./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor246858232 <...> Warning: Permanently added '10.128.1.60' (ED25519) to the list of known hosts. execve("./syz-executor246858232", ["./syz-executor246858232"], 0x7ffe740f7fe0 /* 10 vars */) = 0 brk(NULL) = 0x5555669e6000 brk(0x5555669e6d00) = 0x5555669e6d00 arch_prctl(ARCH_SET_FS, 0x5555669e6380) = 0 set_tid_address(0x5555669e6650) = 341 set_robust_list(0x5555669e6660, 24) = 0 rseq(0x5555669e6ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor246858232", 4096) = 27 getrandom("\x72\x71\xe5\xe2\x9d\x72\x2d\x89", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555669e6d00 brk(0x555566a07d00) = 0x555566a07d00 brk(0x555566a08000) = 0x555566a08000 mprotect(0x7f539bd69000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 getrandom("\x25\x09\x20\x75\xd9\xec\x15\xd9", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.FzwC0i", 0700) = 0 chmod("./syzkaller.FzwC0i", 0777) = 0 chdir("./syzkaller.FzwC0i") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x5555669e6660, 24) = 0 [ 23.557478][ T23] audit: type=1400 audit(1746549754.650:81): avc: denied { execmem } for pid=341 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.579448][ T23] audit: type=1400 audit(1746549754.670:82): avc: denied { read write } for pid=341 comm="syz-executor246" name="loop0" dev="devtmpfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 342] chdir("./0") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 342] write(1, "executing program\n", 18executing program ) = 18 [pid 342] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 342] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 342] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 342] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 342] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 342] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 342] memfd_create("syzkaller", 0) = 5 [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 342] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 342] munmap(0x7f53938b6000, 138412032) = 0 [pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 342] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 342] close(5) = 0 [pid 342] close(6) = 0 [pid 342] mkdir("./file0", 0777) = 0 [ 23.603734][ T23] audit: type=1400 audit(1746549754.670:83): avc: denied { open } for pid=341 comm="syz-executor246" path="/dev/loop0" dev="devtmpfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.627880][ T23] audit: type=1400 audit(1746549754.700:84): avc: denied { ioctl } for pid=341 comm="syz-executor246" path="/dev/loop0" dev="devtmpfs" ino=136 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.653692][ T23] audit: type=1400 audit(1746549754.700:85): avc: denied { read write } for pid=342 comm="syz-executor246" name="vhost-vsock" dev="devtmpfs" ino=10631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.681730][ T23] audit: type=1400 audit(1746549754.700:86): avc: denied { open } for pid=342 comm="syz-executor246" path="/dev/vhost-vsock" dev="devtmpfs" ino=10631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 342] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 342] chdir("./file0") = 0 [pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 342] ioctl(6, LOOP_CLR_FD) = 0 [pid 342] close(6) = 0 [ 23.706298][ T23] audit: type=1400 audit(1746549754.700:87): avc: denied { ioctl } for pid=342 comm="syz-executor246" path="/dev/vhost-vsock" dev="devtmpfs" ino=10631 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.734192][ T342] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 342] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 342] write(6, "#! ./file1\n", 11) = 11 [pid 342] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.764691][ T23] audit: type=1400 audit(1746549754.750:88): avc: denied { mounton } for pid=342 comm="syz-executor246" path="/root/syzkaller.FzwC0i/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.789115][ T23] audit: type=1400 audit(1746549754.850:89): avc: denied { mount } for pid=342 comm="syz-executor246" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 342] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 342] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=342, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 23.789937][ T342] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set [ 23.815143][ T23] audit: type=1400 audit(1746549754.850:90): avc: denied { write } for pid=342 comm="syz-executor246" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 348 ./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x5555669e6660, 24) = 0 [pid 348] chdir("./1") = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 348] write(1, "executing program\n", 18) = 18 [pid 348] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 348] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 348] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 348] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 348] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 348] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 348] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 348] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 348] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 348] memfd_create("syzkaller", 0) = 5 [pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 348] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 348] munmap(0x7f53938b6000, 138412032) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 348] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 348] close(5) = 0 [pid 348] close(6) = 0 [pid 348] mkdir("./file0", 0777) = 0 [pid 348] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 348] chdir("./file0") = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 348] ioctl(6, LOOP_CLR_FD) = 0 [pid 348] close(6) = 0 [pid 348] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 348] write(6, "#! ./file1\n", 11) = 11 [pid 348] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 348] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [ 24.016306][ T348] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.047662][ T349] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-348: bg 0: block 234: padding at end of block bitmap is not set [pid 348] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=348, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 24.063138][ T349] vhost-348 (349) used greatest stack depth: 22544 bytes left umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 353 ./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x5555669e6660, 24) = 0 [pid 353] chdir("./2") = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 353] setpgid(0, 0) = 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 353] write(1, "executing program\n", 18executing program ) = 18 [pid 353] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 353] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 353] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 353] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 353] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 353] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 353] memfd_create("syzkaller", 0) = 5 [pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 353] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 353] munmap(0x7f53938b6000, 138412032) = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 353] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 353] close(5) = 0 [pid 353] close(6) = 0 [pid 353] mkdir("./file0", 0777) = 0 [pid 353] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 353] chdir("./file0") = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 353] ioctl(6, LOOP_CLR_FD) = 0 [pid 353] close(6) = 0 [pid 353] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 353] write(6, "#! ./file1\n", 11) = 11 [pid 353] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.256479][ T353] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 353] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 353] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=353, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 24.297396][ T354] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-353: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 358 ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x5555669e6660, 24) = 0 [pid 358] chdir("./3") = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 358] write(1, "executing program\n", 18executing program ) = 18 [pid 358] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 358] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 358] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 358] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 358] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 358] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 358] memfd_create("syzkaller", 0) = 5 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 358] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 358] munmap(0x7f53938b6000, 138412032) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 358] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 358] close(5) = 0 [pid 358] close(6) = 0 [pid 358] mkdir("./file0", 0777) = 0 [pid 358] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 358] chdir("./file0") = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 358] ioctl(6, LOOP_CLR_FD) = 0 [pid 358] close(6) = 0 [pid 358] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 358] write(6, "#! ./file1\n", 11) = 11 [pid 358] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 358] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 358] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=358, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 24.446673][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.475351][ T358] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x5555669e6660, 24) = 0 [pid 363] chdir("./4") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18executing program ) = 18 [pid 363] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 363] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 363] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 363] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 363] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 363] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 363] memfd_create("syzkaller", 0) = 5 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 363] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 363] munmap(0x7f53938b6000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 363] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 363] close(5) = 0 [pid 363] close(6) = 0 [pid 363] mkdir("./file0", 0777) = 0 [pid 363] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 363] chdir("./file0") = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 363] ioctl(6, LOOP_CLR_FD) = 0 [pid 363] close(6) = 0 [pid 363] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 363] write(6, "#! ./file1\n", 11) = 11 [pid 363] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.706571][ T363] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 363] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 363] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=363, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 24.747463][ T364] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-363: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 368 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x5555669e6660, 24) = 0 [pid 368] chdir("./5") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 368] write(1, "executing program\n", 18) = 18 [pid 368] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 368] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 368] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 368] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 368] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 368] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 368] memfd_create("syzkaller", 0) = 5 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 368] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7f53938b6000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 368] close(5) = 0 [pid 368] close(6) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_CLR_FD) = 0 [pid 368] close(6) = 0 [pid 368] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 368] write(6, "#! ./file1\n", 11) = 11 [pid 368] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 368] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=368, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 24.857400][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.887858][ T369] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-368: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x5555669e6660, 24) = 0 [pid 373] chdir("./6") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] write(1, "executing program\n", 18executing program ) = 18 [pid 373] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 373] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 373] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 373] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 373] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 373] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 373] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 373] memfd_create("syzkaller", 0) = 5 [pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 373] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 373] munmap(0x7f53938b6000, 138412032) = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 373] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 373] close(5) = 0 [pid 373] close(6) = 0 [pid 373] mkdir("./file0", 0777) = 0 [pid 373] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 373] chdir("./file0") = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 373] ioctl(6, LOOP_CLR_FD) = 0 [pid 373] close(6) = 0 [pid 373] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 373] write(6, "#! ./file1\n", 11) = 11 [pid 373] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 373] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=373, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 25.056687][ T373] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.086633][ T374] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-373: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x5555669e6660, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x5555669e6650) = 378 [pid 378] chdir("./7") = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 378] write(1, "executing program\n", 18) = 18 [pid 378] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 378] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 378] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 378] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 378] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 378] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 378] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 378] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 378] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 378] memfd_create("syzkaller", 0) = 5 [pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 378] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 378] munmap(0x7f53938b6000, 138412032) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 378] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 378] close(5) = 0 [pid 378] close(6) = 0 [pid 378] mkdir("./file0", 0777) = 0 [pid 378] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 378] chdir("./file0") = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 378] ioctl(6, LOOP_CLR_FD) = 0 [pid 378] close(6) = 0 [pid 378] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 378] write(6, "#! ./file1\n", 11) = 11 [pid 378] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 378] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 378] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=378, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 25.256798][ T378] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.287617][ T379] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-378: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 383 ./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x5555669e6660, 24) = 0 [pid 383] chdir("./8") = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 383] write(1, "executing program\n", 18executing program ) = 18 [pid 383] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 383] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 383] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 383] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 383] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 383] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 383] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 383] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 383] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 383] memfd_create("syzkaller", 0) = 5 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 383] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 383] munmap(0x7f53938b6000, 138412032) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 383] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 383] close(5) = 0 [pid 383] close(6) = 0 [pid 383] mkdir("./file0", 0777) = 0 [pid 383] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 383] chdir("./file0") = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 383] ioctl(6, LOOP_CLR_FD) = 0 [pid 383] close(6) = 0 [pid 383] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 383] write(6, "#! ./file1\n", 11) = 11 [pid 383] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 383] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 383] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=383, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 25.396502][ T383] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.419160][ T383] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 388 ./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x5555669e6660, 24) = 0 [pid 388] chdir("./9") = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 388] write(1, "executing program\n", 18executing program ) = 18 [pid 388] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 388] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 388] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 388] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 388] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 388] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 388] memfd_create("syzkaller", 0) = 5 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 388] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 388] munmap(0x7f53938b6000, 138412032) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 388] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 388] close(5) = 0 [pid 388] close(6) = 0 [pid 388] mkdir("./file0", 0777) = 0 [pid 388] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 388] chdir("./file0") = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 388] ioctl(6, LOOP_CLR_FD) = 0 [pid 388] close(6) = 0 [pid 388] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 388] write(6, "#! ./file1\n", 11) = 11 [pid 388] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.626651][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 388] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=388, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 25.668024][ T389] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-388: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 393 ./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x5555669e6660, 24) = 0 [pid 393] chdir("./10") = 0 [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 393] setpgid(0, 0) = 0 [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3) = 0 [pid 393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 393] write(1, "executing program\n", 18executing program ) = 18 [pid 393] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 393] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 393] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 393] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 393] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 393] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 393] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 393] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 393] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 393] memfd_create("syzkaller", 0) = 5 [pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 393] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 393] munmap(0x7f53938b6000, 138412032) = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 393] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 393] close(5) = 0 [pid 393] close(6) = 0 [pid 393] mkdir("./file0", 0777) = 0 [pid 393] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 393] chdir("./file0") = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 393] ioctl(6, LOOP_CLR_FD) = 0 [pid 393] close(6) = 0 [pid 393] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 393] write(6, "#! ./file1\n", 11) = 11 [pid 393] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.896495][ T393] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 393] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 393] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=393, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 25.938257][ T394] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-393: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x5555669e6660, 24) = 0 [pid 399] chdir("./11") = 0 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 399] setpgid(0, 0 [pid 341] <... clone resumed>, child_tidptr=0x5555669e6650) = 399 [pid 399] <... setpgid resumed>) = 0 [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 399] write(3, "1000", 4) = 4 [pid 399] close(3) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 399] write(1, "executing program\n", 18executing program ) = 18 [pid 399] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 399] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 399] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 399] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 399] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 399] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 399] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 399] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 399] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 399] memfd_create("syzkaller", 0) = 5 [pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 399] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 399] munmap(0x7f53938b6000, 138412032) = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 399] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 399] close(5) = 0 [pid 399] close(6) = 0 [pid 399] mkdir("./file0", 0777) = 0 [pid 399] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 399] chdir("./file0") = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 399] ioctl(6, LOOP_CLR_FD) = 0 [pid 399] close(6) = 0 [pid 399] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 399] write(6, "#! ./file1\n", 11) = 11 [pid 399] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.166576][ T399] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 399] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 399] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=399, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 26.207784][ T400] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-399: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x5555669e6660, 24) = 0 [pid 404] chdir("./12") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] write(1, "executing program\n", 18executing program ) = 18 [pid 404] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 404] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 404] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 404] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 404] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 404] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 404] memfd_create("syzkaller", 0) = 5 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 404] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 404] munmap(0x7f53938b6000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 404] close(5) = 0 [pid 404] close(6) = 0 [pid 404] mkdir("./file0", 0777) = 0 [pid 404] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_CLR_FD) = 0 [pid 404] close(6) = 0 [pid 404] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 404] write(6, "#! ./file1\n", 11) = 11 [pid 404] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.426628][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 404] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 404] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=404, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 26.467910][ T405] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-404: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 409 ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x5555669e6660, 24) = 0 [pid 409] chdir("./13") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 409] write(1, "executing program\n", 18executing program ) = 18 [pid 409] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 409] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 409] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 409] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 409] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 409] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 409] memfd_create("syzkaller", 0) = 5 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 409] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 409] munmap(0x7f53938b6000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 409] close(5) = 0 [pid 409] close(6) = 0 [pid 409] mkdir("./file0", 0777) = 0 [pid 409] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 409] chdir("./file0") = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_CLR_FD) = 0 [pid 409] close(6) = 0 [pid 409] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 409] write(6, "#! ./file1\n", 11) = 11 [pid 409] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 409] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=409, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 26.650185][ T409] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.681977][ T410] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-409: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x5555669e6660, 24) = 0 [pid 414] chdir("./14") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] write(1, "executing program\n", 18executing program ) = 18 [pid 414] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 414] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 414] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 414] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 414] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 414] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 414] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 414] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 414] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 414] memfd_create("syzkaller", 0) = 5 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 414] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 414] munmap(0x7f53938b6000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 414] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 414] close(5) = 0 [pid 414] close(6) = 0 [pid 414] mkdir("./file0", 0777) = 0 [pid 414] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 414] chdir("./file0") = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 414] ioctl(6, LOOP_CLR_FD) = 0 [pid 414] close(6) = 0 [pid 414] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 414] write(6, "#! ./file1\n", 11) = 11 [pid 414] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.886536][ T414] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 414] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 414] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=414, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 26.928046][ T415] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-414: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 419 ./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x5555669e6660, 24) = 0 [pid 419] chdir("./15") = 0 [pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 419] setpgid(0, 0) = 0 [pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 419] write(3, "1000", 4) = 4 [pid 419] close(3) = 0 [pid 419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 419] write(1, "executing program\n", 18executing program ) = 18 [pid 419] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 419] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 419] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 419] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 419] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 419] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 419] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 419] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 419] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 419] memfd_create("syzkaller", 0) = 5 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 419] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 419] munmap(0x7f53938b6000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 419] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 