./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4284381968 <...> [ 4.471566][ T94] udevd[94]: starting eudev-3.2.11 [ 6.063498][ T24] kauditd_printk_skb: 47 callbacks suppressed [ 6.063511][ T24] audit: type=1400 audit(1744423234.990:58): avc: denied { use } for pid=175 comm="ssh-keygen" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 6.126783][ T24] audit: type=1400 audit(1744423235.060:59): avc: denied { search } for pid=175 comm="ssh-keygen" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 6.162082][ T24] audit: type=1400 audit(1744423235.090:60): avc: denied { use } for pid=180 comm="sshd" path="/dev/null" dev="devtmpfs" ino=4 scontext=system_u:system_r:sshd_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 13.123079][ T24] audit: type=1400 audit(1744423242.050:61): avc: denied { transition } for pid=218 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.126196][ T24] audit: type=1400 audit(1744423242.050:62): avc: denied { noatsecure } for pid=218 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.130193][ T24] audit: type=1400 audit(1744423242.050:63): avc: denied { write } for pid=218 comm="sh" path="pipe:[13024]" dev="pipefs" ino=13024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.133573][ T24] audit: type=1400 audit(1744423242.050:64): avc: denied { rlimitinh } for pid=218 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.136446][ T24] audit: type=1400 audit(1744423242.050:65): avc: denied { siginh } for pid=218 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.171' (ED25519) to the list of known hosts. execve("./syz-executor4284381968", ["./syz-executor4284381968"], 0x7fffbfecc3a0 /* 10 vars */) = 0 brk(NULL) = 0x55558fdec000 brk(0x55558fdecd00) = 0x55558fdecd00 arch_prctl(ARCH_SET_FS, 0x55558fdec380) = 0 set_tid_address(0x55558fdec650) = 288 set_robust_list(0x55558fdec660, 24) = 0 rseq(0x55558fdecca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4284381968", 4096) = 28 getrandom("\x67\x1e\x99\x60\x45\x8f\x2b\xfb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558fdecd00 brk(0x55558fe0dd00) = 0x55558fe0dd00 brk(0x55558fe0e000) = 0x55558fe0e000 mprotect(0x7f952b3ee000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.exW2HO", 0700) = 0 chmod("./syzkaller.exW2HO", 0777) = 0 chdir("./syzkaller.exW2HO") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 290 executing program ./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x55558fdec660, 24) = 0 [pid 290] chdir("./0") = 0 [pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 290] setpgid(0, 0) = 0 [pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 290] write(3, "1000", 4) = 4 [pid 290] close(3) = 0 [pid 290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] write(1, "executing program\n", 18) = 18 [pid 290] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 290] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 290] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 290] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 290] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 290] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 290] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 290] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 290] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 290] memfd_create("syzkaller", 0) = 5 [pid 290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 290] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 23.006979][ T24] audit: type=1400 audit(1744423251.940:66): avc: denied { execmem } for pid=288 comm="syz-executor428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.027163][ T24] audit: type=1400 audit(1744423251.940:67): avc: denied { read write } for pid=288 comm="syz-executor428" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 290] munmap(0x7f9522f3b000, 138412032) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 290] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 290] close(5) = 0 [pid 290] close(6) = 0 [pid 290] mkdir("./file0", 0777) = 0 [ 23.051461][ T24] audit: type=1400 audit(1744423251.940:68): avc: denied { open } for pid=288 comm="syz-executor428" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.075659][ T24] audit: type=1400 audit(1744423251.940:69): avc: denied { ioctl } for pid=288 comm="syz-executor428" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.101947][ T24] audit: type=1400 audit(1744423251.970:70): avc: denied { read write } for pid=290 comm="syz-executor428" name="vhost-vsock" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.125666][ T24] audit: type=1400 audit(1744423251.970:71): avc: denied { open } for pid=290 comm="syz-executor428" path="/dev/vhost-vsock" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.149372][ T24] audit: type=1400 audit(1744423251.970:72): avc: denied { ioctl } for pid=290 comm="syz-executor428" path="/dev/vhost-vsock" dev="devtmpfs" ino=258 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.174502][ T24] audit: type=1400 audit(1744423252.010:73): avc: denied { mounton } for pid=290 comm="syz-executor428" path="/root/syzkaller.exW2HO/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 290] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 290] chdir("./file0") = 0 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 290] ioctl(6, LOOP_CLR_FD) = 0 [pid 290] close(6) = 0 [pid 290] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 23.208118][ T290] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.227961][ T24] audit: type=1400 audit(1744423252.160:74): avc: denied { mount } for pid=290 comm="syz-executor428" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 290] write(6, "#! ./file1\n", 11) = 11 [pid 290] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 290] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 290] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 290] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=290, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 23.255947][ T24] audit: type=1400 audit(1744423252.180:75): avc: denied { write } for pid=290 comm="syz-executor428" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.278909][ T291] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-290: bg 0: block 234: padding at end of block bitmap is not set umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x55558fdec660, 24) = 0 [pid 296] chdir("./1") = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] write(1, "executing program\n", 18executing program ) = 18 [pid 296] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 296] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 296] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 296] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 296] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 296] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 296] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 296] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 296] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 296] memfd_create("syzkaller", 0) = 5 [pid 296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 296] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 296] munmap(0x7f9522f3b000, 138412032) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 296] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 296] close(5) = 0 [pid 296] close(6) = 0 [pid 296] mkdir("./file0", 0777) = 0 [pid 296] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 296] chdir("./file0") = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 296] ioctl(6, LOOP_CLR_FD) = 0 [pid 296] close(6) = 0 [pid 296] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 296] write(6, "#! ./file1\n", 11) = 11 [pid 296] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 296] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 296] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 296] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=296, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 23.457935][ T296] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.479557][ T296] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 301 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x55558fdec660, 24) = 0 [pid 301] chdir("./2") = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 301] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 301] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 301] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 301] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 301] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 301] memfd_create("syzkaller", 0) = 5 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 301] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 301] munmap(0x7f9522f3b000, 138412032) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 301] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 301] close(5) = 0 [pid 301] close(6) = 0 [pid 301] mkdir("./file0", 0777) = 0 [pid 301] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 301] chdir("./file0") = 0 [pid 301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 301] ioctl(6, LOOP_CLR_FD) = 0 [pid 301] close(6) = 0 [pid 301] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 301] write(6, "#! ./file1\n", 11) = 11 [pid 301] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 301] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 301] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=301, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 23.646246][ T301] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.673617][ T302] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-301: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x55558fdec660, 24) = 0 [pid 306] chdir("./3") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 306] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 306] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 306] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 306] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 306] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 306] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 306] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 306] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 306] memfd_create("syzkaller", 0) = 5 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 executing program [pid 306] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 306] munmap(0x7f9522f3b000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 306] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 306] close(5) = 0 [pid 306] close(6) = 0 [pid 306] mkdir("./file0", 0777) = 0 [pid 306] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 306] chdir("./file0") = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 306] ioctl(6, LOOP_CLR_FD) = 0 [pid 306] close(6) = 0 [pid 306] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 306] write(6, "#! ./file1\n", 11) = 11 [pid 306] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 306] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 306] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=306, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 23.847606][ T306] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.879442][ T307] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-306: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 311 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x55558fdec660, 24) = 0 [pid 311] chdir("./4") = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 311] write(1, "executing program\n", 18) = 18 [pid 311] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 311] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 311] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 311] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 311] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 311] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 311] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 311] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 311] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 311] memfd_create("syzkaller", 0) = 5 [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 311] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 311] munmap(0x7f9522f3b000, 138412032) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 311] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 311] close(5) = 0 [pid 311] close(6) = 0 [pid 311] mkdir("./file0", 0777) = 0 [pid 311] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 311] chdir("./file0") = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 311] ioctl(6, LOOP_CLR_FD) = 0 [pid 311] close(6) = 0 [pid 311] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 311] write(6, "#! ./file1\n", 11) = 11 [pid 311] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.057745][ T311] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 311] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 311] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=311, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 24.098606][ T312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-311: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 316 ./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x55558fdec660, 24) = 0 [pid 316] chdir("./5") = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] setpgid(0, 0) = 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 [pid 316] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 316] write(1, "executing program\n", 18) = 18 [pid 316] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 316] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 316] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 316] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 316] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 316] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 316] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 316] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 316] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 316] memfd_create("syzkaller", 0) = 5 [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 316] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 316] munmap(0x7f9522f3b000, 138412032) = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 316] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 316] close(5) = 0 [pid 316] close(6) = 0 [pid 316] mkdir("./file0", 0777) = 0 [pid 316] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 316] chdir("./file0") = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 316] ioctl(6, LOOP_CLR_FD) = 0 [pid 316] close(6) = 0 [pid 316] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 316] write(6, "#! ./file1\n", 11) = 11 [pid 316] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 316] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 316] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 316] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=316, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x55558fdec660, 24) = 0 [pid 322] chdir("./6") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 322] write(1, "executing program\n", 18executing program ) = 18 [pid 322] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 322] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 322] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 322] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 322] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 322] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 322] memfd_create("syzkaller", 0) = 5 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [ 24.247728][ T316] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.271730][ T316] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set [pid 322] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 322] munmap(0x7f9522f3b000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 322] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 322] close(5) = 0 [pid 322] close(6) = 0 [pid 322] mkdir("./file0", 0777) = 0 [pid 322] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 322] chdir("./file0") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 322] ioctl(6, LOOP_CLR_FD) = 0 [pid 322] close(6) = 0 [pid 322] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 322] write(6, "#! ./file1\n", 11) = 11 [pid 322] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 322] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 322] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=322, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 24.347724][ T322] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.374660][ T322] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 327 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x55558fdec660, 24) = 0 [pid 327] chdir("./7") = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 327] write(1, "executing program\n", 18) = 18 [pid 327] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 327] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 327] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 327] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 327] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 327] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 327] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 327] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 327] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 327] memfd_create("syzkaller", 0) = 5 [pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 327] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 327] munmap(0x7f9522f3b000, 138412032) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 327] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 327] close(5) = 0 [pid 327] close(6) = 0 [pid 327] mkdir("./file0", 0777) = 0 [pid 327] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 327] chdir("./file0") = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 327] ioctl(6, LOOP_CLR_FD) = 0 [pid 327] close(6) = 0 [pid 327] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 327] write(6, "#! ./file1\n", 11) = 11 [pid 327] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.587717][ T327] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 327] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 327] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 327] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=327, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 24.628427][ T328] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-327: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x55558fdec660, 24) = 0 [pid 332] chdir("./8") = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 332] write(1, "executing program\n", 18) = 18 [pid 332] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 332] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 332] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 332] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 332] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 332] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 332] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 332] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 332] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 332] memfd_create("syzkaller", 0) = 5 [pid 332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 332] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 332] munmap(0x7f9522f3b000, 138412032) = 0 [pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 332] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 332] close(5) = 0 [pid 332] close(6) = 0 [pid 332] mkdir("./file0", 0777) = 0 [pid 332] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 332] chdir("./file0") = 0 [pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 332] ioctl(6, LOOP_CLR_FD) = 0 [pid 332] close(6) = 0 [pid 332] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 332] write(6, "#! ./file1\n", 11) = 11 [pid 332] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 332] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 332] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 332] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=332, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 24.765100][ T332] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.787457][ T332] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 337 ./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x55558fdec660, 24) = 0 [pid 337] chdir("./9") = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 337] write(1, "executing program\n", 18executing program ) = 18 [pid 337] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 337] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 337] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 337] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 337] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 337] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 337] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 337] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 337] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 337] memfd_create("syzkaller", 0) = 5 [pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 337] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 337] munmap(0x7f9522f3b000, 138412032) = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 337] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 337] close(5) = 0 [pid 337] close(6) = 0 [pid 337] mkdir("./file0", 0777) = 0 [pid 337] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 337] chdir("./file0") = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 337] ioctl(6, LOOP_CLR_FD) = 0 [pid 337] close(6) = 0 [pid 337] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 337] write(6, "#! ./file1\n", 11) = 11 [pid 337] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 337] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [ 24.957605][ T337] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 337] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 337] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=337, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 24.997314][ T338] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-337: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x55558fdec660, 24) = 0 [pid 342] chdir("./10") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 342] write(1, "executing program\n", 18) = 18 [pid 342] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 342] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 342] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 342] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 342] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 342] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 342] memfd_create("syzkaller", 0) = 5 [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 342] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 342] munmap(0x7f9522f3b000, 138412032) = 0 [pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 342] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 342] close(5) = 0 [pid 342] close(6) = 0 [pid 342] mkdir("./file0", 0777) = 0 [pid 342] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 342] chdir("./file0") = 0 [pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 342] ioctl(6, LOOP_CLR_FD) = 0 [pid 342] close(6) = 0 [pid 342] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 342] write(6, "#! ./file1\n", 11) = 11 [pid 342] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 342] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 342] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 342] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=342, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 25.097842][ T342] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.128700][ T343] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-342: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 347 ./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x55558fdec660, 24) = 0 [pid 347] chdir("./11") = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [pid 347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 347] write(1, "executing program\n", 18) = 18 [pid 347] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 347] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 347] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 347] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 347] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 347] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 347] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 347] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 347] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 347] memfd_create("syzkaller", 0) = 5 [pid 347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 347] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 347] munmap(0x7f9522f3b000, 138412032) = 0 [pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 347] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 347] close(5) = 0 [pid 347] close(6) = 0 [pid 347] mkdir("./file0", 0777) = 0 [pid 347] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 347] chdir("./file0") = 0 [pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 347] ioctl(6, LOOP_CLR_FD) = 0 [pid 347] close(6) = 0 [pid 347] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 347] write(6, "#! ./file1\n", 11) = 11 [pid 347] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 347] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 347] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 347] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=347, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 25.347628][ T347] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.379114][ T348] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-347: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 353 ./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x55558fdec660, 24) = 0 [pid 353] chdir("./12") = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 353] setpgid(0, 0) = 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 353] write(1, "executing program\n", 18executing program ) = 18 [pid 353] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 353] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 353] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 353] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 353] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 353] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 353] memfd_create("syzkaller", 0) = 5 [pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 353] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 353] munmap(0x7f9522f3b000, 138412032) = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 353] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 353] close(5) = 0 [pid 353] close(6) = 0 [pid 353] mkdir("./file0", 0777) = 0 [pid 353] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 353] chdir("./file0") = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 353] ioctl(6, LOOP_CLR_FD) = 0 [pid 353] close(6) = 0 [pid 353] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 353] write(6, "#! ./file1\n", 11) = 11 [pid 353] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 353] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 353] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 353] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=353, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 358 ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x55558fdec660, 24) = 0 [pid 358] chdir("./13") = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 358] write(1, "executing program\n", 18executing program ) = 18 [pid 358] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 358] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 358] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 358] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 358] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 358] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 358] memfd_create("syzkaller", 0) = 5 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [ 25.537882][ T353] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.563037][ T353] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set [pid 358] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 358] munmap(0x7f9522f3b000, 138412032) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 358] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 358] close(5) = 0 [pid 358] close(6) = 0 [pid 358] mkdir("./file0", 0777) = 0 [pid 358] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 358] chdir("./file0") = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 358] ioctl(6, LOOP_CLR_FD) = 0 [pid 358] close(6) = 0 [pid 358] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 358] write(6, "#! ./file1\n", 11) = 11 [pid 358] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 358] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 358] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 358] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=358, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 25.637648][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.666135][ T359] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-358: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x55558fdec660, 24) = 0 [pid 363] chdir("./14") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18executing program ) = 18 [pid 363] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 363] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 363] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 363] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 363] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 363] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 363] memfd_create("syzkaller", 0) = 5 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 363] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 363] munmap(0x7f9522f3b000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 363] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 363] close(5) = 0 [pid 363] close(6) = 0 [pid 363] mkdir("./file0", 0777) = 0 [pid 363] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 363] chdir("./file0") = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 363] ioctl(6, LOOP_CLR_FD) = 0 [pid 363] close(6) = 0 [pid 363] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 363] write(6, "#! ./file1\n", 11) = 11 [pid 363] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 363] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 363] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 363] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=363, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 25.807884][ T363] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.832677][ T364] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-363: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 368 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x55558fdec660, 24) = 0 [pid 368] chdir("./15") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 368] write(1, "executing program\n", 18) = 18 [pid 368] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 368] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 368] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 368] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 368] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 368] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 368] memfd_create("syzkaller", 0) = 5 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 368] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7f9522f3b000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 368] close(5) = 0 [pid 368] close(6) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_CLR_FD) = 0 [pid 368] close(6) = 0 [pid 368] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 368] write(6, "#! ./file1\n", 11) = 11 [pid 368] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 368] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 368] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=368, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 25.967622][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.998938][ T369] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-368: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x55558fdec660, 24) = 0 [pid 373] chdir("./16") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] write(1, "executing program\n", 18) = 18 [pid 373] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 373] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 373] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 373] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 373] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 373] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 373] memfd_create("syzkaller", 0) = 5 [pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 373] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 373] munmap(0x7f9522f3b000, 138412032) = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 373] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 373] close(5) = 0 [pid 373] close(6) = 0 [pid 373] mkdir("./file0", 0777) = 0 [pid 373] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 373] chdir("./file0") = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 373] ioctl(6, LOOP_CLR_FD) = 0 [pid 373] close(6) = 0 [pid 373] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 373] write(6, "#! ./file1\n", 11) = 11 [pid 373] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 373] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 373] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=373, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 26.167832][ T373] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.196752][ T374] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-373: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 378 ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x55558fdec660, 24) = 0 [pid 378] chdir("./17") = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 378] write(1, "executing program\n", 18) = 18 executing program [pid 378] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 378] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 378] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 378] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 378] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 378] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 378] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 378] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 378] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 378] memfd_create("syzkaller", 0) = 5 [pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 378] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 378] munmap(0x7f9522f3b000, 138412032) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 378] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 378] close(5) = 0 [pid 378] close(6) = 0 [pid 378] mkdir("./file0", 0777) = 0 [pid 378] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 378] chdir("./file0") = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 378] ioctl(6, LOOP_CLR_FD) = 0 [pid 378] close(6) = 0 [pid 378] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 378] write(6, "#! ./file1\n", 11) = 11 [pid 378] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 378] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 378] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 378] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=378, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x55558fdec660, 24) = 0 [ 26.297961][ T378] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.322987][ T378] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set [pid 384] chdir("./18") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 384] write(1, "executing program\n", 18executing program ) = 18 [pid 384] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 384] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 384] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 384] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 384] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 384] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 384] memfd_create("syzkaller", 0) = 5 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 384] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 384] munmap(0x7f9522f3b000, 138412032) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 384] close(5) = 0 [pid 384] close(6) = 0 [pid 384] mkdir("./file0", 0777) = 0 [pid 384] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 384] chdir("./file0") = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_CLR_FD) = 0 [pid 384] close(6) = 0 [pid 384] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 384] write(6, "#! ./file1\n", 11) = 11 [pid 384] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 384] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 384] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=384, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 26.407661][ T384] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.436723][ T385] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-384: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 389 ./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x55558fdec660, 24) = 0 [pid 389] chdir("./19") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] write(1, "executing program\n", 18) = 18 [pid 389] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 389] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 389] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 389] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 389] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 389] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 389] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 389] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 389] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 389] memfd_create("syzkaller", 0) = 5 [pid 389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 389] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 389] munmap(0x7f9522f3b000, 138412032) = 0 [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 389] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 389] close(5) = 0 [pid 389] close(6) = 0 [pid 389] mkdir("./file0", 0777) = 0 [pid 389] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 389] chdir("./file0") = 0 [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 389] ioctl(6, LOOP_CLR_FD) = 0 [pid 389] close(6) = 0 [pid 389] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 389] write(6, "#! ./file1\n", 11) = 11 [pid 389] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 389] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 389] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 389] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=389, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 26.517742][ T389] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.539777][ T389] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 394 ./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x55558fdec660, 24) = 0 [pid 394] chdir("./20") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 394] write(1, "executing program\n", 18) = 18 [pid 394] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 394] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 394] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 394] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 394] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 394] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 394] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 394] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 394] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 394] memfd_create("syzkaller", 0) = 5 [pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 394] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 394] munmap(0x7f9522f3b000, 138412032) = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 394] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 394] close(5) = 0 [pid 394] close(6) = 0 [pid 394] mkdir("./file0", 0777) = 0 [pid 394] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 394] chdir("./file0") = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 394] ioctl(6, LOOP_CLR_FD) = 0 [pid 394] close(6) = 0 [pid 394] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 394] write(6, "#! ./file1\n", 11) = 11 [pid 394] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 394] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 394] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 394] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=394, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 26.687841][ T394] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.716095][ T395] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-394: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 399 ./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x55558fdec660, 24) = 0 [pid 399] chdir("./21") = 0 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 399] setpgid(0, 0) = 0 [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 399] write(3, "1000", 4) = 4 [pid 399] close(3) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 399] write(1, "executing program\n", 18) = 18 executing program [pid 399] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 399] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 399] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 399] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 399] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 399] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 399] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 399] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 399] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 399] memfd_create("syzkaller", 0) = 5 [pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 399] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 399] munmap(0x7f9522f3b000, 138412032) = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 399] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 399] close(5) = 0 [pid 399] close(6) = 0 [pid 399] mkdir("./file0", 0777) = 0 [pid 399] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 399] chdir("./file0") = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 399] ioctl(6, LOOP_CLR_FD) = 0 [pid 399] close(6) = 0 [pid 399] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 399] write(6, "#! ./file1\n", 11) = 11 [pid 399] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 399] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 399] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 399] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=399, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 26.827968][ T399] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.850195][ T399] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x55558fdec660, 24executing program ) = 0 [pid 404] chdir("./22") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] write(1, "executing program\n", 18) = 18 [pid 404] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 404] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 404] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 404] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 404] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 404] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 404] memfd_create("syzkaller", 0) = 5 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 404] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 404] munmap(0x7f9522f3b000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 404] close(5) = 0 [pid 404] close(6) = 0 [pid 404] mkdir("./file0", 0777) = 0 [pid 404] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_CLR_FD) = 0 [pid 404] close(6) = 0 [pid 404] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 404] write(6, "#! ./file1\n", 11) = 11 [pid 404] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 404] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 404] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 404] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=404, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 26.957959][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.980322][ T404] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558fdec650) = 409 ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x55558fdec660, 24) = 0 [pid 409] chdir("./23") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 409] write(1, "executing program\n", 18) = 18 [pid 409] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 409] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 409] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 409] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 409] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 409] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 409] memfd_create("syzkaller", 0) = 5 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 409] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 409] munmap(0x7f9522f3b000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 409] close(5) = 0 [pid 409] close(6) = 0 [pid 409] mkdir("./file0", 0777) = 0 [pid 409] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 409] chdir("./file0") = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_CLR_FD) = 0 [pid 409] close(6) = 0 [pid 409] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 409] write(6, "#! ./file1\n", 11) = 11 [pid 409] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 409] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 409] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=409, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 27.087726][ T409] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.111633][ T409] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x55558fdec660, 24) = 0 [pid 414] chdir("./24") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] write(1, "executing program\n", 18executing program ) = 18 [pid 414] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 414] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 414] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 414] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 414] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 414] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 414] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 414] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 414] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 414] memfd_create("syzkaller", 0) = 5 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 414] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 414] munmap(0x7f9522f3b000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 414] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 414] close(5) = 0 [pid 414] close(6) = 0 [pid 414] mkdir("./file0", 0777) = 0 [pid 414] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 414] chdir("./file0") = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 414] ioctl(6, LOOP_CLR_FD) = 0 [pid 414] close(6) = 0 [pid 414] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 414] write(6, "#! ./file1\n", 11) = 11 [pid 414] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 414] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 414] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 414] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=414, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x55558fdec660, 24) = 0 [pid 420] chdir("./25") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] write(1, "executing program\n", 18) = 18 [pid 420] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 420] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 420] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 420] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 420] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 420] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 420] memfd_create("syzkaller", 0) = 5 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [ 27.297329][ T414] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.320955][ T414] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set [pid 420] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 420] munmap(0x7f9522f3b000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 420] close(5) = 0 [pid 