", 0777) = 0 [pid 415] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 415] chdir("./file0") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_CLR_FD) = 0 [pid 415] close(6) = 0 [pid 415] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 415] write(6, "#! ./file1\n", 11) = 11 [pid 415] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 415] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=415, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 26.563433][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.591638][ T416] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-415: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555586f15650) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x555586f15660, 24) = 0 [pid 420] chdir("./27") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] write(1, "executing program\n", 18) = 18 [pid 420] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 420] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 420] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 420] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 420] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 420] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 420] memfd_create("syzkaller", 0) = 5 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 420] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 420] munmap(0x7f3700518000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 420] close(5) = 0 [pid 420] close(6) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 420] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 420] chdir("./file0") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_CLR_FD) = 0 [pid 420] close(6) = 0 [pid 420] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 420] write(6, "#! ./file1\n", 11) = 11 [pid 420] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 420] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=420, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 26.753452][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.780949][ T420] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 425 ./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x555586f15660, 24) = 0 [pid 425] chdir("./28") = 0 [pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 425] setpgid(0, 0) = 0 [pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 425] write(3, "1000", 4) = 4 [pid 425] close(3) = 0 [pid 425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 425] write(1, "executing program\n", 18executing program ) = 18 [pid 425] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 425] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 425] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 425] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 425] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 425] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 425] memfd_create("syzkaller", 0) = 5 [pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 425] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 425] munmap(0x7f3700518000, 138412032) = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 425] close(5) = 0 [pid 425] close(6) = 0 [pid 425] mkdir("./file0", 0777) = 0 [pid 425] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 425] chdir("./file0") = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_CLR_FD) = 0 [pid 425] close(6) = 0 [pid 425] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 425] write(6, "#! ./file1\n", 11) = 11 [pid 425] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 425] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=425, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 26.881301][ T425] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.911768][ T425] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x555586f15660, 24) = 0 [pid 430] chdir("./29") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] write(1, "executing program\n", 18executing program ) = 18 [pid 430] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 430] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 430] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 430] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 430] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 430] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 430] memfd_create("syzkaller", 0) = 5 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 430] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 430] munmap(0x7f3700518000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 430] close(5) = 0 [pid 430] close(6) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 430] chdir("./file0") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_CLR_FD) = 0 [pid 430] close(6) = 0 [pid 430] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 430] write(6, "#! ./file1\n", 11) = 11 [pid 430] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 430] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=430, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 27.043353][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.072213][ T431] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-430: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x555586f15660, 24) = 0 [pid 435] chdir("./30") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] write(1, "executing program\n", 18executing program ) = 18 [pid 435] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 435] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 435] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 435] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 435] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 435] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 435] memfd_create("syzkaller", 0) = 5 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 435] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 435] munmap(0x7f3700518000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 435] close(5) = 0 [pid 435] close(6) = 0 [pid 435] mkdir("./file0", 0777) = 0 [pid 435] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_CLR_FD) = 0 [pid 435] close(6) = 0 [pid 435] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 435] write(6, "#! ./file1\n", 11) = 11 [pid 435] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 435] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=435, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 27.183371][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.211597][ T436] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-435: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 440 ./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x555586f15660, 24) = 0 [pid 440] chdir("./31") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 440] write(1, "executing program\n", 18executing program ) = 18 [pid 440] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 440] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 440] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 440] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 440] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 440] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 440] memfd_create("syzkaller", 0) = 5 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 440] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7f3700518000, 138412032) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 440] close(5) = 0 [pid 440] close(6) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 440] write(6, "#! ./file1\n", 11) = 11 [pid 440] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 440] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=440, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 27.363309][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.391028][ T441] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-440: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 445 attached , child_tidptr=0x555586f15650) = 445 [pid 445] set_robust_list(0x555586f15660, 24) = 0 [pid 445] chdir("./32") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18executing program ) = 18 [pid 445] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 445] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 445] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 445] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 445] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 445] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 445] memfd_create("syzkaller", 0) = 5 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 445] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 445] munmap(0x7f3700518000, 138412032) = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 445] close(5) = 0 [pid 445] close(6) = 0 [pid 445] mkdir("./file0", 0777) = 0 [pid 445] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 445] chdir("./file0") = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_CLR_FD) = 0 [pid 445] close(6) = 0 [pid 445] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 445] write(6, "#! ./file1\n", 11) = 11 [pid 445] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 445] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=445, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 27.573562][ T445] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.597914][ T445] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 450 ./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x555586f15660, 24) = 0 [pid 450] chdir("./33") = 0 [pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 450] setpgid(0, 0) = 0 [pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 450] write(3, "1000", 4) = 4 [pid 450] close(3) = 0 [pid 450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 450] write(1, "executing program\n", 18executing program ) = 18 [pid 450] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 450] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 450] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 450] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 450] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 450] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 450] memfd_create("syzkaller", 0) = 5 [pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 450] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 450] munmap(0x7f3700518000, 138412032) = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 450] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 450] close(5) = 0 [pid 450] close(6) = 0 [pid 450] mkdir("./file0", 0777) = 0 [pid 450] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 450] chdir("./file0") = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 450] ioctl(6, LOOP_CLR_FD) = 0 [pid 450] close(6) = 0 [pid 450] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 450] write(6, "#! ./file1\n", 11) = 11 [pid 450] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 450] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=450, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 27.763361][ T450] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.787658][ T451] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-450: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 455 ./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x555586f15660, 24) = 0 [pid 455] chdir("./34") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 executing program [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 455] write(1, "executing program\n", 18) = 18 [pid 455] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 455] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 455] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 455] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 455] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 455] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 455] memfd_create("syzkaller", 0) = 5 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 455] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 455] munmap(0x7f3700518000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 455] close(5) = 0 [pid 455] close(6) = 0 [pid 455] mkdir("./file0", 0777) = 0 [pid 455] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 455] chdir("./file0") = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_CLR_FD) = 0 [pid 455] close(6) = 0 [pid 455] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 455] write(6, "#! ./file1\n", 11) = 11 [pid 455] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.003511][ T455] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 455] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=455, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 28.042224][ T456] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-455: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 460 ./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x555586f15660, 24) = 0 [pid 460] chdir("./35") = 0 [pid 460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 460] setpgid(0, 0) = 0 [pid 460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 460] write(3, "1000", 4) = 4 [pid 460] close(3) = 0 [pid 460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 460] write(1, "executing program\n", 18executing program ) = 18 [pid 460] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 460] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 460] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 460] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 460] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 460] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 460] memfd_create("syzkaller", 0) = 5 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 460] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 460] munmap(0x7f3700518000, 138412032) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 460] close(5) = 0 [pid 460] close(6) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 460] chdir("./file0") = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_CLR_FD) = 0 [pid 460] close(6) = 0 [pid 460] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 460] write(6, "#! ./file1\n", 11) = 11 [pid 460] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 460] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=460, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 28.161545][ T460] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.185731][ T460] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x555586f15660, 24) = 0 [pid 465] chdir("./36") = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 465] write(1, "executing program\n", 18executing program ) = 18 [pid 465] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 465] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 465] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 465] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 465] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 465] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 465] memfd_create("syzkaller", 0) = 5 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 465] munmap(0x7f3700518000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 465] close(5) = 0 [pid 465] close(6) = 0 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] close(6) = 0 [pid 465] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 465] write(6, "#! ./file1\n", 11) = 11 [pid 465] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 465] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 28.313324][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.342559][ T466] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-465: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 470 attached , child_tidptr=0x555586f15650) = 470 [pid 470] set_robust_list(0x555586f15660, 24) = 0 [pid 470] chdir("./37") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 470] write(1, "executing program\n", 18executing program ) = 18 [pid 470] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 470] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 470] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 470] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 470] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 470] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 470] memfd_create("syzkaller", 0) = 5 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 470] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 470] munmap(0x7f3700518000, 138412032) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 470] close(5) = 0 [pid 470] close(6) = 0 [pid 470] mkdir("./file0", 0777) = 0 [pid 470] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 470] chdir("./file0") = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_CLR_FD) = 0 [pid 470] close(6) = 0 [pid 470] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 470] write(6, "#! ./file1\n", 11) = 11 [pid 470] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 470] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=470, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 28.503559][ T470] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.531499][ T471] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-470: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, executing program 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 475 ./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x555586f15660, 24) = 0 [pid 475] chdir("./38") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 475] write(1, "executing program\n", 18) = 18 [pid 475] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 475] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 475] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 475] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 475] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 475] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 475] memfd_create("syzkaller", 0) = 5 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 475] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 475] munmap(0x7f3700518000, 138412032) = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 475] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 475] close(5) = 0 [pid 475] close(6) = 0 [pid 475] mkdir("./file0", 0777) = 0 [pid 475] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 475] chdir("./file0") = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 475] ioctl(6, LOOP_CLR_FD) = 0 [pid 475] close(6) = 0 [pid 475] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 475] write(6, "#! ./file1\n", 11) = 11 [pid 475] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 475] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=475, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 28.744515][ T475] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.777096][ T476] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-475: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 480 ./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x555586f15660, 24) = 0 [pid 480] chdir("./39") = 0 [pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 480] setpgid(0, 0) = 0 [pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 480] write(3, "1000", 4) = 4 [pid 480] close(3) = 0 [pid 480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 480] write(1, "executing program\n", 18executing program ) = 18 [pid 480] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 480] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 480] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 480] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 480] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 480] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 480] memfd_create("syzkaller", 0) = 5 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 480] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 480] munmap(0x7f3700518000, 138412032) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 480] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 480] close(5) = 0 [pid 480] close(6) = 0 [pid 480] mkdir("./file0", 0777) = 0 [pid 480] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 480] chdir("./file0") = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 480] ioctl(6, LOOP_CLR_FD) = 0 [pid 480] close(6) = 0 [pid 480] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 480] write(6, "#! ./file1\n", 11) = 11 [pid 480] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 480] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=480, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 485 ./strace-static-x86_64: Process 485 attached [pid 485] set_robust_list(0x555586f15660, 24) = 0 [pid 485] chdir("./40") = 0 [pid 485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 485] setpgid(0, 0) = 0 [pid 485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 485] write(3, "1000", 4) = 4 [pid 485] close(3) = 0 [pid 485] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 485] write(1, "executing program\n", 18) = 18 [pid 485] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 485] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 485] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 485] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 485] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 485] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 485] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 485] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 485] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 485] memfd_create("syzkaller", 0) = 5 [ 28.933402][ T480] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.956806][ T480] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set [pid 485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 485] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 485] munmap(0x7f3700518000, 138412032) = 0 [pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 485] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 485] close(5) = 0 [pid 485] close(6) = 0 [pid 485] mkdir("./file0", 0777) = 0 [pid 485] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 485] chdir("./file0") = 0 [pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 485] ioctl(6, LOOP_CLR_FD) = 0 [pid 485] close(6) = 0 [pid 485] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 485] write(6, "#! ./file1\n", 11) = 11 [pid 485] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 485] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=485, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 29.073502][ T485] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.101733][ T486] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-485: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 490 attached , child_tidptr=0x555586f15650) = 490 [pid 490] set_robust_list(0x555586f15660, 24) = 0 [pid 490] chdir("./41") = 0 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 490] setpgid(0, 0) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 490] write(3, "1000", 4) = 4 [pid 490] close(3) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 490] write(1, "executing program\n", 18) = 18 [pid 490] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 490] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 490] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 490] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 490] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 490] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 490] memfd_create("syzkaller", 0) = 5 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 490] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 490] munmap(0x7f3700518000, 138412032) = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 490] close(5) = 0 [pid 490] close(6) = 0 [pid 490] mkdir("./file0", 0777) = 0 [pid 490] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 490] chdir("./file0") = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_CLR_FD) = 0 [pid 490] close(6) = 0 [pid 490] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 490] write(6, "#! ./file1\n", 11) = 11 [pid 490] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 490] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=490, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 29.233353][ T490] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.261254][ T491] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-490: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 495 ./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x555586f15660, 24) = 0 [pid 495] chdir("./42") = 0 [pid 495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 495] setpgid(0, 0) = 0 [pid 495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 495] write(3, "1000", 4) = 4 [pid 495] close(3) = 0 [pid 495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 495] write(1, "executing program\n", 18) = 18 [pid 495] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 495] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 495] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 495] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 495] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 495] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 495] memfd_create("syzkaller", 0) = 5 [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 495] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 495] munmap(0x7f3700518000, 138412032) = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 495] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 495] close(5) = 0 [pid 495] close(6) = 0 [pid 495] mkdir("./file0", 0777) = 0 [pid 495] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 495] chdir("./file0") = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 495] ioctl(6, LOOP_CLR_FD) = 0 [pid 495] close(6) = 0 [pid 495] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 495] write(6, "#! ./file1\n", 11) = 11 [pid 495] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 495] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=495, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 29.393311][ T495] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.421929][ T496] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-495: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 500 attached , child_tidptr=0x555586f15650) = 500 [pid 500] set_robust_list(0x555586f15660, 24) = 0 [pid 500] chdir("./43") = 0 [pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 500] setpgid(0, 0) = 0 [pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 500] write(3, "1000", 4) = 4 [pid 500] close(3) = 0 [pid 500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 500] write(1, "executing program\n", 18executing program ) = 18 [pid 500] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 500] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 500] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 500] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 500] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 500] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 500] memfd_create("syzkaller", 0) = 5 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 500] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 500] munmap(0x7f3700518000, 138412032) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 500] close(5) = 0 [pid 500] close(6) = 0 [pid 500] mkdir("./file0", 0777) = 0 [pid 500] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 500] chdir("./file0") = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_CLR_FD) = 0 [pid 500] close(6) = 0 [pid 500] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 500] write(6, "#! ./file1\n", 11) = 11 [pid 500] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 500] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=500, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 29.603277][ T500] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.624895][ T500] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x555586f15660, 24) = 0 [pid 505] chdir("./44") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 505] write(1, "executing program\n", 18executing program ) = 18 [pid 505] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 505] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 505] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 505] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 505] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 505] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 505] memfd_create("syzkaller", 0) = 5 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 505] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 505] munmap(0x7f3700518000, 138412032) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 505] close(5) = 0 [pid 505] close(6) = 0 [pid 505] mkdir("./file0", 0777) = 0 [pid 505] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 505] chdir("./file0") = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_CLR_FD) = 0 [pid 505] close(6) = 0 [pid 505] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 505] write(6, "#! ./file1\n", 11) = 11 [pid 505] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 505] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=505, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 29.763378][ T505] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.787499][ T505] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 510 ./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x555586f15660, 24) = 0 [pid 510] chdir("./45") = 0 [pid 510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 510] setpgid(0, 0) = 0 [pid 510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 510] write(3, "1000", 4) = 4 [pid 510] close(3) = 0 [pid 510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 510] write(1, "executing program\n", 18executing program ) = 18 [pid 510] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 510] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 510] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 510] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 510] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 510] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 510] memfd_create("syzkaller", 0) = 5 [pid 510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 510] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 510] munmap(0x7f3700518000, 138412032) = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 510] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 510] close(5) = 0 [pid 510] close(6) = 0 [pid 510] mkdir("./file0", 0777) = 0 [pid 510] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 510] chdir("./file0") = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 510] ioctl(6, LOOP_CLR_FD) = 0 [pid 510] close(6) = 0 [pid 510] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 510] write(6, "#! ./file1\n", 11) = 11 [pid 510] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 510] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=510, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 29.903699][ T510] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.932262][ T511] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-510: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 515 attached , child_tidptr=0x555586f15650) = 515 [pid 515] set_robust_list(0x555586f15660, 24) = 0 [pid 515] chdir("./46") = 0 [pid 515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 515] setpgid(0, 0) = 0 [pid 515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 515] write(3, "1000", 4) = 4 [pid 515] close(3) = 0 [pid 515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 515] write(1, "executing program\n", 18executing program ) = 18 [pid 515] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 515] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 515] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 515] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 515] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 515] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 515] memfd_create("syzkaller", 0) = 5 [pid 515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 515] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 515] munmap(0x7f3700518000, 138412032) = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 515] close(5) = 0 [pid 515] close(6) = 0 [pid 515] mkdir("./file0", 0777) = 0 [pid 515] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 515] chdir("./file0") = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_CLR_FD) = 0 [pid 515] close(6) = 0 [pid 515] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 515] write(6, "#! ./file1\n", 11) = 11 [pid 515] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 515] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=515, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 30.046611][ T515] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.075549][ T516] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-515: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x555586f15660, 24) = 0 [pid 520] chdir("./47") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 520] write(1, "executing program\n", 18) = 18 [pid 520] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 520] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 520] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 520] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 520] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 520] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 520] memfd_create("syzkaller", 0) = 5 [pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 520] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 520] munmap(0x7f3700518000, 138412032) = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 520] close(5) = 0 [pid 520] close(6) = 0 [pid 520] mkdir("./file0", 0777) = 0 [pid 520] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 520] chdir("./file0") = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_CLR_FD) = 0 [pid 520] close(6) = 0 [pid 520] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 520] write(6, "#! ./file1\n", 11) = 11 [pid 520] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 520] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=520, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 30.193018][ T520] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.222861][ T521] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-520: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 525 ./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x555586f15660, 24) = 0 [pid 525] chdir("./48") = 0 [pid 525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 525] setpgid(0, 0) = 0 [pid 525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 525] write(3, "1000", 4) = 4 [pid 525] close(3) = 0 [pid 525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 525] write(1, "executing program\n", 18executing program ) = 18 [pid 525] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 525] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 525] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 525] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 525] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 525] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 525] memfd_create("syzkaller", 0) = 5 [pid 525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 525] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 525] munmap(0x7f3700518000, 138412032) = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 525] close(5) = 0 [pid 525] close(6) = 0 [pid 525] mkdir("./file0", 0777) = 0 [pid 525] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 525] chdir("./file0") = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_CLR_FD) = 0 [pid 525] close(6) = 0 [pid 525] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 525] write(6, "#! ./file1\n", 11) = 11 [pid 525] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 525] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=525, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 30.353398][ T525] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.381395][ T526] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-525: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 530 ./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x555586f15660, 24) = 0 [pid 530] chdir("./49") = 0 [pid 530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 530] setpgid(0, 0) = 0 [pid 530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 530] write(3, "1000", 4) = 4 [pid 530] close(3) = 0 [pid 530] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 530] write(1, "executing program\n", 18) = 18 [pid 530] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 530] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 530] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 530] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 530] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 530] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 530] memfd_create("syzkaller", 0) = 5 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 530] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 530] munmap(0x7f3700518000, 138412032) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 530] close(5) = 0 [pid 530] close(6) = 0 [pid 530] mkdir("./file0", 0777) = 0 [pid 530] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 530] chdir("./file0") = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_CLR_FD) = 0 [pid 530] close(6) = 0 [pid 530] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 530] write(6, "#! ./file1\n", 11) = 11 [pid 530] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 530] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=530, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 30.553319][ T530] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.581261][ T531] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-530: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 535 ./strace-static-x86_64: Process 535 attached [pid 535] set_robust_list(0x555586f15660, 24) = 0 [pid 535] chdir("./50") = 0 [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 535] setpgid(0, 0) = 0 [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 535] write(3, "1000", 4) = 4 [pid 535] close(3) = 0 [pid 535] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 535] write(1, "executing program\n", 18) = 18 [pid 535] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 535] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 535] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 535] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 535] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 535] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 535] memfd_create("syzkaller", 0) = 5 [pid 535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 535] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 535] munmap(0x7f3700518000, 138412032) = 0 [pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 535] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 535] close(5) = 0 [pid 535] close(6) = 0 [pid 535] mkdir("./file0", 0777) = 0 [pid 535] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 535] chdir("./file0") = 0 [pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 535] ioctl(6, LOOP_CLR_FD) = 0 [pid 535] close(6) = 0 [pid 535] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 535] write(6, "#! ./file1\n", 11) = 11 [pid 535] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 535] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=535, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 30.732948][ T535] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.756358][ T535] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor118: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586f15650) = 540 ./strace-static-x86_64: Process 540 attached [pid 540] set_robust_list(0x555586f15660, 24) = 0 [pid 540] chdir("./51") = 0 [pid 540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 540] setpgid(0, 0) = 0 [pid 540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 540] write(3, "1000", 4) = 4 [pid 540] close(3) = 0 [pid 540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 540] write(1, "executing program\n", 18executing program ) = 18 [pid 540] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 540] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 540] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 540] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 540] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 540] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 540] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 540] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 540] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 540] memfd_create("syzkaller", 0) = 5 [pid 540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 540] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 540] munmap(0x7f3700518000, 138412032) = 0 [pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 540] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 540] close(5) = 0 [pid 540] close(6) = 0 [pid 540] mkdir("./file0", 0777) = 0 [pid 540] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 540] chdir("./file0") = 0 [pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 540] ioctl(6, LOOP_CLR_FD) = 0 [pid 540] close(6) = 0 [pid 540] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 540] write(6, "#! ./file1\n", 11) = 11 [pid 540] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 540] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=540, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 30.883299][ T540] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.911188][ T541] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-540: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586f1e730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586f1e730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x555586f166f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 545 attached , child_tidptr=0x555586f15650) = 545 [pid 545] set_robust_list(0x555586f15660, 24) = 0 [pid 545] chdir("./52") = 0 [pid 545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 545] setpgid(0, 0) = 0 [pid 545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 545] write(3, "1000", 4) = 4 [pid 545] close(3) = 0 [pid 545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 