419] close(5) = 0 [pid 419] close(6) = 0 [pid 419] mkdir("./file0", 0777) = 0 [pid 419] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 419] chdir("./file0") = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 419] ioctl(6, LOOP_CLR_FD) = 0 [pid 419] close(6) = 0 [pid 419] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 419] write(6, "#! ./file1\n", 11) = 11 [pid 419] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 419] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 419] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=419, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 27.055082][ T419] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.085897][ T420] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-419: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x5555669e6660, 24) = 0 [pid 424] chdir("./16") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 424] write(1, "executing program\n", 18executing program ) = 18 [pid 424] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 424] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 424] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 424] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 424] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 424] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 424] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 424] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 424] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 424] memfd_create("syzkaller", 0) = 5 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 424] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 424] munmap(0x7f53938b6000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 424] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 424] close(5) = 0 [pid 424] close(6) = 0 [pid 424] mkdir("./file0", 0777) = 0 [pid 424] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 424] chdir("./file0") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 424] ioctl(6, LOOP_CLR_FD) = 0 [pid 424] close(6) = 0 [pid 424] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 424] write(6, "#! ./file1\n", 11) = 11 [pid 424] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 424] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 424] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=424, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 27.256630][ T424] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.287208][ T425] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-424: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 429 ./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x5555669e6660, 24) = 0 [pid 429] chdir("./17") = 0 [pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 429] setpgid(0, 0) = 0 [pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 429] write(3, "1000", 4) = 4 [pid 429] close(3) = 0 [pid 429] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 429] write(1, "executing program\n", 18) = 18 [pid 429] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 429] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 429] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 429] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 429] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 429] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 429] memfd_create("syzkaller", 0) = 5 [pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 429] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 429] munmap(0x7f53938b6000, 138412032) = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 429] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 429] close(5) = 0 [pid 429] close(6) = 0 [pid 429] mkdir("./file0", 0777) = 0 [pid 429] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 429] chdir("./file0") = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 429] ioctl(6, LOOP_CLR_FD) = 0 [pid 429] close(6) = 0 [pid 429] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 429] write(6, "#! ./file1\n", 11) = 11 [pid 429] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 429] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 429] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=429, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 27.455108][ T429] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.485576][ T430] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-429: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 434 ./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x5555669e6660, 24) = 0 [pid 434] chdir("./18") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] write(1, "executing program\n", 18executing program ) = 18 [pid 434] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 434] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 434] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 434] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 434] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 434] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 434] memfd_create("syzkaller", 0) = 5 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 434] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 434] munmap(0x7f53938b6000, 138412032) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 434] close(5) = 0 [pid 434] close(6) = 0 [pid 434] mkdir("./file0", 0777) = 0 [pid 434] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 434] chdir("./file0") = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_CLR_FD) = 0 [pid 434] close(6) = 0 [pid 434] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 434] write(6, "#! ./file1\n", 11) = 11 [pid 434] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 434] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=434, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 27.586506][ T434] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.617329][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-434: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x5555669e6660, 24) = 0 [pid 439] chdir("./19") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] write(1, "executing program\n", 18executing program ) = 18 [pid 439] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 439] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 439] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 439] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 439] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 439] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 439] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 439] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 439] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 439] memfd_create("syzkaller", 0) = 5 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 439] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 439] munmap(0x7f53938b6000, 138412032) = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 439] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 439] close(5) = 0 [pid 439] close(6) = 0 [pid 439] mkdir("./file0", 0777) = 0 [pid 439] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 439] chdir("./file0") = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 439] ioctl(6, LOOP_CLR_FD) = 0 [pid 439] close(6) = 0 [pid 439] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 439] write(6, "#! ./file1\n", 11) = 11 [pid 439] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 439] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 439] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=439, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 27.776578][ T439] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.802769][ T440] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-439: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 444 ./strace-static-x86_64: Process 444 attached [pid 444] set_robust_list(0x5555669e6660, 24) = 0 [pid 444] chdir("./20") = 0 [pid 444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 444] setpgid(0, 0) = 0 [pid 444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 444] write(3, "1000", 4) = 4 [pid 444] close(3) = 0 [pid 444] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 444] write(1, "executing program\n", 18) = 18 [pid 444] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 444] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 444] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 444] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 444] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 444] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 444] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 444] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 444] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 444] memfd_create("syzkaller", 0) = 5 [pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 444] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 444] munmap(0x7f53938b6000, 138412032) = 0 [pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 444] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 444] close(5) = 0 [pid 444] close(6) = 0 [pid 444] mkdir("./file0", 0777) = 0 [pid 444] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 444] chdir("./file0") = 0 [pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 444] ioctl(6, LOOP_CLR_FD) = 0 [pid 444] close(6) = 0 [pid 444] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 444] write(6, "#! ./file1\n", 11) = 11 [pid 444] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.976449][ T444] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 444] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 444] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=444, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 28.017258][ T445] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-444: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 449 ./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x5555669e6660, 24) = 0 [pid 449] chdir("./21") = 0 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 449] setpgid(0, 0) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 449] write(3, "1000", 4) = 4 [pid 449] close(3) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 449] write(1, "executing program\n", 18executing program ) = 18 [pid 449] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 449] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 449] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 449] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 449] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 449] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 449] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 449] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 449] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 449] memfd_create("syzkaller", 0) = 5 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 449] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 449] munmap(0x7f53938b6000, 138412032) = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 449] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 449] close(5) = 0 [pid 449] close(6) = 0 [pid 449] mkdir("./file0", 0777) = 0 [pid 449] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 449] chdir("./file0") = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 449] ioctl(6, LOOP_CLR_FD) = 0 [pid 449] close(6) = 0 [pid 449] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 449] write(6, "#! ./file1\n", 11) = 11 [pid 449] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 449] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 449] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=449, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 28.176516][ T449] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.204759][ T450] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-449: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 454 attached [pid 454] set_robust_list(0x5555669e6660, 24) = 0 [pid 454] chdir("./22") = 0 [pid 454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 454] setpgid(0, 0) = 0 [pid 454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 454] write(3, "1000", 4) = 4 [pid 454] close(3) = 0 [pid 454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 341] <... clone resumed>, child_tidptr=0x5555669e6650) = 454 [pid 454] write(1, "executing program\n", 18executing program ) = 18 [pid 454] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 454] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 454] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 454] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 454] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 454] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 454] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 454] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 454] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 454] memfd_create("syzkaller", 0) = 5 [pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 454] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 454] munmap(0x7f53938b6000, 138412032) = 0 [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 454] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 454] close(5) = 0 [pid 454] close(6) = 0 [pid 454] mkdir("./file0", 0777) = 0 [pid 454] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 454] chdir("./file0") = 0 [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 454] ioctl(6, LOOP_CLR_FD) = 0 [pid 454] close(6) = 0 [pid 454] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 454] write(6, "#! ./file1\n", 11) = 11 [pid 454] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.336593][ T454] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 454] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 454] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=454, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 28.378227][ T455] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-454: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 459 attached , child_tidptr=0x5555669e6650) = 459 [pid 459] set_robust_list(0x5555669e6660, 24) = 0 [pid 459] chdir("./23") = 0 [pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 459] setpgid(0, 0) = 0 [pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 459] write(3, "1000", 4) = 4 [pid 459] close(3) = 0 [pid 459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 459] write(1, "executing program\n", 18executing program ) = 18 [pid 459] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 459] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 459] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 459] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 459] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 459] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 459] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 459] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 459] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 459] memfd_create("syzkaller", 0) = 5 [pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 459] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 459] munmap(0x7f53938b6000, 138412032) = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 459] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 459] close(5) = 0 [pid 459] close(6) = 0 [pid 459] mkdir("./file0", 0777) = 0 [pid 459] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 459] chdir("./file0") = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 459] ioctl(6, LOOP_CLR_FD) = 0 [pid 459] close(6) = 0 [pid 459] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 459] write(6, "#! ./file1\n", 11) = 11 [pid 459] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 459] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 459] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 28.544246][ T459] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.576693][ T460] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-459: bg 0: block 234: padding at end of block bitmap is not set unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 464 attached , child_tidptr=0x5555669e6650) = 464 [pid 464] set_robust_list(0x5555669e6660, 24) = 0 [pid 464] chdir("./24") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] write(1, "executing program\n", 18executing program ) = 18 [pid 464] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 464] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 464] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 464] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 464] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 464] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 464] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 464] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 464] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 464] memfd_create("syzkaller", 0) = 5 [pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 464] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 464] munmap(0x7f53938b6000, 138412032) = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 464] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 464] close(5) = 0 [pid 464] close(6) = 0 [pid 464] mkdir("./file0", 0777) = 0 [pid 464] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 464] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 464] chdir("./file0") = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 464] ioctl(6, LOOP_CLR_FD) = 0 [pid 464] close(6) = 0 [pid 464] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 464] write(6, "#! ./file1\n", 11) = 11 [pid 464] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 464] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 464] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=464, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 28.734295][ T464] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.765340][ T465] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-464: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 469 ./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x5555669e6660, 24) = 0 [pid 469] chdir("./25") = 0 [pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 469] setpgid(0, 0) = 0 [pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 469] write(3, "1000", 4) = 4 [pid 469] close(3) = 0 [pid 469] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 469] write(1, "executing program\n", 18) = 18 [pid 469] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 469] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 469] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 469] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 469] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 469] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 469] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 469] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 469] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 469] memfd_create("syzkaller", 0) = 5 [pid 469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 469] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 469] munmap(0x7f53938b6000, 138412032) = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 469] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 469] close(5) = 0 [pid 469] close(6) = 0 [pid 469] mkdir("./file0", 0777) = 0 [pid 469] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 469] chdir("./file0") = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 469] ioctl(6, LOOP_CLR_FD) = 0 [pid 469] close(6) = 0 [pid 469] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 469] write(6, "#! ./file1\n", 11) = 11 [pid 469] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 469] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 469] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=469, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 28.934167][ T469] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.966999][ T470] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-469: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 474 ./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x5555669e6660, 24) = 0 [pid 474] chdir("./26") = 0 [pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 474] setpgid(0, 0) = 0 [pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 474] write(3, "1000", 4) = 4 [pid 474] close(3) = 0 [pid 474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 474] write(1, "executing program\n", 18executing program ) = 18 [pid 474] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 474] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 474] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 474] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 474] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 474] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 474] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 474] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 474] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 474] memfd_create("syzkaller", 0) = 5 [pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 474] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 474] munmap(0x7f53938b6000, 138412032) = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 474] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 474] close(5) = 0 [pid 474] close(6) = 0 [pid 474] mkdir("./file0", 0777) = 0 [pid 474] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 474] chdir("./file0") = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 474] ioctl(6, LOOP_CLR_FD) = 0 [pid 474] close(6) = 0 [pid 474] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 474] write(6, "#! ./file1\n", 11) = 11 [pid 474] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 474] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 474] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=474, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 29.176618][ T474] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.207753][ T475] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-474: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x5555669e6660, 24) = 0 [pid 479] chdir("./27") = 0 [pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 479] setpgid(0, 0) = 0 [pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 479] write(3, "1000", 4) = 4 [pid 479] close(3) = 0 [pid 479] symlink("/dev/binderfs", "./binderfs" [pid 341] <... clone resumed>, child_tidptr=0x5555669e6650) = 479 executing program [pid 479] <... symlink resumed>) = 0 [pid 479] write(1, "executing program\n", 18) = 18 [pid 479] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 479] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 479] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 479] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 479] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 479] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 479] memfd_create("syzkaller", 0) = 5 [pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 479] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 479] munmap(0x7f53938b6000, 138412032) = 0 [pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 479] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 479] close(5) = 0 [pid 479] close(6) = 0 [pid 479] mkdir("./file0", 0777) = 0 [pid 479] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 479] chdir("./file0") = 0 [pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 479] ioctl(6, LOOP_CLR_FD) = 0 [pid 479] close(6) = 0 [pid 479] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 479] write(6, "#! ./file1\n", 11) = 11 [pid 479] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 479] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 479] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=479, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 29.346594][ T479] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.379155][ T480] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-479: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x5555669e6660, 24) = 0 [pid 484] chdir("./28") = 0 [pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 484] setpgid(0, 0) = 0 [pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 484] write(3, "1000", 4) = 4 [pid 484] close(3) = 0 [pid 484] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 484] write(1, "executing program\n", 18) = 18 [pid 484] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 484] ioctl(3, VHOST_SET_OWNER [pid 341] <... clone resumed>, child_tidptr=0x5555669e6650) = 484 [pid 484] <... ioctl resumed>, 0) = 0 [pid 484] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 484] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 484] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 484] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 484] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 484] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 484] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 484] memfd_create("syzkaller", 0) = 5 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 484] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 484] munmap(0x7f53938b6000, 138412032) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 484] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 484] close(5) = 0 [pid 484] close(6) = 0 [pid 484] mkdir("./file0", 0777) = 0 [pid 484] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 484] chdir("./file0") = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 484] ioctl(6, LOOP_CLR_FD) = 0 [pid 484] close(6) = 0 [pid 484] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 484] write(6, "#! ./file1\n", 11) = 11 [pid 484] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 484] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 484] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=484, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 29.536482][ T484] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.568675][ T485] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-484: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x5555669e6660, 24) = 0 [pid 489] chdir("./29") = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 489] setpgid(0, 0) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 489] write(3, "1000", 4) = 4 [pid 489] close(3) = 0 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 489] write(1, "executing program\n", 18executing program ) = 18 [pid 489] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 489] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 489] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 489] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 489] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 489] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 489] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 489] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 489] memfd_create("syzkaller", 0) = 5 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 489] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 489] munmap(0x7f53938b6000, 138412032) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 489] close(5) = 0 [pid 489] close(6) = 0 [pid 489] mkdir("./file0", 0777) = 0 [pid 489] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 489] chdir("./file0") = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_CLR_FD) = 0 [pid 489] close(6) = 0 [pid 489] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 489] write(6, "#! ./file1\n", 11) = 11 [pid 489] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 489] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 489] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=489, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 29.736107][ T489] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.767427][ T490] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-489: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 494 attached , child_tidptr=0x5555669e6650) = 494 [pid 494] set_robust_list(0x5555669e6660, 24) = 0 [pid 494] chdir("./30") = 0 [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 494] setpgid(0, 0) = 0 [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 494] write(3, "1000", 4) = 4 [pid 494] close(3) = 0 [pid 494] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 494] write(1, "executing program\n", 18) = 18 [pid 494] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 494] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 494] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 494] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 494] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 494] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 494] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 494] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 494] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 494] memfd_create("syzkaller", 0) = 5 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 494] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 494] munmap(0x7f53938b6000, 138412032) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 494] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 494] close(5) = 0 [pid 494] close(6) = 0 [pid 494] mkdir("./file0", 0777) = 0 [pid 494] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 494] chdir("./file0") = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 494] ioctl(6, LOOP_CLR_FD) = 0 [pid 494] close(6) = 0 [pid 494] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 494] write(6, "#! ./file1\n", 11) = 11 [pid 494] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 494] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 494] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=494, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 