420] close(6) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 420] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 420] chdir("./file0") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_CLR_FD) = 0 [pid 420] close(6) = 0 [pid 420] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 420] write(6, "#! ./file1\n", 11) = 11 [pid 420] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 420] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 420] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=420, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 27.397968][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.422178][ T420] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 425 ./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x55558fdec660, 24) = 0 [pid 425] chdir("./26") = 0 [pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 425] setpgid(0, 0) = 0 [pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 425] write(3, "1000", 4) = 4 [pid 425] close(3) = 0 [pid 425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 425] write(1, "executing program\n", 18executing program ) = 18 [pid 425] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 425] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 425] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 425] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 425] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 425] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 425] memfd_create("syzkaller", 0) = 5 [pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 425] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 425] munmap(0x7f9522f3b000, 138412032) = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 425] close(5) = 0 [pid 425] close(6) = 0 [pid 425] mkdir("./file0", 0777) = 0 [pid 425] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 425] chdir("./file0") = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_CLR_FD) = 0 [pid 425] close(6) = 0 [pid 425] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 425] write(6, "#! ./file1\n", 11) = 11 [pid 425] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 425] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 425] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=425, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 27.567754][ T425] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.596370][ T426] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-425: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558fdec650) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x55558fdec660, 24) = 0 [pid 430] chdir("./27") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] write(1, "executing program\n", 18) = 18 [pid 430] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 430] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 430] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 430] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 430] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 430] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 430] memfd_create("syzkaller", 0) = 5 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 430] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 430] munmap(0x7f9522f3b000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 430] close(5) = 0 [pid 430] close(6) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 430] chdir("./file0") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_CLR_FD) = 0 [pid 430] close(6) = 0 [pid 430] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 430] write(6, "#! ./file1\n", 11) = 11 [pid 430] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 430] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 430] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=430, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 27.747598][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.771609][ T431] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-430: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x55558fdec660, 24) = 0 [pid 435] chdir("./28") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] write(1, "executing program\n", 18executing program ) = 18 [pid 435] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 435] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 435] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 435] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 435] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 435] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 435] memfd_create("syzkaller", 0) = 5 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 435] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 435] munmap(0x7f9522f3b000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 435] close(5) = 0 [pid 435] close(6) = 0 [pid 435] mkdir("./file0", 0777) = 0 [pid 435] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_CLR_FD) = 0 [pid 435] close(6) = 0 [pid 435] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 435] write(6, "#! ./file1\n", 11) = 11 [pid 435] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 435] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 435] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=435, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 27.967763][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.991469][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 440 ./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x55558fdec660, 24) = 0 [pid 440] chdir("./29") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 440] write(1, "executing program\n", 18executing program ) = 18 [pid 440] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 440] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 440] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 440] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 440] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 440] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 440] memfd_create("syzkaller", 0) = 5 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 440] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7f9522f3b000, 138412032) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 440] close(5) = 0 [pid 440] close(6) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 440] write(6, "#! ./file1\n", 11) = 11 [pid 440] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 440] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 440] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=440, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 28.088069][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.112581][ T440] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 445 attached , child_tidptr=0x55558fdec650) = 445 [pid 445] set_robust_list(0x55558fdec660, 24) = 0 [pid 445] chdir("./30") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 445] write(1, "executing program\n", 18) = 18 [pid 445] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 445] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 445] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 445] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 445] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 445] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 445] memfd_create("syzkaller", 0) = 5 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 445] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 445] munmap(0x7f9522f3b000, 138412032) = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 445] close(5) = 0 [pid 445] close(6) = 0 [pid 445] mkdir("./file0", 0777) = 0 [pid 445] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 445] chdir("./file0") = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_CLR_FD) = 0 [pid 445] close(6) = 0 [pid 445] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 445] write(6, "#! ./file1\n", 11) = 11 [pid 445] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 445] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 445] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=445, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 28.250501][ T445] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.272988][ T445] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set rmdir("./30/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x55558fdec660, 24) = 0 [pid 451] chdir("./31") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 451] write(1, "executing program\n", 18) = 18 [pid 451] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 451] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 451] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 451] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 451] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 451] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 451] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 451] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 451] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 451] memfd_create("syzkaller", 0) = 5 [pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 451] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 451] munmap(0x7f9522f3b000, 138412032) = 0 [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 451] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 451] close(5) = 0 [pid 451] close(6) = 0 [pid 451] mkdir("./file0", 0777) = 0 [pid 451] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 451] chdir("./file0") = 0 [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 451] ioctl(6, LOOP_CLR_FD) = 0 [pid 451] close(6) = 0 [pid 451] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 451] write(6, "#! ./file1\n", 11) = 11 [pid 451] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 451] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 451] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 451] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=451, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 28.368113][ T451] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.389995][ T451] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 456 ./strace-static-x86_64: Process 456 attached [pid 456] set_robust_list(0x55558fdec660, 24) = 0 [pid 456] chdir("./32") = 0 [pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 456] setpgid(0, 0) = 0 [pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 456] write(3, "1000", 4) = 4 [pid 456] close(3) = 0 [pid 456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 456] write(1, "executing program\n", 18executing program ) = 18 [pid 456] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 456] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 456] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 456] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 456] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 456] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 456] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 456] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 456] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 456] memfd_create("syzkaller", 0) = 5 [pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 456] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 456] munmap(0x7f9522f3b000, 138412032) = 0 [pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 456] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 456] close(5) = 0 [pid 456] close(6) = 0 [pid 456] mkdir("./file0", 0777) = 0 [pid 456] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 456] chdir("./file0") = 0 [pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 456] ioctl(6, LOOP_CLR_FD) = 0 [pid 456] close(6) = 0 [pid 456] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 456] write(6, "#! ./file1\n", 11) = 11 [pid 456] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 456] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 456] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 456] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=456, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 28.567973][ T456] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.592493][ T456] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 461 ./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x55558fdec660, 24) = 0 [pid 461] chdir("./33") = 0 [pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 461] setpgid(0, 0) = 0 [pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 461] write(3, "1000", 4) = 4 [pid 461] close(3) = 0 [pid 461] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 461] write(1, "executing program\n", 18) = 18 [pid 461] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 461] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 461] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 461] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 461] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 461] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 461] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 461] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 461] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 461] memfd_create("syzkaller", 0) = 5 [pid 461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 461] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 461] munmap(0x7f9522f3b000, 138412032) = 0 [pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 461] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 461] close(5) = 0 [pid 461] close(6) = 0 [pid 461] mkdir("./file0", 0777) = 0 [pid 461] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 461] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 461] chdir("./file0") = 0 [pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 461] ioctl(6, LOOP_CLR_FD) = 0 [pid 461] close(6) = 0 [pid 461] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 461] write(6, "#! ./file1\n", 11) = 11 [pid 461] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 461] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 461] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 461] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=461, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 466 ./strace-static-x86_64: Process 466 attached [pid 466] set_robust_list(0x55558fdec660, 24) = 0 [pid 466] chdir("./34") = 0 [pid 466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 466] setpgid(0, 0) = 0 [pid 466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 466] write(3, "1000", 4) = 4 [pid 466] close(3) = 0 [ 28.705667][ T461] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.730008][ T461] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set [pid 466] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 466] write(1, "executing program\n", 18) = 18 [pid 466] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 466] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 466] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 466] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 466] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 466] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 466] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 466] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 466] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 466] memfd_create("syzkaller", 0) = 5 [pid 466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 466] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 466] munmap(0x7f9522f3b000, 138412032) = 0 [pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 466] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 466] close(5) = 0 [pid 466] close(6) = 0 [pid 466] mkdir("./file0", 0777) = 0 [pid 466] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 466] chdir("./file0") = 0 [pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 466] ioctl(6, LOOP_CLR_FD) = 0 [pid 466] close(6) = 0 [pid 466] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 466] write(6, "#! ./file1\n", 11) = 11 [pid 466] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.807899][ T466] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 466] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 466] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 466] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=466, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 28.848375][ T467] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-466: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 471 ./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x55558fdec660, 24) = 0 [pid 471] chdir("./35") = 0 [pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 471] setpgid(0, 0) = 0 [pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 471] write(3, "1000", 4) = 4 [pid 471] close(3) = 0 [pid 471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 471] write(1, "executing program\n", 18executing program ) = 18 [pid 471] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 471] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 471] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 471] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 471] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 471] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 471] memfd_create("syzkaller", 0) = 5 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 471] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 471] munmap(0x7f9522f3b000, 138412032) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 471] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 471] close(5) = 0 [pid 471] close(6) = 0 [pid 471] mkdir("./file0", 0777) = 0 [pid 471] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 471] chdir("./file0") = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 471] ioctl(6, LOOP_CLR_FD) = 0 [pid 471] close(6) = 0 [pid 471] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 471] write(6, "#! ./file1\n", 11) = 11 [pid 471] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 471] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 471] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 471] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 29.007619][ T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.034979][ T472] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-471: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 476 ./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x55558fdec660, 24) = 0 [pid 476] chdir("./36") = 0 [pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 476] setpgid(0, 0) = 0 [pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 476] write(3, "1000", 4) = 4 [pid 476] close(3) = 0 [pid 476] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 476] write(1, "executing program\n", 18) = 18 [pid 476] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 476] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 476] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 476] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 476] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 476] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 476] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 476] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 476] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 476] memfd_create("syzkaller", 0) = 5 [pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 476] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 476] munmap(0x7f9522f3b000, 138412032) = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 476] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 476] close(5) = 0 [pid 476] close(6) = 0 [pid 476] mkdir("./file0", 0777) = 0 [pid 476] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 476] chdir("./file0") = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 476] ioctl(6, LOOP_CLR_FD) = 0 [pid 476] close(6) = 0 [pid 476] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 476] write(6, "#! ./file1\n", 11) = 11 [pid 476] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 476] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 476] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 476] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=476, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 29.128095][ T476] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.152338][ T476] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 481 ./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x55558fdec660, 24) = 0 [pid 481] chdir("./37") = 0 [pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 481] setpgid(0, 0) = 0 [pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 481] write(3, "1000", 4) = 4 [pid 481] close(3) = 0 [pid 481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 481] write(1, "executing program\n", 18executing program ) = 18 [pid 481] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 481] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 481] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 481] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 481] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 481] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 481] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 481] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 481] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 481] memfd_create("syzkaller", 0) = 5 [pid 481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 481] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 481] munmap(0x7f9522f3b000, 138412032) = 0 [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 481] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 481] close(5) = 0 [pid 481] close(6) = 0 [pid 481] mkdir("./file0", 0777) = 0 [pid 481] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 481] chdir("./file0") = 0 [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 481] ioctl(6, LOOP_CLR_FD) = 0 [pid 481] close(6) = 0 [pid 481] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 481] write(6, "#! ./file1\n", 11) = 11 [pid 481] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 481] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 481] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 481] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=481, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 29.287825][ T481] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.315052][ T482] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-481: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 487 ./strace-static-x86_64: Process 487 attached [pid 487] set_robust_list(0x55558fdec660, 24) = 0 [pid 487] chdir("./38") = 0 [pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 487] setpgid(0, 0) = 0 [pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 487] write(3, "1000", 4) = 4 [pid 487] close(3) = 0 [pid 487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 487] write(1, "executing program\n", 18executing program ) = 18 [pid 487] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 487] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 487] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 487] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 487] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 487] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 487] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 487] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 487] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 487] memfd_create("syzkaller", 0) = 5 [pid 487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 487] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 487] munmap(0x7f9522f3b000, 138412032) = 0 [pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 487] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 487] close(5) = 0 [pid 487] close(6) = 0 [pid 487] mkdir("./file0", 0777) = 0 [pid 487] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 487] chdir("./file0") = 0 [pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 487] ioctl(6, LOOP_CLR_FD) = 0 [pid 487] close(6) = 0 [pid 487] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 487] write(6, "#! ./file1\n", 11) = 11 [pid 487] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 487] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 487] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 487] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=487, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 29.487869][ T487] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.516395][ T488] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-487: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 492 ./strace-static-x86_64: Process 492 attached [pid 492] set_robust_list(0x55558fdec660, 24) = 0 [pid 492] chdir("./39") = 0 [pid 492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 492] setpgid(0, 0) = 0 [pid 492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 492] write(3, "1000", 4) = 4 [pid 492] close(3) = 0 [pid 492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 492] write(1, "executing program\n", 18executing program ) = 18 [pid 492] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 492] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 492] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 492] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 492] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 492] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 492] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 492] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 492] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 492] memfd_create("syzkaller", 0) = 5 [pid 492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 492] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 492] munmap(0x7f9522f3b000, 138412032) = 0 [pid 492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 492] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 492] close(5) = 0 [pid 492] close(6) = 0 [pid 492] mkdir("./file0", 0777) = 0 [pid 492] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 492] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 492] chdir("./file0") = 0 [pid 492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 492] ioctl(6, LOOP_CLR_FD) = 0 [pid 492] close(6) = 0 [pid 492] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 492] write(6, "#! ./file1\n", 11) = 11 [pid 492] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 492] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [ 29.627718][ T492] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 492] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 492] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=492, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 29.668087][ T493] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-492: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 497 ./strace-static-x86_64: Process 497 attached [pid 497] set_robust_list(0x55558fdec660, 24) = 0 [pid 497] chdir("./40") = 0 [pid 497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 497] setpgid(0, 0) = 0 [pid 497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 497] write(3, "1000", 4) = 4 [pid 497] close(3) = 0 [pid 497] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 497] write(1, "executing program\n", 18) = 18 [pid 497] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 497] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 497] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 497] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 497] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 497] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 497] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 497] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 497] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 497] memfd_create("syzkaller", 0) = 5 [pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 497] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 497] munmap(0x7f9522f3b000, 138412032) = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 497] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 497] close(5) = 0 [pid 497] close(6) = 0 [pid 497] mkdir("./file0", 0777) = 0 [pid 497] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 497] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 497] chdir("./file0") = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 497] ioctl(6, LOOP_CLR_FD) = 0 [pid 497] close(6) = 0 [pid 497] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 497] write(6, "#! ./file1\n", 11) = 11 [pid 497] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 497] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 497] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 497] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=497, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 29.797678][ T497] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.822258][ T497] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558fdec650) = 502 ./strace-static-x86_64: Process 502 attached [pid 502] set_robust_list(0x55558fdec660, 24) = 0 [pid 502] chdir("./41") = 0 [pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 502] setpgid(0, 0) = 0 [pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 502] write(3, "1000", 4) = 4 [pid 502] close(3) = 0 [pid 502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 502] write(1, "executing program\n", 18) = 18 [pid 502] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 502] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 502] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 502] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 502] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 502] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 502] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 502] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 502] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 502] memfd_create("syzkaller", 0) = 5 [pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 502] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 502] munmap(0x7f9522f3b000, 138412032) = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 502] close(5) = 0 [pid 502] close(6) = 0 [pid 502] mkdir("./file0", 0777) = 0 [pid 502] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 502] chdir("./file0") = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_CLR_FD) = 0 [pid 502] close(6) = 0 [pid 502] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 502] write(6, "#! ./file1\n", 11) = 11 [pid 502] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 502] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 502] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 502] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=502, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 30.027731][ T502] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.059482][ T503] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-502: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 507 ./strace-static-x86_64: Process 507 attached [pid 507] set_robust_list(0x55558fdec660, 24) = 0 [pid 507] chdir("./42") = 0 [pid 507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 507] setpgid(0, 0) = 0 [pid 507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 507] write(3, "1000", 4) = 4 [pid 507] close(3) = 0 [pid 507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 507] write(1, "executing program\n", 18executing program ) = 18 [pid 507] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 507] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 507] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 507] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 507] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 507] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 507] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 507] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 507] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 507] memfd_create("syzkaller", 0) = 5 [pid 507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 507] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 507] munmap(0x7f9522f3b000, 138412032) = 0 [pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 507] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 507] close(5) = 0 [pid 507] close(6) = 0 [pid 507] mkdir("./file0", 0777) = 0 [pid 507] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 507] chdir("./file0") = 0 [pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 507] ioctl(6, LOOP_CLR_FD) = 0 [pid 507] close(6) = 0 [pid 507] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 507] write(6, "#! ./file1\n", 11) = 11 [pid 507] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 30.210129][ T507] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 507] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 507] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 507] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=507, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 30.252710][ T508] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-507: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 513 ./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x55558fdec660, 24) = 0 [pid 513] chdir("./43") = 0 [pid 513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 513] setpgid(0, 0) = 0 [pid 513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 513] write(3, "1000", 4) = 4 [pid 513] close(3) = 0 [pid 513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 513] write(1, "executing program\n", 18) = 18 [pid 513] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 513] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 513] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 513] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 513] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 513] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 513] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 513] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 513] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 513] memfd_create("syzkaller", 0) = 5 [pid 513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 513] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 513] munmap(0x7f9522f3b000, 138412032) = 0 [pid 513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 513] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 513] close(5) = 0 [pid 513] close(6) = 0 [pid 513] mkdir("./file0", 0777) = 0 [pid 513] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 513] chdir("./file0") = 0 [pid 513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 513] ioctl(6, LOOP_CLR_FD) = 0 [pid 513] close(6) = 0 [pid 513] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 513] write(6, "#! ./file1\n", 11) = 11 [pid 513] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 513] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 513] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 513] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=513, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 30.447698][ T513] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.478352][ T513] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 518 ./strace-static-x86_64: Process 518 attached [pid 518] set_robust_list(0x55558fdec660, 24) = 0 executing program [pid 518] chdir("./44") = 0 [pid 518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 518] setpgid(0, 0) = 0 [pid 518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 518] write(3, "1000", 4) = 4 [pid 518] close(3) = 0 [pid 518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 518] write(1, "executing program\n", 18) = 18 [pid 518] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 518] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 518] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 518] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 518] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 518] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 518] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 518] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 518] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 518] memfd_create("syzkaller", 0) = 5 [pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 518] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 518] munmap(0x7f9522f3b000, 138412032) = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 518] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 518] close(5) = 0 [pid 518] close(6) = 0 [pid 518] mkdir("./file0", 0777) = 0 [pid 518] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 518] chdir("./file0") = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 518] ioctl(6, LOOP_CLR_FD) = 0 [pid 518] close(6) = 0 [pid 518] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 518] write(6, "#! ./file1\n", 11) = 11 [pid 518] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 518] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 518] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 518] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=518, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 30.597988][ T518] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.620075][ T518] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 523 ./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x55558fdec660, 24) = 0 [pid 523] chdir("./45") = 0 [pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 523] setpgid(0, 0) = 0 [pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 523] write(3, "1000", 4) = 4 [pid 523] close(3) = 0 [pid 523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 523] write(1, "executing program\n", 18executing program ) = 18 [pid 523] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 523] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 523] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 523] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 523] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 523] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 523] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 523] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 523] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 523] memfd_create("syzkaller", 0) = 5 [pid 523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 523] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 523] munmap(0x7f9522f3b000, 138412032) = 0 [pid 523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 523] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 523] close(5) = 0 [pid 523] close(6) = 0 [pid 523] mkdir("./file0", 0777) = 0 [pid 523] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 523] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 523] chdir("./file0") = 0 [pid 523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 523] ioctl(6, LOOP_CLR_FD) = 0 [pid 523] close(6) = 0 [pid 523] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 523] write(6, "#! ./file1\n", 11) = 11 [pid 523] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 523] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 523] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 523] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=523, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 30.717804][ T523] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.745668][ T524] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-523: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 528 ./strace-static-x86_64: Process 528 attached [pid 528] set_robust_list(0x55558fdec660, 24) = 0 [pid 528] chdir("./46") = 0 [pid 528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 528] setpgid(0, 0) = 0 [pid 528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 528] write(3, "1000", 4) = 4 [pid 528] close(3) = 0 [pid 528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 528] write(1, "executing program\n", 18) = 18 [pid 528] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 528] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 528] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 528] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 528] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 528] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 528] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 528] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 528] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 528] memfd_create("syzkaller", 0) = 5 [pid 528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 528] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 528] munmap(0x7f9522f3b000, 138412032) = 0 [pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 528] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 528] close(5) = 0 [pid 528] close(6) = 0 [pid 528] mkdir("./file0", 0777) = 0 [pid 528] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 528] chdir("./file0") = 0 [pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 528] ioctl(6, LOOP_CLR_FD) = 0 [pid 528] close(6) = 0 [pid 528] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 528] write(6, "#! ./file1\n", 11) = 11 [pid 528] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 528] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 528] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 528] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=528, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 30.937637][ T528] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.968803][ T529] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-528: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 533 ./strace-static-x86_64: Process 533 attached [pid 533] set_robust_list(0x55558fdec660, 24) = 0 [pid 533] chdir("./47") = 0 [pid 533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 533] setpgid(0, 0) = 0 [pid 533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 533] write(3, "1000", 4) = 4 [pid 533] close(3) = 0 [pid 533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 533] write(1, "executing program\n", 18executing program ) = 18 [pid 533] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 533] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 533] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 533] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 533] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 533] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 533] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 533] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 533] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 533] memfd_create("syzkaller", 0) = 5 [pid 533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 533] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 533] munmap(0x7f9522f3b000, 138412032) = 0 [pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 533] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 533] close(5) = 0 [pid 533] close(6) = 0 [pid 533] mkdir("./file0", 0777) = 0 [pid 533] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 533] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 533] chdir("./file0") = 0 [pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 533] ioctl(6, LOOP_CLR_FD) = 0 [pid 533] close(6) = 0 [pid 533] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 533] write(6, "#! ./file1\n", 11) = 11 [pid 533] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 533] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 533] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 533] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=533, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 538 ./strace-static-x86_64: Process 538 attached [pid 538] set_robust_list(0x55558fdec660, 24) = 0 [pid 538] chdir("./48") = 0 [pid 538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 538] setpgid(0, 0) = 0 [pid 538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 538] write(3, "1000", 4) = 4 [pid 538] close(3) = 0 [pid 538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 538] write(1, "executing program\n", 18executing program ) = 18 [pid 538] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [ 31.057705][ T533] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.081733][ T533] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set [pid 538] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 538] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 538] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 538] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 538] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 538] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 538] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 538] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 538] memfd_create("syzkaller", 0) = 5 [pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 538] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 538] munmap(0x7f9522f3b000, 138412032) = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 538] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 538] close(5) = 0 [pid 538] close(6) = 0 [pid 538] mkdir("./file0", 0777) = 0 [pid 538] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 538] chdir("./file0") = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 538] ioctl(6, LOOP_CLR_FD) = 0 [pid 538] close(6) = 0 [pid 538] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 538] write(6, "#! ./file1\n", 11) = 11 [pid 538] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 538] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 538] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 538] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=538, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 31.158473][ T538] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.188061][ T539] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-538: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 executing program ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 543 ./strace-static-x86_64: Process 543 attached [pid 543] set_robust_list(0x55558fdec660, 24) = 0 [pid 543] chdir("./49") = 0 [pid 543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 543] setpgid(0, 0) = 0 [pid 543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 543] write(3, "1000", 4) = 4 [pid 543] close(3) = 0 [pid 543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 543] write(1, "executing program\n", 18) = 18 [pid 543] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 543] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 543] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 543] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 543] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 543] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 543] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 543] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 543] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 543] memfd_create("syzkaller", 0) = 5 [pid 543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 543] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 543] munmap(0x7f9522f3b000, 138412032) = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 543] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 543] close(5) = 0 [pid 543] close(6) = 0 [pid 543] mkdir("./file0", 0777) = 0 [pid 543] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 543] chdir("./file0") = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 543] ioctl(6, LOOP_CLR_FD) = 0 [pid 543] close(6) = 0 [pid 543] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 543] write(6, "#! ./file1\n", 11) = 11 [pid 543] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 543] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [ 31.417584][ T543] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 543] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 543] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=543, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 31.458825][ T543] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 549 ./strace-static-x86_64: Process 549 attached [pid 549] set_robust_list(0x55558fdec660, 24) = 0 [pid 549] chdir("./50") = 0 [pid 549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 549] setpgid(0, 0) = 0 [pid 549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 549] write(3, "1000", 4) = 4 [pid 549] close(3) = 0 [pid 549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 549] write(1, "executing program\n", 18executing program ) = 18 [pid 549] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 549] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 549] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 549] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 549] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 549] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 549] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 549] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 549] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 549] memfd_create("syzkaller", 0) = 5 [pid 549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 549] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 549] munmap(0x7f9522f3b000, 138412032) = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 549] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 549] close(5) = 0 [pid 549] close(6) = 0 [pid 549] mkdir("./file0", 0777) = 0 [pid 549] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 549] chdir("./file0") = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 549] ioctl(6, LOOP_CLR_FD) = 0 [pid 549] close(6) = 0 [pid 549] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 549] write(6, "#! ./file1\n", 11) = 11 [pid 549] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 549] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 549] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 549] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=549, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 31.598002][ T549] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.627450][ T550] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-549: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 554 ./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x55558fdec660, 24) = 0 [pid 554] chdir("./51") = 0 [pid 554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 554] setpgid(0, 0) = 0 [pid 554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 554] write(3, "1000", 4) = 4 [pid 554] close(3) = 0 [pid 554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 554] write(1, "executing program\n", 18) = 18 [pid 554] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 554] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 554] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 554] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 554] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 554] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 554] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 554] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 554] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 554] memfd_create("syzkaller", 0) = 5 [pid 554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 554] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 554] munmap(0x7f9522f3b000, 138412032) = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 554] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 554] close(5) = 0 [pid 554] close(6) = 0 [pid 554] mkdir("./file0", 0777) = 0 [pid 554] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 554] chdir("./file0") = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 554] ioctl(6, LOOP_CLR_FD) = 0 [pid 554] close(6) = 0 [pid 554] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 554] write(6, "#! ./file1\n", 11) = 11 [pid 554] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 554] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 554] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 554] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=554, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 31.787686][ T554] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.818875][ T555] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-554: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 559 ./strace-static-x86_64: Process 559 attached [pid 559] set_robust_list(0x55558fdec660, 24) = 0 [pid 559] chdir("./52") = 0 [pid 559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 559] setpgid(0, 0) = 0 [pid 559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 559] write(3, "1000", 4) = 4 [pid 559] close(3) = 0 [pid 559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 559] write(1, "executing program\n", 18executing program ) = 18 [pid 559] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 559] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 559] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 559] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 559] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 559] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 559] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 559] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 559] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 559] memfd_create("syzkaller", 0) = 5 [pid 559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 559] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 559] munmap(0x7f9522f3b000, 138412032) = 0 [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 559] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 559] close(5) = 0 [pid 559] close(6) = 0 [pid 559] mkdir("./file0", 0777) = 0 [pid 559] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 559] chdir("./file0") = 0 [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 559] ioctl(6, LOOP_CLR_FD) = 0 [pid 559] close(6) = 0 [pid 559] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 559] write(6, "#! ./file1\n", 11) = 11 [pid 559] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 31.997709][ T559] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 559] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 559] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 559] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=559, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 32.038259][ T560] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-559: bg 0: block 234: padding at end of block bitmap is not set newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 564 ./strace-static-x86_64: Process 564 attached [pid 564] set_robust_list(0x55558fdec660, 24) = 0 [pid 564] chdir("./53") = 0 [pid 564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 564] setpgid(0, 0) = 0 [pid 564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 564] write(3, "1000", 4) = 4 [pid 564] close(3) = 0 [pid 564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 564] write(1, "executing program\n", 18executing program ) = 18 [pid 564] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 564] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 564] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 564] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 564] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 564] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 564] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 564] memfd_create("syzkaller", 0) = 5 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 564] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 564] munmap(0x7f9522f3b000, 138412032) = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 564] close(5) = 0 [pid 564] close(6) = 0 [pid 564] mkdir("./file0", 0777) = 0 [pid 564] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 564] chdir("./file0") = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_CLR_FD) = 0 [pid 564] close(6) = 0 [pid 564] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 564] write(6, "#! ./file1\n", 11) = 11 [pid 564] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 564] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 564] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 564] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=564, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 569 ./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x55558fdec660, 24) = 0 [pid 569] chdir("./54") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 569] write(1, "executing program\n", 18executing program ) = 18 [pid 569] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 569] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 569] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 569] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 569] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 569] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 569] memfd_create("syzkaller", 0) = 5 [pid 569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [ 32.138049][ T564] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.162514][ T565] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-564: bg 0: block 234: padding at end of block bitmap is not set [pid 569] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 569] munmap(0x7f9522f3b000, 138412032) = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 569] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 569] close(5) = 0 [pid 569] close(6) = 0 [pid 569] mkdir("./file0", 0777) = 0 [pid 569] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 569] chdir("./file0") = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 569] ioctl(6, LOOP_CLR_FD) = 0 [pid 569] close(6) = 0 [pid 569] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 569] write(6, "#! ./file1\n", 11) = 11 [pid 569] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 569] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 569] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 569] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=569, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 32.237898][ T569] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.266905][ T570] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-569: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 575 ./strace-static-x86_64: Process 575 attached [pid 575] set_robust_list(0x55558fdec660, 24) = 0 [pid 575] chdir("./55") = 0 [pid 575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 575] setpgid(0, 0) = 0 [pid 575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 575] write(3, "1000", 4) = 4 [pid 575] close(3) = 0 [pid 575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 575] write(1, "executing program\n", 18executing program ) = 18 [pid 575] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 575] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 575] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 575] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 575] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 575] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 575] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 575] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 575] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 575] memfd_create("syzkaller", 0) = 5 [pid 575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 575] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 575] munmap(0x7f9522f3b000, 138412032) = 0 [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 575] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 575] close(5) = 0 [pid 575] close(6) = 0 [pid 575] mkdir("./file0", 0777) = 0 [pid 575] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 575] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 575] chdir("./file0") = 0 [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 575] ioctl(6, LOOP_CLR_FD) = 0 [pid 575] close(6) = 0 [pid 575] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 575] write(6, "#! ./file1\n", 11) = 11 [pid 575] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 575] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 575] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=575, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 580 ./strace-static-x86_64: Process 580 attached [pid 580] set_robust_list(0x55558fdec660, 24) = 0 [pid 580] chdir("./56") = 0 [pid 580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 580] setpgid(0, 0) = 0 [pid 580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 580] write(3, "1000", 4) = 4 [pid 580] close(3) = 0 [pid 580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 580] write(1, "executing program\n", 18) = 18 [pid 580] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 580] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 580] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 580] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 580] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 580] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 580] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 580] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 580] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 580] memfd_create("syzkaller", 0) = 5 [pid 580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 executing program [ 32.407763][ T575] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.432576][ T575] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set [pid 580] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 580] munmap(0x7f9522f3b000, 138412032) = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 580] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 580] close(5) = 0 [pid 580] close(6) = 0 [pid 580] mkdir("./file0", 0777) = 0 [pid 580] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 580] chdir("./file0") = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 580] ioctl(6, LOOP_CLR_FD) = 0 [pid 580] close(6) = 0 [pid 580] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 580] write(6, "#! ./file1\n", 11) = 11 [pid 580] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 580] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 580] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=580, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 32.607617][ T580] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.638386][ T581] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-580: bg 0: block 234: padding at end of block bitmap is not set umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 585 ./strace-static-x86_64: Process 585 attached [pid 585] set_robust_list(0x55558fdec660, 24) = 0 [pid 585] chdir("./57") = 0 [pid 585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 585] setpgid(0, 0) = 0 [pid 585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 585] write(3, "1000", 4) = 4 [pid 585] close(3) = 0 [pid 585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 585] write(1, "executing program\n", 18) = 18 [pid 585] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 585] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 585] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 585] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 585] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 585] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 585] memfd_create("syzkaller", 0) = 5 [pid 585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 585] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 585] munmap(0x7f9522f3b000, 138412032) = 0 [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 585] close(5) = 0 [pid 585] close(6) = 0 [pid 585] mkdir("./file0", 0777) = 0 [pid 585] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 585] chdir("./file0") = 0 [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_CLR_FD) = 0 [pid 585] close(6) = 0 [pid 585] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 585] write(6, "#! ./file1\n", 11) = 11 [pid 585] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 585] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 585] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=585, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 32.800187][ T585] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.828356][ T586] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-585: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 590 ./strace-static-x86_64: Process 590 attached [pid 590] set_robust_list(0x55558fdec660, 24) = 0 [pid 590] chdir("./58") = 0 [pid 590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 590] setpgid(0, 0) = 0 [pid 590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 590] write(3, "1000", 4) = 4 [pid 590] close(3) = 0 [pid 590] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 590] write(1, "executing program\n", 18) = 18 [pid 590] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 590] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 590] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 590] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 590] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 590] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 590] memfd_create("syzkaller", 0) = 5 [pid 590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 590] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 590] munmap(0x7f9522f3b000, 138412032) = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 590] close(5) = 0 [pid 590] close(6) = 0 [pid 590] mkdir("./file0", 0777) = 0 [pid 590] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 590] chdir("./file0") = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_CLR_FD) = 0 [pid 590] close(6) = 0 [pid 590] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 590] write(6, "#! ./file1\n", 11) = 11 [pid 590] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 590] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 590] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=590, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 32.947811][ T590] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.975638][ T591] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-590: bg 0: block 234: padding at end of block bitmap is not set umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 595 ./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x55558fdec660, 24) = 0 [pid 595] chdir("./59") = 0 [pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 595] setpgid(0, 0) = 0 [pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 595] write(3, "1000", 4) = 4 [pid 595] close(3) = 0 [pid 595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 595] write(1, "executing program\n", 18executing program ) = 18 [pid 595] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 595] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 595] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 595] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 595] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 595] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 595] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 595] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 595] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 595] memfd_create("syzkaller", 0) = 5 [pid 595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 595] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 595] munmap(0x7f9522f3b000, 138412032) = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 595] close(5) = 0 [pid 595] close(6) = 0 [pid 595] mkdir("./file0", 0777) = 0 [pid 595] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 595] chdir("./file0") = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_CLR_FD) = 0 [pid 595] close(6) = 0 [pid 595] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 595] write(6, "#! ./file1\n", 11) = 11 [pid 595] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 595] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 595] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=595, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 600 ./strace-static-x86_64: Process 600 attached [pid 600] set_robust_list(0x55558fdec660, 24) = 0 [pid 600] chdir("./60") = 0 [pid 600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 600] setpgid(0, 0) = 0 [pid 600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 600] write(3, "1000", 4) = 4 [pid 600] close(3) = 0 [pid 600] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 600] write(1, "executing program\n", 18) = 18 [pid 600] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 600] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 600] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [ 33.197797][ T595] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.227495][ T596] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-595: bg 0: block 234: padding at end of block bitmap is not set [pid 600] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 600] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 600] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 600] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 600] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 600] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 600] memfd_create("syzkaller", 0) = 5 [pid 600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 600] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 600] munmap(0x7f9522f3b000, 138412032) = 0 [pid 600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 600] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 600] close(5) = 0 [pid 600] close(6) = 0 [pid 600] mkdir("./file0", 0777) = 0 [pid 600] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 600] chdir("./file0") = 0 [pid 600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 600] ioctl(6, LOOP_CLR_FD) = 0 [pid 600] close(6) = 0 [pid 600] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 600] write(6, "#! ./file1\n", 11) = 11 [pid 600] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 600] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 600] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=600, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 33.307801][ T600] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.336271][ T601] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-600: bg 0: block 234: padding at end of block bitmap is not set umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 606 ./strace-static-x86_64: Process 606 attached [pid 606] set_robust_list(0x55558fdec660, 24) = 0 [pid 606] chdir("./61") = 0 [pid 606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 606] setpgid(0, 0) = 0 [pid 606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 606] write(3, "1000", 4) = 4 [pid 606] close(3) = 0 [pid 606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 606] write(1, "executing program\n", 18) = 18 [pid 606] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 606] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 606] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 606] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 606] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 606] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 606] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 606] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 606] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 606] memfd_create("syzkaller", 0) = 5 [pid 606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 606] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 606] munmap(0x7f9522f3b000, 138412032) = 0 [pid 606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 606] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 606] close(5) = 0 [pid 606] close(6) = 0 [pid 606] mkdir("./file0", 0777) = 0 [pid 606] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 606] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 606] chdir("./file0") = 0 [pid 606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 606] ioctl(6, LOOP_CLR_FD) = 0 [pid 606] close(6) = 0 [pid 606] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 606] write(6, "#! ./file1\n", 11) = 11 [pid 606] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 606] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [ 33.477863][ T606] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 606] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 606] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=606, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 33.518132][ T607] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-606: bg 0: block 234: padding at end of block bitmap is not set umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program ) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 611 ./strace-static-x86_64: Process 611 attached [pid 611] set_robust_list(0x55558fdec660, 24) = 0 [pid 611] chdir("./62") = 0 [pid 611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 611] setpgid(0, 0) = 0 [pid 611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 611] write(3, "1000", 4) = 4 [pid 611] close(3) = 0 [pid 611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 611] write(1, "executing program\n", 18) = 18 [pid 611] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 611] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 611] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 611] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 611] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 611] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 611] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 611] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 611] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 611] memfd_create("syzkaller", 0) = 5 [pid 611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 611] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 611] munmap(0x7f9522f3b000, 138412032) = 0 [pid 611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 611] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 611] close(5) = 0 [pid 611] close(6) = 0 [pid 611] mkdir("./file0", 0777) = 0 [pid 611] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 611] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 611] chdir("./file0") = 0 [pid 611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 611] ioctl(6, LOOP_CLR_FD) = 0 [pid 611] close(6) = 0 [pid 611] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 611] write(6, "#! ./file1\n", 11) = 11 [pid 611] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 611] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 611] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 611] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=611, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 33.667653][ T611] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.692010][ T612] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-611: bg 0: block 234: padding at end of block bitmap is not set clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 616 attached , child_tidptr=0x55558fdec650) = 616 [pid 616] set_robust_list(0x55558fdec660, 24) = 0 [pid 616] chdir("./63") = 0 [pid 616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 616] setpgid(0, 0) = 0 [pid 616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 616] write(3, "1000", 4) = 4 [pid 616] close(3) = 0 [pid 616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 616] write(1, "executing program\n", 18executing program ) = 18 [pid 616] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 616] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 616] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 616] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 616] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 616] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 616] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 616] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 616] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 616] memfd_create("syzkaller", 0) = 5 [pid 616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 616] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 616] munmap(0x7f9522f3b000, 138412032) = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 616] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 616] close(5) = 0 [pid 616] close(6) = 0 [pid 616] mkdir("./file0", 0777) = 0 [pid 616] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 616] chdir("./file0") = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 616] ioctl(6, LOOP_CLR_FD) = 0 [pid 616] close(6) = 0 [pid 616] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 616] write(6, "#! ./file1\n", 11) = 11 [pid 616] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 616] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 616] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 616] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=616, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 33.781020][ T616] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.806961][ T616] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 621 ./strace-static-x86_64: Process 621 attached [pid 621] set_robust_list(0x55558fdec660, 24) = 0 [pid 621] chdir("./64") = 0 [pid 621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 621] setpgid(0, 0) = 0 [pid 621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 621] write(3, "1000", 4) = 4 [pid 621] close(3) = 0 [pid 621] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 621] write(1, "executing program\n", 18) = 18 [pid 621] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 621] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 621] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 621] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 621] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 621] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 621] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 621] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 621] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 621] memfd_create("syzkaller", 0) = 5 [pid 621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 621] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 621] munmap(0x7f9522f3b000, 138412032) = 0 [pid 621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 621] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 621] close(5) = 0 [pid 621] close(6) = 0 [pid 621] mkdir("./file0", 0777) = 0 [pid 621] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 621] chdir("./file0") = 0 [pid 621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 621] ioctl(6, LOOP_CLR_FD) = 0 [pid 621] close(6) = 0 [pid 621] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 621] write(6, "#! ./file1\n", 11) = 11 [pid 621] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 621] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [ 34.017766][ T621] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 621] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 621] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=621, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 [ 34.059153][ T622] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-621: bg 0: block 234: padding at end of block bitmap is not set umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 626 ./strace-static-x86_64: Process 626 attached [pid 626] set_robust_list(0x55558fdec660, 24) = 0 [pid 626] chdir("./65") = 0 [pid 626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 626] setpgid(0, 0) = 0 [pid 626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 626] write(3, "1000", 4) = 4 [pid 626] close(3) = 0 [pid 626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 626] write(1, "executing program\n", 18) = 18 [pid 626] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 626] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 626] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 626] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 626] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 626] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 626] memfd_create("syzkaller", 0) = 5 [pid 626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 626] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 626] munmap(0x7f9522f3b000, 138412032) = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 626] close(5) = 0 [pid 626] close(6) = 0 [pid 626] mkdir("./file0", 0777) = 0 [pid 626] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 626] chdir("./file0") = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_CLR_FD) = 0 [pid 626] close(6) = 0 [pid 626] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 626] write(6, "#! ./file1\n", 11) = 11 [pid 626] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 626] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 626] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=626, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 34.207902][ T626] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.236877][ T627] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-626: bg 0: block 234: padding at end of block bitmap is not set umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 632 ./strace-static-x86_64: Process 632 attached [pid 632] set_robust_list(0x55558fdec660, 24) = 0 [pid 632] chdir("./66") = 0 [pid 632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 632] setpgid(0, 0) = 0 [pid 632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 632] write(3, "1000", 4) = 4 [pid 632] close(3) = 0 [pid 632] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 632] write(1, "executing program\n", 18) = 18 [pid 632] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 632] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 632] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 632] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 632] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 632] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 632] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 632] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 632] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 632] memfd_create("syzkaller", 0) = 5 [pid 632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 632] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 632] munmap(0x7f9522f3b000, 138412032) = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 632] close(5) = 0 [pid 632] close(6) = 0 [pid 632] mkdir("./file0", 0777) = 0 [pid 632] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 632] chdir("./file0") = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_CLR_FD) = 0 [pid 632] close(6) = 0 [pid 632] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 632] write(6, "#! ./file1\n", 11) = 11 [pid 632] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 632] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 632] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 632] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=632, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 [ 34.367820][ T632] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.393240][ T632] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 637 ./strace-static-x86_64: Process 637 attached [pid 637] set_robust_list(0x55558fdec660, 24) = 0 [pid 637] chdir("./67") = 0 [pid 637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 637] setpgid(0, 0) = 0 [pid 637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 637] write(3, "1000", 4) = 4 [pid 637] close(3) = 0 [pid 637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 637] write(1, "executing program\n", 18) = 18 [pid 637] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 637] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 637] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 637] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 637] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 637] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 637] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 637] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 637] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 637] memfd_create("syzkaller", 0) = 5 [pid 637] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 637] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 637] munmap(0x7f9522f3b000, 138412032) = 0 [pid 637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 637] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 637] close(5) = 0 [pid 637] close(6) = 0 [pid 637] mkdir("./file0", 0777) = 0 [pid 637] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 637] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 637] chdir("./file0") = 0 [pid 637] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 637] ioctl(6, LOOP_CLR_FD) = 0 [pid 637] close(6) = 0 [pid 637] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 637] write(6, "#! ./file1\n", 11) = 11 [pid 637] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 637] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 637] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 637] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=637, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 34.487618][ T637] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.520094][ T638] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-637: bg 0: block 234: padding at end of block bitmap is not set umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 642 ./strace-static-x86_64: Process 642 attached [pid 642] set_robust_list(0x55558fdec660, 24) = 0 [pid 642] chdir("./68") = 0 [pid 642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 642] setpgid(0, 0) = 0 [pid 642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 642] write(3, "1000", 4) = 4 [pid 642] close(3) = 0 [pid 642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 642] write(1, "executing program\n", 18executing program ) = 18 [pid 642] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 642] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 642] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 642] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 642] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 642] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 642] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 642] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 642] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 642] memfd_create("syzkaller", 0) = 5 [pid 642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 642] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 642] munmap(0x7f9522f3b000, 138412032) = 0 [pid 642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 642] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 642] close(5) = 0 [pid 642] close(6) = 0 [pid 642] mkdir("./file0", 0777) = 0 [pid 642] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 642] chdir("./file0") = 0 [pid 642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 642] ioctl(6, LOOP_CLR_FD) = 0 [pid 642] close(6) = 0 [pid 642] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 642] write(6, "#! ./file1\n", 11) = 11 [pid 642] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 642] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 642] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 642] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=642, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 [ 34.607664][ T642] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.635976][ T643] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-642: bg 0: block 234: padding at end of block bitmap is not set umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 647 ./strace-static-x86_64: Process 647 attached [pid 647] set_robust_list(0x55558fdec660, 24) = 0 [pid 647] chdir("./69") = 0 [pid 647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 647] setpgid(0, 0) = 0 [pid 647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 647] write(3, "1000", 4) = 4 [pid 647] close(3) = 0 [pid 647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 647] write(1, "executing program\n", 18) = 18 [pid 647] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 647] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 647] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 647] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 647] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 647] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 647] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 647] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 647] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 647] memfd_create("syzkaller", 0) = 5 [pid 647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 647] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 647] munmap(0x7f9522f3b000, 138412032) = 0 [pid 647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 647] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 647] close(5) = 0 [pid 647] close(6) = 0 [pid 647] mkdir("./file0", 0777) = 0 [pid 647] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 647] chdir("./file0") = 0 [pid 647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 647] ioctl(6, LOOP_CLR_FD) = 0 [pid 647] close(6) = 0 [pid 647] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 647] write(6, "#! ./file1\n", 11) = 11 [pid 647] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 647] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 647] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 647] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=647, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 [ 34.807634][ T647] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.840748][ T647] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 653 ./strace-static-x86_64: Process 653 attached [pid 653] set_robust_list(0x55558fdec660, 24) = 0 [pid 653] chdir("./70") = 0 [pid 653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 653] setpgid(0, 0) = 0 [pid 653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 653] write(3, "1000", 4) = 4 [pid 653] close(3) = 0 [pid 653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 653] write(1, "executing program\n", 18executing program ) = 18 [pid 653] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 653] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 653] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 653] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 653] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 653] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 653] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 653] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 653] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 653] memfd_create("syzkaller", 0) = 5 [pid 653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 653] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 653] munmap(0x7f9522f3b000, 138412032) = 0 [pid 653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 653] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 653] close(5) = 0 [pid 653] close(6) = 0 [pid 653] mkdir("./file0", 0777) = 0 [pid 653] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 653] chdir("./file0") = 0 [pid 653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 653] ioctl(6, LOOP_CLR_FD) = 0 [pid 653] close(6) = 0 [pid 653] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 653] write(6, "#! ./file1\n", 11) = 11 [pid 653] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 653] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [ 35.008079][ T653] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 653] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 653] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=653, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 35.046335][ T654] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-653: bg 0: block 234: padding at end of block bitmap is not set umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 658 ./strace-static-x86_64: Process 658 attached [pid 658] set_robust_list(0x55558fdec660, 24) = 0 [pid 658] chdir("./71") = 0 [pid 658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 658] setpgid(0, 0) = 0 [pid 658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 658] write(3, "1000", 4) = 4 [pid 658] close(3) = 0 [pid 658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 658] write(1, "executing program\n", 18executing program ) = 18 [pid 658] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 658] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 658] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 658] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 658] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 658] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 658] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 658] memfd_create("syzkaller", 0) = 5 [pid 658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 658] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 658] munmap(0x7f9522f3b000, 138412032) = 0 [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 658] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 658] close(5) = 0 [pid 658] close(6) = 0 [pid 658] mkdir("./file0", 0777) = 0 [pid 658] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 658] chdir("./file0") = 0 [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 658] ioctl(6, LOOP_CLR_FD) = 0 [pid 658] close(6) = 0 [pid 658] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 658] write(6, "#! ./file1\n", 11) = 11 [pid 658] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 658] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 658] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 658] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=658, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 35.207754][ T658] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.236705][ T659] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-658: bg 0: block 234: padding at end of block bitmap is not set umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 663 ./strace-static-x86_64: Process 663 attached [pid 663] set_robust_list(0x55558fdec660, 24) = 0 [pid 663] chdir("./72") = 0 [pid 663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 663] setpgid(0, 0) = 0 [pid 663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 663] write(3, "1000", 4) = 4 [pid 663] close(3) = 0 [pid 663] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 663] write(1, "executing program\n", 18) = 18 [pid 663] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 663] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 663] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 663] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 663] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 663] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 663] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 663] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 663] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 663] memfd_create("syzkaller", 0) = 5 [pid 663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 663] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 663] munmap(0x7f9522f3b000, 138412032) = 0 [pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 663] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 663] close(5) = 0 [pid 663] close(6) = 0 [pid 663] mkdir("./file0", 0777) = 0 [pid 663] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 663] chdir("./file0") = 0 [pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 663] ioctl(6, LOOP_CLR_FD) = 0 [pid 663] close(6) = 0 [pid 663] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 663] write(6, "#! ./file1\n", 11) = 11 [pid 663] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 663] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 663] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 663] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=663, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 35.348807][ T663] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.371076][ T663] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558fdec650) = 669 ./strace-static-x86_64: Process 669 attached [pid 669] set_robust_list(0x55558fdec660, 24) = 0 [pid 669] chdir("./73") = 0 [pid 669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 669] setpgid(0, 0) = 0 [pid 669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 669] write(3, "1000", 4) = 4 [pid 669] close(3) = 0 [pid 669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 669] write(1, "executing program\n", 18) = 18 [pid 669] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 669] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 669] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 669] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 669] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 669] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 669] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 669] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 669] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 669] memfd_create("syzkaller", 0) = 5 [pid 669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 669] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 669] munmap(0x7f9522f3b000, 138412032) = 0 [pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 669] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 669] close(5) = 0 [pid 669] close(6) = 0 [pid 669] mkdir("./file0", 0777) = 0 [pid 669] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 