545] write(1, "executing program\n", 18executing program ) = 18 [pid 545] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 545] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 545] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 545] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 545] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 545] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 545] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 545] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 545] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 545] memfd_create("syzkaller", 0) = 5 [pid 545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3700518000 [pid 545] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 545] munmap(0x7f3700518000, 138412032) = 0 [pid 545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 545] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 545] close(5) = 0 [pid 545] close(6) = 0 [pid 545] mkdir("./file0", 0777) = 0 [pid 545] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 545] chdir("./file0") = 0 [pid 545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 545] ioctl(6, LOOP_CLR_FD) = 0 [pid 545] close(6) = 0 [pid 545] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 545] write(6, "#! ./file1\n", 11) = 11 [pid 545] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 545] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_STACK_TRACE, key_size=4, value_size=8, max_entries=1, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 7 [pid 545] exit_group(0) = ? [ 31.033468][ T545] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.062007][ T546] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-545: bg 0: block 234: padding at end of block bitmap is not set [ 31.063170][ T24] kauditd_printk_skb: 6 callbacks suppressed [pid 545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=545, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 31.063179][ T24] audit: type=1400 audit(1750645647.070:80): avc: denied { map_create } for pid=545 comm="syz-executor118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 31.101991][ T24] audit: type=1400 audit(1750645647.080:81): avc: denied { bpf } for pid=545 comm="syz-executor118" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586f166f0 /* 4 entries */, 32768) = 112 [ 31.122861][ T24] audit: type=1400 audit(1750645647.080:82): avc: denied { map_read map_write } for pid=545 comm="syz-executor118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 31.144011][ T7] ------------[ cut here ]------------ [ 31.149655][ T7] kernel BUG at fs/ext4/inode.c:2778! [ 31.155122][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 31.161189][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 31.170964][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.181014][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 31.186972][ T7] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 31.192675][ T7] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 31.212269][ T7] RSP: 0018:ffffc90000077180 EFLAGS: 00010293 [ 31.218321][ T7] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff8881002493c0 [ 31.226275][ T7] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 31.234237][ T7] RBP: ffffc900000774f0 R08: dffffc0000000000 R09: ffffed10242c60c8 [ 31.242194][ T7] R10: ffffed10242c60c8 R11: 1ffff110242c60c7 R12: dffffc0000000000 [ 31.250146][ T7] R13: ffff88811562a000 R14: 0000008000000000 R15: ffff888121630638 [ 31.258092][ T7] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 31.266986][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.273536][ T7] CR2: 000000000064a110 CR3: 00000001065fb000 CR4: 00000000003506b0 [ 31.281476][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.289439][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.297420][ T7] Call Trace: [ 31.300688][ T7] ? __kasan_check_write+0x14/0x20 [ 31.305771][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 31.310414][ T7] ? update_load_avg+0xdf5/0x14f0 [ 31.315409][ T7] ? ext4_readpage+0x220/0x220 [ 31.320141][ T7] ? enqueue_task_fair+0xac3/0x2250 [ 31.325312][ T7] ? ext4_readpage+0x220/0x220 [ 31.330047][ T7] do_writepages+0x12a/0x270 [ 31.334603][ T7] ? __writepage+0x130/0x130 [ 31.339164][ T7] ? __kasan_check_write+0x14/0x20 [ 31.344243][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 31.348893][ T7] ? __kasan_check_write+0x14/0x20 [ 31.353969][ T7] __writeback_single_inode+0xd5/0xa20 [ 31.359394][ T7] ? wbc_attach_and_unlock_inode+0x385/0x590 [ 31.365363][ T7] writeback_sb_inodes+0x860/0x1400 [ 31.370539][ T7] ? queue_io+0x4c0/0x4c0 [ 31.374842][ T7] ? __kasan_check_read+0x11/0x20 [ 31.379833][ T7] ? queue_io+0x385/0x4c0 [ 31.384130][ T7] wb_writeback+0x3e3/0xb90 [ 31.388600][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 31.394198][ T7] ? set_worker_desc+0x155/0x1c0 [ 31.399099][ T7] ? sched_clock_cpu+0x1b/0x3d0 [ 31.403917][ T7] ? __kasan_check_write+0x14/0x20 [ 31.408994][ T7] wb_workfn+0x38f/0xe20 [ 31.413207][ T7] ? inode_wait_for_writeback+0x200/0x200 [ 31.418896][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.424060][ T7] ? finish_task_switch+0x12e/0x5a0 [ 31.429223][ T7] ? switch_mm_irqs_off+0x763/0x9a0 [ 31.434392][ T7] ? __switch_to_asm+0x34/0x60 [ 31.439121][ T7] ? __schedule+0xb4f/0x1310 [ 31.443679][ T7] ? __kasan_check_read+0x11/0x20 [ 31.448671][ T7] ? read_word_at_a_time+0x12/0x20 [ 31.453752][ T7] ? strscpy+0x9b/0x290 [ 31.457875][ T7] process_one_work+0x6e1/0xba0 [ 31.462692][ T7] worker_thread+0xa6a/0x13b0 [ 31.467335][ T7] kthread+0x346/0x3d0 [ 31.471367][ T7] ? worker_clr_flags+0x190/0x190 [ 31.476355][ T7] ? kthread_blkcg+0xd0/0xd0 [ 31.480915][ T7] ret_from_fork+0x1f/0x30 [ 31.485301][ T7] Modules linked in: [ 31.489308][ T7] ---[ end trace 8e8a36c1f1368d02 ]--- [ 31.494805][ T7] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 31.500501][ T7] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 31.520148][ T7] RSP: 0018:ffffc90000077180 EFLAGS: 00010293 [ 31.526226][ T7] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff8881002493c0 [ 31.534216][ T7] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 31.542192][ T7] RBP: ffffc900000774f0 R08: dffffc0000000000 R09: ffffed10242c60c8 [ 31.550136][ T7] R10: ffffed10242c60c8 R11: 1ffff110242c60c7 R12: dffffc0000000000 [ 31.558107][ T7] R13: ffff88811562a000 R14: 0000008000000000 R15: ffff888121630638 [ 31.566075][ T7] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 31.574994][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.581557][ T7] CR2: 000000000064a110 CR3: 00000001065fb000 CR4: 00000000003506b0 [ 31.589534][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.597501][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.605475][ T7] Kernel panic - not syncing: Fatal exception [ 31.606486][ T24] audit: type=1400 audit(1750645647.610:83): avc: denied { read } for pid=76 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 31.633282][ T7] Kernel Offset: disabled [ 31.637601][ T7] Rebooting in 86400 seconds..