29.906011][ T494] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.936793][ T495] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-494: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 499 attached , child_tidptr=0x5555669e6650) = 499 [pid 499] set_robust_list(0x5555669e6660, 24) = 0 [pid 499] chdir("./31") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 499] write(1, "executing program\n", 18executing program ) = 18 [pid 499] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 499] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 499] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 499] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 499] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 499] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 499] memfd_create("syzkaller", 0) = 5 [pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 499] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 499] munmap(0x7f53938b6000, 138412032) = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 499] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 499] close(5) = 0 [pid 499] close(6) = 0 [pid 499] mkdir("./file0", 0777) = 0 [pid 499] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 499] chdir("./file0") = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 499] ioctl(6, LOOP_CLR_FD) = 0 [pid 499] close(6) = 0 [pid 499] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 499] write(6, "#! ./file1\n", 11) = 11 [pid 499] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 499] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 499] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=499, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 30.064964][ T499] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.097918][ T500] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-499: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 504 ./strace-static-x86_64: Process 504 attached [pid 504] set_robust_list(0x5555669e6660, 24) = 0 [pid 504] chdir("./32") = 0 [pid 504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 504] setpgid(0, 0) = 0 [pid 504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 504] write(3, "1000", 4) = 4 [pid 504] close(3) = 0 [pid 504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 504] write(1, "executing program\n", 18executing program ) = 18 [pid 504] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 504] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 504] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 504] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 504] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 504] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 504] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 504] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 504] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 504] memfd_create("syzkaller", 0) = 5 [pid 504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 504] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 504] munmap(0x7f53938b6000, 138412032) = 0 [pid 504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 504] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 504] close(5) = 0 [pid 504] close(6) = 0 [pid 504] mkdir("./file0", 0777) = 0 [pid 504] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 504] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 504] chdir("./file0") = 0 [pid 504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 504] ioctl(6, LOOP_CLR_FD) = 0 [pid 504] close(6) = 0 [pid 504] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 504] write(6, "#! ./file1\n", 11) = 11 [pid 504] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 504] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 504] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=504, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 30.265577][ T504] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.296899][ T505] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-504: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 509 ./strace-static-x86_64: Process 509 attached [pid 509] set_robust_list(0x5555669e6660, 24) = 0 [pid 509] chdir("./33") = 0 [pid 509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 509] setpgid(0, 0) = 0 [pid 509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 509] write(3, "1000", 4) = 4 [pid 509] close(3) = 0 [pid 509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 509] write(1, "executing program\n", 18) = 18 executing program [pid 509] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 509] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 509] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 509] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 509] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 509] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 509] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 509] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 509] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 509] memfd_create("syzkaller", 0) = 5 [pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 509] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 509] munmap(0x7f53938b6000, 138412032) = 0 [pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 509] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 509] close(5) = 0 [pid 509] close(6) = 0 [pid 509] mkdir("./file0", 0777) = 0 [pid 509] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 509] chdir("./file0") = 0 [pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 509] ioctl(6, LOOP_CLR_FD) = 0 [pid 509] close(6) = 0 [pid 509] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 509] write(6, "#! ./file1\n", 11) = 11 [pid 509] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 509] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 509] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=509, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 30.396646][ T509] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.424450][ T509] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 514 ./strace-static-x86_64: Process 514 attached [pid 514] set_robust_list(0x5555669e6660, 24) = 0 [pid 514] chdir("./34") = 0 [pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 514] setpgid(0, 0) = 0 [pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 514] write(3, "1000", 4) = 4 [pid 514] close(3) = 0 [pid 514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 514] write(1, "executing program\n", 18executing program ) = 18 [pid 514] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 514] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 514] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 514] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 514] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 514] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 514] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 514] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 514] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 514] memfd_create("syzkaller", 0) = 5 [pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 514] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 514] munmap(0x7f53938b6000, 138412032) = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 514] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 514] close(5) = 0 [pid 514] close(6) = 0 [pid 514] mkdir("./file0", 0777) = 0 [pid 514] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 514] chdir("./file0") = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 514] ioctl(6, LOOP_CLR_FD) = 0 [pid 514] close(6) = 0 [pid 514] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 514] write(6, "#! ./file1\n", 11) = 11 [pid 514] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 30.696468][ T514] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 514] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 514] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=514, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 30.737291][ T515] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-514: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 519 ./strace-static-x86_64: Process 519 attached [pid 519] set_robust_list(0x5555669e6660, 24) = 0 [pid 519] chdir("./35") = 0 [pid 519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 519] setpgid(0, 0) = 0 [pid 519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 519] write(3, "1000", 4) = 4 [pid 519] close(3) = 0 [pid 519] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 519] write(1, "executing program\n", 18) = 18 [pid 519] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 519] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 519] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 519] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 519] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 519] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 519] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 519] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 519] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 519] memfd_create("syzkaller", 0) = 5 [pid 519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 519] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 519] munmap(0x7f53938b6000, 138412032) = 0 [pid 519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 519] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 519] close(5) = 0 [pid 519] close(6) = 0 [pid 519] mkdir("./file0", 0777) = 0 [pid 519] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 519] chdir("./file0") = 0 [pid 519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 519] ioctl(6, LOOP_CLR_FD) = 0 [pid 519] close(6) = 0 [pid 519] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 519] write(6, "#! ./file1\n", 11) = 11 [pid 519] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 30.946492][ T519] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 519] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 519] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=519, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 30.987419][ T520] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-519: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 524 ./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x5555669e6660, 24) = 0 [pid 524] chdir("./36") = 0 [pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 524] setpgid(0, 0) = 0 [pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 524] write(3, "1000", 4) = 4 [pid 524] close(3) = 0 [pid 524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 524] write(1, "executing program\n", 18executing program ) = 18 [pid 524] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 524] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 524] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 524] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 524] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 524] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 524] memfd_create("syzkaller", 0) = 5 [pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 524] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 524] munmap(0x7f53938b6000, 138412032) = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 524] close(5) = 0 [pid 524] close(6) = 0 [pid 524] mkdir("./file0", 0777) = 0 [pid 524] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 524] chdir("./file0") = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_CLR_FD) = 0 [pid 524] close(6) = 0 [pid 524] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 524] write(6, "#! ./file1\n", 11) = 11 [pid 524] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 524] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 524] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=524, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 31.116488][ T524] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.147149][ T525] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-524: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 529 ./strace-static-x86_64: Process 529 attached [pid 529] set_robust_list(0x5555669e6660, 24) = 0 [pid 529] chdir("./37") = 0 [pid 529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 529] setpgid(0, 0) = 0 [pid 529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 529] write(3, "1000", 4) = 4 [pid 529] close(3) = 0 [pid 529] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 529] write(1, "executing program\n", 18) = 18 [pid 529] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 529] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 529] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 529] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 529] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 529] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 529] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 529] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 529] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 529] memfd_create("syzkaller", 0) = 5 [pid 529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 529] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 529] munmap(0x7f53938b6000, 138412032) = 0 [pid 529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 529] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 529] close(5) = 0 [pid 529] close(6) = 0 [pid 529] mkdir("./file0", 0777) = 0 [pid 529] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 529] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 529] chdir("./file0") = 0 [pid 529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 529] ioctl(6, LOOP_CLR_FD) = 0 [pid 529] close(6) = 0 [pid 529] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 529] write(6, "#! ./file1\n", 11) = 11 [pid 529] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 529] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 529] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=529, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 31.285910][ T529] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.316920][ T530] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-529: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 534 ./strace-static-x86_64: Process 534 attached [pid 534] set_robust_list(0x5555669e6660, 24) = 0 [pid 534] chdir("./38") = 0 [pid 534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 534] setpgid(0, 0) = 0 [pid 534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 534] write(3, "1000", 4) = 4 [pid 534] close(3) = 0 [pid 534] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 534] write(1, "executing program\n", 18) = 18 [pid 534] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 534] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 534] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 534] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 534] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 534] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 534] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 534] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 534] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 534] memfd_create("syzkaller", 0) = 5 [pid 534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 534] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 534] munmap(0x7f53938b6000, 138412032) = 0 [pid 534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 534] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 534] close(5) = 0 [pid 534] close(6) = 0 [pid 534] mkdir("./file0", 0777) = 0 [pid 534] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 534] chdir("./file0") = 0 [pid 534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 534] ioctl(6, LOOP_CLR_FD) = 0 [pid 534] close(6) = 0 [pid 534] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 534] write(6, "#! ./file1\n", 11) = 11 [pid 534] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 534] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 534] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=534, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 31.446695][ T534] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.477587][ T535] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-534: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 539 ./strace-static-x86_64: Process 539 attached [pid 539] set_robust_list(0x5555669e6660, 24) = 0 [pid 539] chdir("./39") = 0 [pid 539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 539] setpgid(0, 0) = 0 [pid 539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 539] write(3, "1000", 4) = 4 [pid 539] close(3) = 0 [pid 539] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 539] write(1, "executing program\n", 18) = 18 [pid 539] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 539] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 539] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 539] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 539] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 539] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 539] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 539] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 539] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 539] memfd_create("syzkaller", 0) = 5 [pid 539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 539] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 539] munmap(0x7f53938b6000, 138412032) = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 539] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 539] close(5) = 0 [pid 539] close(6) = 0 [pid 539] mkdir("./file0", 0777) = 0 [pid 539] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 539] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 539] chdir("./file0") = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 539] ioctl(6, LOOP_CLR_FD) = 0 [pid 539] close(6) = 0 [pid 539] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 539] write(6, "#! ./file1\n", 11) = 11 [pid 539] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 539] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 539] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=539, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 31.602987][ T539] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.633555][ T540] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-539: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 544 ./strace-static-x86_64: Process 544 attached [pid 544] set_robust_list(0x5555669e6660, 24) = 0 [pid 544] chdir("./40") = 0 [pid 544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 544] setpgid(0, 0) = 0 [pid 544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 544] write(3, "1000", 4) = 4 [pid 544] close(3) = 0 [pid 544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 544] write(1, "executing program\n", 18executing program ) = 18 [pid 544] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 544] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 544] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 544] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 544] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 544] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 544] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 544] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 544] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 544] memfd_create("syzkaller", 0) = 5 [pid 544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 544] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 544] munmap(0x7f53938b6000, 138412032) = 0 [pid 544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 544] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 544] close(5) = 0 [pid 544] close(6) = 0 [pid 544] mkdir("./file0", 0777) = 0 [pid 544] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 544] chdir("./file0") = 0 [pid 544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 544] ioctl(6, LOOP_CLR_FD) = 0 [pid 544] close(6) = 0 [pid 544] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 544] write(6, "#! ./file1\n", 11) = 11 [pid 544] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 544] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 544] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=544, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 31.764869][ T544] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.796431][ T545] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-544: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 549 ./strace-static-x86_64: Process 549 attached [pid 549] set_robust_list(0x5555669e6660, 24) = 0 [pid 549] chdir("./41") = 0 [pid 549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 549] setpgid(0, 0) = 0 [pid 549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 549] write(3, "1000", 4) = 4 [pid 549] close(3) = 0 [pid 549] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 549] write(1, "executing program\n", 18) = 18 [pid 549] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 549] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 549] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 549] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 549] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 549] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 549] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 549] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 549] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 549] memfd_create("syzkaller", 0) = 5 [pid 549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 549] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 549] munmap(0x7f53938b6000, 138412032) = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 549] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 549] close(5) = 0 [pid 549] close(6) = 0 [pid 549] mkdir("./file0", 0777) = 0 [pid 549] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 549] chdir("./file0") = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 549] ioctl(6, LOOP_CLR_FD) = 0 [pid 549] close(6) = 0 [pid 549] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 549] write(6, "#! ./file1\n", 11) = 11 [pid 549] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 549] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 549] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=549, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 31.935026][ T549] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.966844][ T550] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-549: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 554 ./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x5555669e6660, 24) = 0 [pid 554] chdir("./42") = 0 [pid 554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 554] setpgid(0, 0) = 0 [pid 554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 554] write(3, "1000", 4) = 4 [pid 554] close(3) = 0 [pid 554] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 554] write(1, "executing program\n", 18) = 18 [pid 554] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 554] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 554] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 554] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 554] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 554] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 554] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 554] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 554] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 554] memfd_create("syzkaller", 0) = 5 [pid 554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 554] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 554] munmap(0x7f53938b6000, 138412032) = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 554] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 554] close(5) = 0 [pid 554] close(6) = 0 [pid 554] mkdir("./file0", 0777) = 0 [pid 554] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 554] chdir("./file0") = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 554] ioctl(6, LOOP_CLR_FD) = 0 [pid 554] close(6) = 0 [pid 554] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 554] write(6, "#! ./file1\n", 11) = 11 [pid 554] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 554] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 554] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=554, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 32.065482][ T554] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.095960][ T555] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-554: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 559 ./strace-static-x86_64: Process 559 attached [pid 559] set_robust_list(0x5555669e6660, 24) = 0 [pid 559] chdir("./43") = 0 [pid 559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 559] setpgid(0, 0) = 0 [pid 559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 559] write(3, "1000", 4) = 4 [pid 559] close(3) = 0 [pid 559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 559] write(1, "executing program\n", 18executing program ) = 18 [pid 559] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 559] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 559] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 559] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 559] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 559] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 559] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 559] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 559] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 559] memfd_create("syzkaller", 0) = 5 [pid 559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 559] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 559] munmap(0x7f53938b6000, 138412032) = 0 [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 559] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 559] close(5) = 0 [pid 559] close(6) = 0 [pid 559] mkdir("./file0", 0777) = 0 [pid 559] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 559] chdir("./file0") = 0 [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 559] ioctl(6, LOOP_CLR_FD) = 0 [pid 559] close(6) = 0 [pid 559] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 559] write(6, "#! ./file1\n", 11) = 11 [pid 559] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 32.346852][ T559] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 559] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 559] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=559, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 32.387706][ T560] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-559: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 564 ./strace-static-x86_64: Process 564 attached [pid 564] set_robust_list(0x5555669e6660, 24) = 0 [pid 564] chdir("./44") = 0 [pid 564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 564] setpgid(0, 0) = 0 [pid 564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 564] write(3, "1000", 4) = 4 [pid 564] close(3) = 0 [pid 564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 564] write(1, "executing program\n", 18executing program ) = 18 [pid 564] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 564] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 564] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 564] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 564] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 564] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 564] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 564] memfd_create("syzkaller", 0) = 5 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 564] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 564] munmap(0x7f53938b6000, 138412032) = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 564] close(5) = 0 [pid 564] close(6) = 0 [pid 564] mkdir("./file0", 0777) = 0 [pid 564] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 564] chdir("./file0") = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_CLR_FD) = 0 [pid 564] close(6) = 0 [pid 564] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 564] write(6, "#! ./file1\n", 11) = 11 [pid 564] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 32.594613][ T564] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 564] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 564] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=564, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 32.637743][ T565] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-564: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 569 ./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x5555669e6660, 24) = 0 [pid 569] chdir("./45") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 569] write(1, "executing program\n", 18executing program ) = 18 [pid 569] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 569] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 569] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 569] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 569] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 569] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 569] memfd_create("syzkaller", 0) = 5 [pid 569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 569] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 569] munmap(0x7f53938b6000, 138412032) = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 569] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 569] close(5) = 0 [pid 569] close(6) = 0 [pid 569] mkdir("./file0", 0777) = 0 [pid 569] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 