669] chdir("./file0") = 0 [pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 669] ioctl(6, LOOP_CLR_FD) = 0 [pid 669] close(6) = 0 [pid 669] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 669] write(6, "#! ./file1\n", 11) = 11 [pid 669] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 669] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 669] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 669] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=669, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 35.587521][ T669] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.619603][ T670] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-669: bg 0: block 234: padding at end of block bitmap is not set umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 674 ./strace-static-x86_64: Process 674 attached [pid 674] set_robust_list(0x55558fdec660, 24) = 0 [pid 674] chdir("./74") = 0 [pid 674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 674] setpgid(0, 0) = 0 [pid 674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 674] write(3, "1000", 4) = 4 [pid 674] close(3) = 0 [pid 674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 674] write(1, "executing program\n", 18) = 18 [pid 674] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 674] ioctl(3, VHOST_SET_OWNERexecuting program , 0) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 674] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 674] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 674] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 674] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 674] memfd_create("syzkaller", 0) = 5 [pid 674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 674] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 674] munmap(0x7f9522f3b000, 138412032) = 0 [pid 674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 674] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 674] close(5) = 0 [pid 674] close(6) = 0 [pid 674] mkdir("./file0", 0777) = 0 [pid 674] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 674] chdir("./file0") = 0 [pid 674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 674] ioctl(6, LOOP_CLR_FD) = 0 [pid 674] close(6) = 0 [pid 674] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 674] write(6, "#! ./file1\n", 11) = 11 [pid 674] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 674] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 674] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 674] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=674, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 35.728080][ T674] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.758805][ T675] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-674: bg 0: block 234: padding at end of block bitmap is not set umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 679 ./strace-static-x86_64: Process 679 attached [pid 679] set_robust_list(0x55558fdec660, 24) = 0 [pid 679] chdir("./75") = 0 [pid 679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 679] setpgid(0, 0) = 0 [pid 679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 679] write(3, "1000", 4) = 4 [pid 679] close(3) = 0 [pid 679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 679] write(1, "executing program\n", 18executing program ) = 18 [pid 679] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 679] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 679] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 679] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 679] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 679] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 679] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 679] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 679] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 679] memfd_create("syzkaller", 0) = 5 [pid 679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 679] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 679] munmap(0x7f9522f3b000, 138412032) = 0 [pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 679] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 679] close(5) = 0 [pid 679] close(6) = 0 [pid 679] mkdir("./file0", 0777) = 0 [pid 679] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 679] chdir("./file0") = 0 [pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 679] ioctl(6, LOOP_CLR_FD) = 0 [pid 679] close(6) = 0 [pid 679] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 679] write(6, "#! ./file1\n", 11) = 11 [pid 679] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 679] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 679] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 679] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=679, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 [ 35.847764][ T679] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.875774][ T680] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-679: bg 0: block 234: padding at end of block bitmap is not set umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 684 ./strace-static-x86_64: Process 684 attached [pid 684] set_robust_list(0x55558fdec660, 24) = 0 [pid 684] chdir("./76") = 0 [pid 684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 684] setpgid(0, 0) = 0 [pid 684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 684] write(3, "1000", 4) = 4 [pid 684] close(3) = 0 [pid 684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 684] write(1, "executing program\n", 18) = 18 [pid 684] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 684] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 684] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 684] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 684] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 684] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 684] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 684] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 684] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 684] memfd_create("syzkaller", 0) = 5 [pid 684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 684] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 684] munmap(0x7f9522f3b000, 138412032) = 0 [pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 684] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 684] close(5) = 0 [pid 684] close(6) = 0 [pid 684] mkdir("./file0", 0777) = 0 [pid 684] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 684] chdir("./file0") = 0 [pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 684] ioctl(6, LOOP_CLR_FD) = 0 [pid 684] close(6) = 0 [pid 684] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 684] write(6, "#! ./file1\n", 11) = 11 [pid 684] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 684] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 684] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 684] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=684, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 [ 35.967645][ T684] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.991649][ T684] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558fdec650) = 689 ./strace-static-x86_64: Process 689 attached [pid 689] set_robust_list(0x55558fdec660, 24) = 0 [pid 689] chdir("./77") = 0 [pid 689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 689] setpgid(0, 0) = 0 [pid 689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 689] write(3, "1000", 4) = 4 [pid 689] close(3) = 0 [pid 689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 689] write(1, "executing program\n", 18) = 18 [pid 689] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 689] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 689] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 689] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 689] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 689] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 689] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 689] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 689] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 689] memfd_create("syzkaller", 0) = 5 [pid 689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 689] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 689] munmap(0x7f9522f3b000, 138412032) = 0 [pid 689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 689] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 689] close(5) = 0 [pid 689] close(6) = 0 [pid 689] mkdir("./file0", 0777) = 0 [pid 689] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 689] chdir("./file0") = 0 [pid 689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 689] ioctl(6, LOOP_CLR_FD) = 0 [pid 689] close(6) = 0 [pid 689] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 689] write(6, "#! ./file1\n", 11) = 11 [pid 689] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 689] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 689] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 689] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=689, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 36.197652][ T689] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.225958][ T690] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-689: bg 0: block 234: padding at end of block bitmap is not set umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 694 ./strace-static-x86_64: Process 694 attached [pid 694] set_robust_list(0x55558fdec660, 24) = 0 [pid 694] chdir("./78") = 0 [pid 694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 694] setpgid(0, 0) = 0 [pid 694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 694] write(3, "1000", 4) = 4 [pid 694] close(3) = 0 [pid 694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 694] write(1, "executing program\n", 18) = 18 [pid 694] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 694] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 694] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 694] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 694] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 694] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 694] memfd_create("syzkaller", 0) = 5 [pid 694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 694] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 694] munmap(0x7f9522f3b000, 138412032) = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 694] close(5) = 0 [pid 694] close(6) = 0 [pid 694] mkdir("./file0", 0777) = 0 [pid 694] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 694] chdir("./file0") = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_CLR_FD) = 0 [pid 694] close(6) = 0 [pid 694] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 694] write(6, "#! ./file1\n", 11) = 11 [pid 694] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 694] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 694] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 694] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=694, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 [ 36.317591][ T694] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.342012][ T694] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 700 ./strace-static-x86_64: Process 700 attached [pid 700] set_robust_list(0x55558fdec660, 24) = 0 [pid 700] chdir("./79") = 0 [pid 700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 700] setpgid(0, 0) = 0 [pid 700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 700] write(3, "1000", 4) = 4 [pid 700] close(3) = 0 [pid 700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 700] write(1, "executing program\n", 18) = 18 [pid 700] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 700] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 700] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 700] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 700] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 700] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 700] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 700] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 700] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 700] memfd_create("syzkaller", 0) = 5 [pid 700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 700] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 700] munmap(0x7f9522f3b000, 138412032) = 0 [pid 700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 700] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 700] close(5) = 0 [pid 700] close(6) = 0 [pid 700] mkdir("./file0", 0777) = 0 [pid 700] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 700] chdir("./file0") = 0 [pid 700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 700] ioctl(6, LOOP_CLR_FD) = 0 [pid 700] close(6) = 0 [pid 700] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 700] write(6, "#! ./file1\n", 11) = 11 [pid 700] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 700] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 700] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=700, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 [ 36.428033][ T700] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.455303][ T700] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 705 ./strace-static-x86_64: Process 705 attached [pid 705] set_robust_list(0x55558fdec660, 24) = 0 [pid 705] chdir("./80") = 0 [pid 705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 705] setpgid(0, 0) = 0 [pid 705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 705] write(3, "1000", 4) = 4 [pid 705] close(3) = 0 [pid 705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 705] write(1, "executing program\n", 18executing program ) = 18 [pid 705] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 705] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 705] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 705] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 705] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 705] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 705] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 705] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 705] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 705] memfd_create("syzkaller", 0) = 5 [pid 705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 705] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 705] munmap(0x7f9522f3b000, 138412032) = 0 [pid 705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 705] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 705] close(5) = 0 [pid 705] close(6) = 0 [pid 705] mkdir("./file0", 0777) = 0 [pid 705] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 705] chdir("./file0") = 0 [pid 705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 705] ioctl(6, LOOP_CLR_FD) = 0 [pid 705] close(6) = 0 [pid 705] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 705] write(6, "#! ./file1\n", 11) = 11 [pid 705] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 705] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 705] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=705, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 [ 36.607747][ T705] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.629862][ T705] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 710 ./strace-static-x86_64: Process 710 attached [pid 710] set_robust_list(0x55558fdec660, 24) = 0 [pid 710] chdir("./81") = 0 [pid 710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 710] setpgid(0, 0) = 0 [pid 710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 710] write(3, "1000", 4) = 4 [pid 710] close(3) = 0 [pid 710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 710] write(1, "executing program\n", 18executing program ) = 18 [pid 710] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 710] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 710] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 710] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 710] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 710] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 710] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 710] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 710] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 710] memfd_create("syzkaller", 0) = 5 [pid 710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 710] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 710] munmap(0x7f9522f3b000, 138412032) = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 710] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 710] close(5) = 0 [pid 710] close(6) = 0 [pid 710] mkdir("./file0", 0777) = 0 [pid 710] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 710] chdir("./file0") = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 710] ioctl(6, LOOP_CLR_FD) = 0 [pid 710] close(6) = 0 [pid 710] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 710] write(6, "#! ./file1\n", 11) = 11 [pid 710] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 710] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 710] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=710, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 36.767771][ T710] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.796972][ T711] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-710: bg 0: block 234: padding at end of block bitmap is not set umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 715 attached , child_tidptr=0x55558fdec650) = 715 [pid 715] set_robust_list(0x55558fdec660, 24) = 0 [pid 715] chdir("./82") = 0 [pid 715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 715] setpgid(0, 0) = 0 [pid 715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 715] write(3, "1000", 4) = 4 [pid 715] close(3) = 0 [pid 715] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 715] write(1, "executing program\n", 18) = 18 [pid 715] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 715] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 715] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 715] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 715] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 715] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 715] memfd_create("syzkaller", 0) = 5 [pid 715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 715] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 715] munmap(0x7f9522f3b000, 138412032) = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 715] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 715] close(5) = 0 [pid 715] close(6) = 0 [pid 715] mkdir("./file0", 0777) = 0 [pid 715] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 715] chdir("./file0") = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 715] ioctl(6, LOOP_CLR_FD) = 0 [pid 715] close(6) = 0 [pid 715] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 715] write(6, "#! ./file1\n", 11) = 11 [pid 715] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 715] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 715] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=715, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 [ 36.937713][ T715] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.967126][ T715] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 720 ./strace-static-x86_64: Process 720 attached [pid 720] set_robust_list(0x55558fdec660, 24) = 0 [pid 720] chdir("./83") = 0 [pid 720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 720] setpgid(0, 0) = 0 [pid 720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 720] write(3, "1000", 4) = 4 [pid 720] close(3) = 0 [pid 720] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 720] write(1, "executing program\n", 18) = 18 [pid 720] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 720] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 720] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 720] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 720] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 720] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 720] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 720] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 720] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 720] memfd_create("syzkaller", 0) = 5 [pid 720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 720] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 720] munmap(0x7f9522f3b000, 138412032) = 0 [pid 720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 720] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 720] close(5) = 0 [pid 720] close(6) = 0 [pid 720] mkdir("./file0", 0777) = 0 [pid 720] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 720] chdir("./file0") = 0 [pid 720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 720] ioctl(6, LOOP_CLR_FD) = 0 [pid 720] close(6) = 0 [pid 720] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 720] write(6, "#! ./file1\n", 11) = 11 [pid 720] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 720] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 720] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=720, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 [ 37.138047][ T720] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.163345][ T721] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-720: bg 0: block 234: padding at end of block bitmap is not set umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558fdec650) = 725 ./strace-static-x86_64: Process 725 attached [pid 725] set_robust_list(0x55558fdec660, 24) = 0 [pid 725] chdir("./84") = 0 [pid 725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 725] setpgid(0, 0) = 0 [pid 725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 725] write(3, "1000", 4) = 4 [pid 725] close(3) = 0 [pid 725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 725] write(1, "executing program\n", 18) = 18 [pid 725] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 725] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 725] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 725] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 725] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 725] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 725] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 725] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 725] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 725] memfd_create("syzkaller", 0) = 5 [pid 725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 725] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 725] munmap(0x7f9522f3b000, 138412032) = 0 [pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 725] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 725] close(5) = 0 [pid 725] close(6) = 0 [pid 725] mkdir("./file0", 0777) = 0 [pid 725] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 725] chdir("./file0") = 0 [pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 725] ioctl(6, LOOP_CLR_FD) = 0 [pid 725] close(6) = 0 [pid 725] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 725] write(6, "#! ./file1\n", 11) = 11 [pid 725] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 725] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 725] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=725, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 [ 37.267628][ T725] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.291483][ T725] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 731 ./strace-static-x86_64: Process 731 attached [pid 731] set_robust_list(0x55558fdec660, 24) = 0 [pid 731] chdir("./85") = 0 [pid 731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 731] setpgid(0, 0) = 0 [pid 731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 731] write(3, "1000", 4) = 4 [pid 731] close(3) = 0 [pid 731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 731] write(1, "executing program\n", 18executing program ) = 18 [pid 731] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 731] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 731] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 731] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 731] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 731] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 731] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 731] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 731] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 731] memfd_create("syzkaller", 0) = 5 [pid 731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 731] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 731] munmap(0x7f9522f3b000, 138412032) = 0 [pid 731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 731] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 731] close(5) = 0 [pid 731] close(6) = 0 [pid 731] mkdir("./file0", 0777) = 0 [pid 731] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 731] chdir("./file0") = 0 [pid 731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 731] ioctl(6, LOOP_CLR_FD) = 0 [pid 731] close(6) = 0 [pid 731] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 731] write(6, "#! ./file1\n", 11) = 11 [pid 731] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 731] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 731] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 731] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=731, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 [ 37.387788][ T731] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.416724][ T732] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-731: bg 0: block 234: padding at end of block bitmap is not set umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 736 ./strace-static-x86_64: Process 736 attached [pid 736] set_robust_list(0x55558fdec660, 24) = 0 [pid 736] chdir("./86") = 0 [pid 736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 736] setpgid(0, 0) = 0 [pid 736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 736] write(3, "1000", 4) = 4 [pid 736] close(3) = 0 [pid 736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 736] write(1, "executing program\n", 18executing program ) = 18 [pid 736] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 736] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 736] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 736] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 736] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 736] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 736] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 736] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 736] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 736] memfd_create("syzkaller", 0) = 5 [pid 736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 736] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 736] munmap(0x7f9522f3b000, 138412032) = 0 [pid 736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 736] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 736] close(5) = 0 [pid 736] close(6) = 0 [pid 736] mkdir("./file0", 0777) = 0 [pid 736] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 736] chdir("./file0") = 0 [pid 736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 736] ioctl(6, LOOP_CLR_FD) = 0 [pid 736] close(6) = 0 [pid 736] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 736] write(6, "#! ./file1\n", 11) = 11 [pid 736] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 736] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 736] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 736] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=736, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 741 ./strace-static-x86_64: Process 741 attached [pid 741] set_robust_list(0x55558fdec660, 24) = 0 [pid 741] chdir("./87") = 0 [pid 741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 741] setpgid(0, 0) = 0 [pid 741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 741] write(3, "1000", 4) = 4 [pid 741] close(3) = 0 [pid 741] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 741] write(1, "executing program\n", 18) = 18 [pid 741] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 741] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 741] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 741] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 741] eventfd2(118, EFD_SEMAPHORE) = 4 [ 37.517836][ T736] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.544201][ T737] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-736: bg 0: block 234: padding at end of block bitmap is not set [pid 741] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 741] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 741] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 741] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 741] memfd_create("syzkaller", 0) = 5 [pid 741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 741] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 741] munmap(0x7f9522f3b000, 138412032) = 0 [pid 741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 741] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 741] close(5) = 0 [pid 741] close(6) = 0 [pid 741] mkdir("./file0", 0777) = 0 [pid 741] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 741] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 741] chdir("./file0") = 0 [pid 741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 741] ioctl(6, LOOP_CLR_FD) = 0 [pid 741] close(6) = 0 [pid 741] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 741] write(6, "#! ./file1\n", 11) = 11 [pid 741] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 741] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 741] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 741] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=741, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 746 ./strace-static-x86_64: Process 746 attached [pid 746] set_robust_list(0x55558fdec660, 24) = 0 [pid 746] chdir("./88") = 0 [pid 746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 746] setpgid(0, 0) = 0 [pid 746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 746] write(3, "1000", 4) = 4 [pid 746] close(3) = 0 [pid 746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 746] write(1, "executing program\n", 18executing program ) = 18 [pid 746] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 746] ioctl(3, VHOST_SET_OWNER, 0) = 0 [ 37.617831][ T741] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.646276][ T742] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-741: bg 0: block 234: padding at end of block bitmap is not set [pid 746] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 746] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 746] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 746] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 746] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 746] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 746] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 746] memfd_create("syzkaller", 0) = 5 [pid 746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 746] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 746] munmap(0x7f9522f3b000, 138412032) = 0 [pid 746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 746] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 746] close(5) = 0 [pid 746] close(6) = 0 [pid 746] mkdir("./file0", 0777) = 0 [pid 746] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 746] chdir("./file0") = 0 [pid 746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 746] ioctl(6, LOOP_CLR_FD) = 0 [pid 746] close(6) = 0 [pid 746] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 746] write(6, "#! ./file1\n", 11) = 11 [pid 746] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 746] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [ 37.827683][ T746] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 746] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 746] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=746, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 37.868830][ T747] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-746: bg 0: block 234: padding at end of block bitmap is not set getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 751 ./strace-static-x86_64: Process 751 attached [pid 751] set_robust_list(0x55558fdec660, 24) = 0 [pid 751] chdir("./89") = 0 [pid 751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 751] setpgid(0, 0) = 0 [pid 751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 751] write(3, "1000", 4) = 4 [pid 751] close(3) = 0 [pid 751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 751] write(1, "executing program\n", 18) = 18 [pid 751] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 751] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 751] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 751] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 751] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 751] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 751] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 751] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 751] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 751] memfd_create("syzkaller", 0) = 5 [pid 751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 751] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 751] munmap(0x7f9522f3b000, 138412032) = 0 [pid 751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 751] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 751] close(5) = 0 [pid 751] close(6) = 0 [pid 751] mkdir("./file0", 0777) = 0 [pid 751] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 751] chdir("./file0") = 0 [pid 751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 751] ioctl(6, LOOP_CLR_FD) = 0 [pid 751] close(6) = 0 [pid 751] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 751] write(6, "#! ./file1\n", 11) = 11 [pid 751] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 751] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [ 37.957870][ T751] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 751] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 751] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=751, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 37.997656][ T751] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor428: bg 0: block 234: padding at end of block bitmap is not set umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 756 ./strace-static-x86_64: Process 756 attached [pid 756] set_robust_list(0x55558fdec660, 24) = 0 [pid 756] chdir("./90") = 0 [pid 756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 756] setpgid(0, 0) = 0 [pid 756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 756] write(3, "1000", 4) = 4 [pid 756] close(3) = 0 [pid 756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 756] write(1, "executing program\n", 18) = 18 [pid 756] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 756] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 756] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 756] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 756] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 756] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 756] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 756] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 756] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 756] memfd_create("syzkaller", 0) = 5 [pid 756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 756] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 756] munmap(0x7f9522f3b000, 138412032) = 0 [pid 756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 756] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 756] close(5) = 0 [pid 756] close(6) = 0 [pid 756] mkdir("./file0", 0777) = 0 [pid 756] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 756] chdir("./file0") = 0 [pid 756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 756] ioctl(6, LOOP_CLR_FD) = 0 [pid 756] close(6) = 0 [pid 756] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 756] write(6, "#! ./file1\n", 11) = 11 [pid 756] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 756] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 756] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 756] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=756, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 [ 38.187572][ T756] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.219446][ T757] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-756: bg 0: block 234: padding at end of block bitmap is not set umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 761 ./strace-static-x86_64: Process 761 attached [pid 761] set_robust_list(0x55558fdec660, 24) = 0 [pid 761] chdir("./91") = 0 [pid 761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 761] setpgid(0, 0) = 0 [pid 761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 761] write(3, "1000", 4) = 4 [pid 761] close(3) = 0 [pid 761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 761] write(1, "executing program\n", 18) = 18 [pid 761] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 761] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 761] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 761] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 761] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 761] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 761] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 761] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 761] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 761] memfd_create("syzkaller", 0) = 5 [pid 761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 761] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 761] munmap(0x7f9522f3b000, 138412032) = 0 [pid 761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 761] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 761] close(5) = 0 [pid 761] close(6) = 0 [pid 761] mkdir("./file0", 0777) = 0 [pid 761] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 761] chdir("./file0") = 0 [pid 761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 761] ioctl(6, LOOP_CLR_FD) = 0 [pid 761] close(6) = 0 [pid 761] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 761] write(6, "#! ./file1\n", 11) = 11 [pid 761] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 761] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 761] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 761] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=761, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 [ 38.317719][ T761] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.345558][ T762] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-761: bg 0: block 234: padding at end of block bitmap is not set umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 767 ./strace-static-x86_64: Process 767 attached [pid 767] set_robust_list(0x55558fdec660, 24) = 0 [pid 767] chdir("./92") = 0 [pid 767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 767] setpgid(0, 0) = 0 [pid 767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 767] write(3, "1000", 4) = 4 [pid 767] close(3) = 0 [pid 767] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 767] write(1, "executing program\n", 18) = 18 [pid 767] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 767] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 767] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 767] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 767] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 767] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 767] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 767] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 767] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 767] memfd_create("syzkaller", 0) = 5 [pid 767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 767] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 767] munmap(0x7f9522f3b000, 138412032) = 0 [pid 767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 767] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 767] close(5) = 0 [pid 767] close(6) = 0 [pid 767] mkdir("./file0", 0777) = 0 [pid 767] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 767] chdir("./file0") = 0 [pid 767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 767] ioctl(6, LOOP_CLR_FD) = 0 [pid 767] close(6) = 0 [pid 767] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 767] write(6, "#! ./file1\n", 11) = 11 [pid 767] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 767] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 767] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 767] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=767, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 [ 38.477777][ T767] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.506356][ T768] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-767: bg 0: block 234: padding at end of block bitmap is not set umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558fdf5730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558fdf5730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x55558fded6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558fdec650) = 772 ./strace-static-x86_64: Process 772 attached [pid 772] set_robust_list(0x55558fdec660, 24) = 0 [pid 772] chdir("./93") = 0 [pid 772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 772] setpgid(0, 0) = 0 [pid 772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 772] write(3, "1000", 4) = 4 [pid 772] close(3) = 0 [pid 772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 772] write(1, "executing program\n", 18executing program ) = 18 [pid 772] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 772] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 772] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 772] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 772] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 772] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 772] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 772] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 772] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 772] memfd_create("syzkaller", 0) = 5 [pid 772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9522f3b000 [pid 772] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 772] munmap(0x7f9522f3b000, 138412032) = 0 [pid 772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 772] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 772] close(5) = 0 [pid 772] close(6) = 0 [pid 772] mkdir("./file0", 0777) = 0 [pid 772] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 772] chdir("./file0") = 0 [pid 772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 772] ioctl(6, LOOP_CLR_FD) = 0 [pid 772] close(6) = 0 [pid 772] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 772] write(6, "#! ./file1\n", 11) = 11 [pid 772] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 772] bpf(BPF_RAW_TRACEPOINT_OPEN, NULL, 0) = -1 EINVAL (Invalid argument) [pid 772] openat(AT_FDCWD, "/dev/rtc5", O_RDWR|O_NONBLOCK|O_DIRECT) = -1 ENOENT (No such file or directory) [pid 772] exit_group(0) = ? [pid 772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=772, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558fded6f0 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 [ 38.647848][ T772] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.676695][ T773] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-772: bg 0: block 234: padding at end of block bitmap is not set [ 38.701399][ T9] ------------[ cut here ]------------ [ 38.706913][ T9] kernel BUG at fs/ext4/inode.c:2777! [ 38.712009][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 38.717891][ T9] CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.10.234-syzkaller-00157-ge0b88ee5f09c #0 [ 38.727518][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 38.737430][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 38.743232][ T9] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [ 38.748786][ T9] Code: 28 8c ff 31 ff 89 de e8 7f 28 8c ff 45 84 f6 75 27 e8 e5 25 8c ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 d1 25 8c ff <0f> 0b e8 ca 25 8c ff e8 71 e2 21 ff eb 9b e8 be 25 8c ff e8 65 e2 [ 38.768225][ T9] RSP: 0018:ffffc900000970a0 EFLAGS: 00010293 [ 38.774126][ T9] RAX: ffffffff81de999f RBX: 0000008000000000 RCX: ffff88810024a780 [ 38.781938][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 38.789750][ T9] RBP: ffffc90000097490 R08: ffffffff81de6413 R09: ffffed10237f9242 [ 38.797561][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 38.805369][ T9] R13: ffffc900000977d0 R14: 0000008410000000 R15: ffffc90000097360 [ 38.813184][ T9] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 38.821948][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.828370][ T9] CR2: 000055558fdf56f8 CR3: 000000010a84a000 CR4: 00000000003506a0 [ 38.836184][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.843999][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.851802][ T9] Call Trace: [ 38.854935][ T9] ? __die_body+0x62/0xb0 [ 38.859097][ T9] ? die+0x88/0xb0 [ 38.862670][ T9] ? do_trap+0x1a4/0x310 [ 38.866740][ T9] ? ext4_writepages+0x3bdf/0x3c00 [ 38.871683][ T9] ? handle_invalid_op+0x95/0xc0 [ 38.876461][ T9] ? ext4_writepages+0x3bdf/0x3c00 [ 38.881488][ T9] ? exc_invalid_op+0x32/0x50 [ 38.886000][ T9] ? asm_exc_invalid_op+0x12/0x20 [ 38.890864][ T9] ? ext4_writepages+0x653/0x3c00 [ 38.895723][ T9] ? ext4_writepages+0x3bdf/0x3c00 [ 38.900669][ T9] ? ext4_writepages+0x3bdf/0x3c00 [ 38.905617][ T9] ? update_load_avg+0xdaa/0x1690 [ 38.910483][ T9] ? enqueue_task_fair+0xd14/0x2820 [ 38.915512][ T9] ? sched_group_set_shares+0x490/0x490 [ 38.920904][ T9] ? ext4_readpage+0x230/0x230 [ 38.925501][ T9] ? ext4_readpage+0x230/0x230 [ 38.930097][ T9] do_writepages+0x12e/0x270 [ 38.934529][ T9] ? __writepage+0x130/0x130 [ 38.938950][ T9] ? __kasan_check_write+0x14/0x20 [ 38.943908][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 38.948499][ T9] __writeback_single_inode+0xd7/0xac0 [ 38.953787][ T9] writeback_sb_inodes+0x99c/0x16b0 [ 38.958818][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 38.963420][ T9] ? queue_io+0x520/0x520 [ 38.967589][ T9] ? writeback_sb_inodes+0x16b0/0x16b0 [ 38.972883][ T9] ? queue_io+0x3d3/0x520 [ 38.977046][ T9] wb_writeback+0x404/0xc60 [ 38.981394][ T9] ? wb_io_lists_depopulated+0x180/0x180 [ 38.986864][ T9] ? set_worker_desc+0x158/0x1c0 [ 38.991629][ T9] ? update_load_avg+0x541/0x1690 [ 38.996488][ T9] ? __kasan_check_write+0x14/0x20 [ 39.001531][ T9] wb_workfn+0x3d9/0x1110 [ 39.005690][ T9] ? inode_wait_for_writeback+0x280/0x280 [ 39.011251][ T9] ? _raw_spin_unlock_irq+0x4e/0x70 [ 39.016276][ T9] ? finish_task_switch+0x130/0x5a0 [ 39.021307][ T9] ? switch_mm_irqs_off+0x33c/0x9a0 [ 39.026344][ T9] ? __switch_to_asm+0x34/0x60 [ 39.030957][ T9] ? __kasan_check_read+0x11/0x20 [ 39.035802][ T9] ? read_word_at_a_time+0x12/0x20 [ 39.040755][ T9] ? strscpy+0x9c/0x260 [ 39.044749][ T9] process_one_work+0x6dc/0xbd0 [ 39.049437][ T9] worker_thread+0xaea/0x1510 [ 39.053947][ T9] kthread+0x34b/0x3d0 [ 39.057846][ T9] ? worker_clr_flags+0x180/0x180 [ 39.062710][ T9] ? kthread_blkcg+0xd0/0xd0 [ 39.067136][ T9] ret_from_fork+0x1f/0x30 [ 39.071383][ T9] Modules linked in: [ 39.075246][ T9] ---[ end trace 6617709c43d69f9b ]--- [ 39.080447][ T9] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [ 39.085981][ T9] Code: 28 8c ff 31 ff 89 de e8 7f 28 8c ff 45 84 f6 75 27 e8 e5 25 8c ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 d1 25 8c ff <0f> 0b e8 ca 25 8c ff e8 71 e2 21 ff eb 9b e8 be 25 8c ff e8 65 e2 [ 39.105528][ T9] RSP: 0018:ffffc900000970a0 EFLAGS: 00010293 [ 39.111334][ T9] RAX: ffffffff81de999f RBX: 0000008000000000 RCX: ffff88810024a780 [ 39.119134][ T9] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 39.126959][ T9] RBP: ffffc90000097490 R08: ffffffff81de6413 R09: ffffed10237f9242 [ 39.134744][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 39.142581][ T9] R13: ffffc900000977d0 R14: 0000008410000000 R15: ffffc90000097360 [ 39.150382][ T9] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 39.159152][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.165555][ T9] CR2: 000055558fdf56f8 CR3: 000000010a84a000 CR4: 00000000003506a0 [ 39.173392][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.181191][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.189010][ T9] Kernel panic - not syncing: Fatal exception [ 39.195126][ T9] Kernel Offset: disabled [ 39.199246][ T9] Rebooting in 86400 seconds..