569] chdir("./file0") = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 569] ioctl(6, LOOP_CLR_FD) = 0 [pid 569] close(6) = 0 [pid 569] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 569] write(6, "#! ./file1\n", 11) = 11 [pid 569] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 569] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 569] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=569, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 32.816553][ T569] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.847182][ T570] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-569: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 574 ./strace-static-x86_64: Process 574 attached [pid 574] set_robust_list(0x5555669e6660, 24) = 0 [pid 574] chdir("./46") = 0 [pid 574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 574] setpgid(0, 0) = 0 [pid 574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 574] write(3, "1000", 4) = 4 [pid 574] close(3) = 0 [pid 574] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 574] write(1, "executing program\n", 18) = 18 [pid 574] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 574] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 574] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 574] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 574] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 574] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 574] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 574] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 574] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 574] memfd_create("syzkaller", 0) = 5 [pid 574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 574] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 574] munmap(0x7f53938b6000, 138412032) = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 574] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 574] close(5) = 0 [pid 574] close(6) = 0 [pid 574] mkdir("./file0", 0777) = 0 [pid 574] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 574] chdir("./file0") = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 574] ioctl(6, LOOP_CLR_FD) = 0 [pid 574] close(6) = 0 [pid 574] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 574] write(6, "#! ./file1\n", 11) = 11 [pid 574] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 574] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 574] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=574, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 33.016546][ T574] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.043442][ T574] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x5555669e6660, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x5555669e6650) = 579 [pid 579] chdir("./47") = 0 [pid 579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 579] setpgid(0, 0) = 0 [pid 579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 579] write(3, "1000", 4) = 4 [pid 579] close(3) = 0 [pid 579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 579] write(1, "executing program\n", 18executing program ) = 18 [pid 579] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 579] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 579] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 579] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 579] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 579] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 579] memfd_create("syzkaller", 0) = 5 [pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 579] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 579] munmap(0x7f53938b6000, 138412032) = 0 [pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 579] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 579] close(5) = 0 [pid 579] close(6) = 0 [pid 579] mkdir("./file0", 0777) = 0 [pid 579] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 579] chdir("./file0") = 0 [pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 579] ioctl(6, LOOP_CLR_FD) = 0 [pid 579] close(6) = 0 [pid 579] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 579] write(6, "#! ./file1\n", 11) = 11 [pid 579] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 579] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 579] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=579, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 33.183725][ T579] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.216322][ T580] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-579: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 584 ./strace-static-x86_64: Process 584 attached [pid 584] set_robust_list(0x5555669e6660, 24) = 0 [pid 584] chdir("./48") = 0 [pid 584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 584] setpgid(0, 0) = 0 [pid 584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 584] write(3, "1000", 4) = 4 [pid 584] close(3) = 0 [pid 584] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 584] write(1, "executing program\n", 18) = 18 [pid 584] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 584] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 584] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 584] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 584] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 584] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 584] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 584] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 584] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 584] memfd_create("syzkaller", 0) = 5 [pid 584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 584] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 584] munmap(0x7f53938b6000, 138412032) = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 584] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 584] close(5) = 0 [pid 584] close(6) = 0 [pid 584] mkdir("./file0", 0777) = 0 [pid 584] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 584] chdir("./file0") = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 584] ioctl(6, LOOP_CLR_FD) = 0 [pid 584] close(6) = 0 [pid 584] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 584] write(6, "#! ./file1\n", 11) = 11 [pid 584] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 584] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 584] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=584, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 33.356498][ T584] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.388390][ T585] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-584: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 589 ./strace-static-x86_64: Process 589 attached [pid 589] set_robust_list(0x5555669e6660, 24) = 0 [pid 589] chdir("./49") = 0 [pid 589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 589] setpgid(0, 0) = 0 [pid 589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 589] write(3, "1000", 4) = 4 [pid 589] close(3) = 0 [pid 589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 589] write(1, "executing program\n", 18executing program ) = 18 [pid 589] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 589] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 589] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 589] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 589] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 589] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 589] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 589] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 589] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 589] memfd_create("syzkaller", 0) = 5 [pid 589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 589] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 589] munmap(0x7f53938b6000, 138412032) = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 589] close(5) = 0 [pid 589] close(6) = 0 [pid 589] mkdir("./file0", 0777) = 0 [pid 589] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 589] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 589] chdir("./file0") = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_CLR_FD) = 0 [pid 589] close(6) = 0 [pid 589] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 589] write(6, "#! ./file1\n", 11) = 11 [pid 589] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.626488][ T589] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 589] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 589] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=589, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 33.667717][ T590] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-589: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 594 ./strace-static-x86_64: Process 594 attached [pid 594] set_robust_list(0x5555669e6660, 24) = 0 [pid 594] chdir("./50") = 0 [pid 594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 594] setpgid(0, 0) = 0 [pid 594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 594] write(3, "1000", 4) = 4 [pid 594] close(3) = 0 [pid 594] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 594] write(1, "executing program\n", 18) = 18 [pid 594] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 594] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 594] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 594] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 594] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 594] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 594] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 594] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 594] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 594] memfd_create("syzkaller", 0) = 5 [pid 594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 594] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 594] munmap(0x7f53938b6000, 138412032) = 0 [pid 594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 594] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 594] close(5) = 0 [pid 594] close(6) = 0 [pid 594] mkdir("./file0", 0777) = 0 [pid 594] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 594] chdir("./file0") = 0 [pid 594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 594] ioctl(6, LOOP_CLR_FD) = 0 [pid 594] close(6) = 0 [pid 594] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 594] write(6, "#! ./file1\n", 11) = 11 [pid 594] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 594] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 594] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=594, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 33.816674][ T594] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.848458][ T595] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-594: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 599 ./strace-static-x86_64: Process 599 attached [pid 599] set_robust_list(0x5555669e6660, 24) = 0 [pid 599] chdir("./51") = 0 [pid 599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 599] setpgid(0, 0) = 0 [pid 599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 599] write(3, "1000", 4) = 4 [pid 599] close(3) = 0 [pid 599] symlink("/dev/binderfs", "./binderfs") = 0 [pid 599] write(1, "executing program\n", 18executing program ) = 18 [pid 599] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 599] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 599] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 599] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 599] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 599] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 599] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 599] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 599] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 599] memfd_create("syzkaller", 0) = 5 [pid 599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 599] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 599] munmap(0x7f53938b6000, 138412032) = 0 [pid 599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 599] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 599] close(5) = 0 [pid 599] close(6) = 0 [pid 599] mkdir("./file0", 0777) = 0 [pid 599] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 599] chdir("./file0") = 0 [pid 599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 599] ioctl(6, LOOP_CLR_FD) = 0 [pid 599] close(6) = 0 [pid 599] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 599] write(6, "#! ./file1\n", 11) = 11 [pid 599] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 599] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 599] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=599, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 33.996450][ T599] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.026971][ T600] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-599: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 604 ./strace-static-x86_64: Process 604 attached [pid 604] set_robust_list(0x5555669e6660, 24) = 0 [pid 604] chdir("./52") = 0 [pid 604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 604] setpgid(0, 0) = 0 [pid 604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 604] write(3, "1000", 4) = 4 [pid 604] close(3) = 0 [pid 604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 604] write(1, "executing program\n", 18executing program ) = 18 [pid 604] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 604] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 604] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 604] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 604] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 604] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 604] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 604] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 604] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 604] memfd_create("syzkaller", 0) = 5 [pid 604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 604] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 604] munmap(0x7f53938b6000, 138412032) = 0 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 604] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 604] close(5) = 0 [pid 604] close(6) = 0 [pid 604] mkdir("./file0", 0777) = 0 [pid 604] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 604] chdir("./file0") = 0 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 604] ioctl(6, LOOP_CLR_FD) = 0 [pid 604] close(6) = 0 [pid 604] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 604] write(6, "#! ./file1\n", 11) = 11 [pid 604] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 34.257826][ T604] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 604] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 604] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=604, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 34.297712][ T605] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-604: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 609 ./strace-static-x86_64: Process 609 attached [pid 609] set_robust_list(0x5555669e6660, 24) = 0 [pid 609] chdir("./53") = 0 [pid 609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 609] setpgid(0, 0) = 0 [pid 609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 609] write(3, "1000", 4) = 4 [pid 609] close(3) = 0 [pid 609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 609] write(1, "executing program\n", 18executing program ) = 18 [pid 609] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 609] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 609] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 609] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 609] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 609] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 609] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 609] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 609] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 609] memfd_create("syzkaller", 0) = 5 [pid 609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 609] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 609] munmap(0x7f53938b6000, 138412032) = 0 [pid 609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 609] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 609] close(5) = 0 [pid 609] close(6) = 0 [pid 609] mkdir("./file0", 0777) = 0 [pid 609] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 609] chdir("./file0") = 0 [pid 609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 609] ioctl(6, LOOP_CLR_FD) = 0 [pid 609] close(6) = 0 [pid 609] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 609] write(6, "#! ./file1\n", 11) = 11 [pid 609] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 34.516533][ T609] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 609] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 609] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=609, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 34.558375][ T610] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-609: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 614 ./strace-static-x86_64: Process 614 attached [pid 614] set_robust_list(0x5555669e6660, 24) = 0 [pid 614] chdir("./54") = 0 [pid 614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 614] setpgid(0, 0) = 0 [pid 614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 614] write(3, "1000", 4) = 4 [pid 614] close(3) = 0 [pid 614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 614] write(1, "executing program\n", 18executing program ) = 18 [pid 614] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 614] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 614] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 614] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 614] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 614] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 614] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 614] memfd_create("syzkaller", 0) = 5 [pid 614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 614] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 614] munmap(0x7f53938b6000, 138412032) = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 614] close(5) = 0 [pid 614] close(6) = 0 [pid 614] mkdir("./file0", 0777) = 0 [pid 614] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 614] chdir("./file0") = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_CLR_FD) = 0 [pid 614] close(6) = 0 [pid 614] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 614] write(6, "#! ./file1\n", 11) = 11 [pid 614] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 614] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 614] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=614, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 34.686782][ T614] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.716142][ T615] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-614: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 619 ./strace-static-x86_64: Process 619 attached [pid 619] set_robust_list(0x5555669e6660, 24) = 0 [pid 619] chdir("./55") = 0 [pid 619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 619] setpgid(0, 0) = 0 [pid 619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 619] write(3, "1000", 4) = 4 [pid 619] close(3) = 0 [pid 619] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 619] write(1, "executing program\n", 18) = 18 [pid 619] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 619] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 619] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 619] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 619] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 619] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 619] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 619] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 619] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 619] memfd_create("syzkaller", 0) = 5 [pid 619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 619] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 619] munmap(0x7f53938b6000, 138412032) = 0 [pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 619] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 619] close(5) = 0 [pid 619] close(6) = 0 [pid 619] mkdir("./file0", 0777) = 0 [pid 619] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 619] chdir("./file0") = 0 [pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 619] ioctl(6, LOOP_CLR_FD) = 0 [pid 619] close(6) = 0 [pid 619] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 619] write(6, "#! ./file1\n", 11) = 11 [pid 619] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 619] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 619] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=619, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 34.816612][ T619] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.842638][ T620] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-619: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 624 ./strace-static-x86_64: Process 624 attached [pid 624] set_robust_list(0x5555669e6660, 24) = 0 [pid 624] chdir("./56") = 0 [pid 624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 624] setpgid(0, 0) = 0 [pid 624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 624] write(3, "1000", 4) = 4 [pid 624] close(3) = 0 [pid 624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 624] write(1, "executing program\n", 18executing program ) = 18 [pid 624] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 624] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 624] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 624] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 624] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 624] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 624] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 624] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 624] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 624] memfd_create("syzkaller", 0) = 5 [pid 624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 624] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 624] munmap(0x7f53938b6000, 138412032) = 0 [pid 624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 624] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 624] close(5) = 0 [pid 624] close(6) = 0 [pid 624] mkdir("./file0", 0777) = 0 [pid 624] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 624] chdir("./file0") = 0 [pid 624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 624] ioctl(6, LOOP_CLR_FD) = 0 [pid 624] close(6) = 0 [pid 624] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 624] write(6, "#! ./file1\n", 11) = 11 [pid 624] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 34.986563][ T624] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 624] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 624] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=624, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 35.029378][ T625] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-624: bg 0: block 234: padding at end of block bitmap is not set umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 629 ./strace-static-x86_64: Process 629 attached [pid 629] set_robust_list(0x5555669e6660, 24) = 0 [pid 629] chdir("./57") = 0 [pid 629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 629] setpgid(0, 0) = 0 [pid 629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 629] write(3, "1000", 4) = 4 [pid 629] close(3) = 0 [pid 629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 629] write(1, "executing program\n", 18executing program ) = 18 [pid 629] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 629] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 629] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 629] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 629] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 629] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 629] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 629] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 629] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 629] memfd_create("syzkaller", 0) = 5 [pid 629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 629] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 629] munmap(0x7f53938b6000, 138412032) = 0 [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 629] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 629] close(5) = 0 [pid 629] close(6) = 0 [pid 629] mkdir("./file0", 0777) = 0 [pid 629] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 629] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 629] chdir("./file0") = 0 [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 629] ioctl(6, LOOP_CLR_FD) = 0 [pid 629] close(6) = 0 [pid 629] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 629] write(6, "#! ./file1\n", 11) = 11 [pid 629] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 629] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 629] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=629, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 35.214277][ T629] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.245106][ T630] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-629: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 634 ./strace-static-x86_64: Process 634 attached [pid 634] set_robust_list(0x5555669e6660, 24) = 0 [pid 634] chdir("./58") = 0 [pid 634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 634] setpgid(0, 0) = 0 [pid 634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 634] write(3, "1000", 4) = 4 [pid 634] close(3) = 0 [pid 634] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 634] write(1, "executing program\n", 18) = 18 [pid 634] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 634] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 634] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 634] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 634] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 634] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 634] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 634] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 634] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 634] memfd_create("syzkaller", 0) = 5 [pid 634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 634] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 634] munmap(0x7f53938b6000, 138412032) = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 634] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 634] close(5) = 0 [pid 634] close(6) = 0 [pid 634] mkdir("./file0", 0777) = 0 [pid 634] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 634] chdir("./file0") = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 634] ioctl(6, LOOP_CLR_FD) = 0 [pid 634] close(6) = 0 [pid 634] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 634] write(6, "#! ./file1\n", 11) = 11 [pid 634] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 634] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 634] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=634, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 35.376860][ T634] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.407827][ T635] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-634: bg 0: block 234: padding at end of block bitmap is not set umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 639 ./strace-static-x86_64: Process 639 attached [pid 639] set_robust_list(0x5555669e6660, 24) = 0 [pid 639] chdir("./59") = 0 [pid 639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 639] setpgid(0, 0) = 0 [pid 639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 639] write(3, "1000", 4) = 4 [pid 639] close(3) = 0 [pid 639] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 639] write(1, "executing program\n", 18) = 18 [pid 639] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 639] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 639] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 639] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 639] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 639] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 639] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 639] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 639] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 639] memfd_create("syzkaller", 0) = 5 [pid 639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 639] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 639] munmap(0x7f53938b6000, 138412032) = 0 [pid 639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 639] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 639] close(5) = 0 [pid 639] close(6) = 0 [pid 639] mkdir("./file0", 0777) = 0 [pid 639] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 639] chdir("./file0") = 0 [pid 639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 639] ioctl(6, LOOP_CLR_FD) = 0 [pid 639] close(6) = 0 [pid 639] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 639] write(6, "#! ./file1\n", 11) = 11 [pid 639] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 639] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 639] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=639, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 35.536393][ T639] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.564436][ T639] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 644 ./strace-static-x86_64: Process 644 attached [pid 644] set_robust_list(0x5555669e6660, 24) = 0 [pid 644] chdir("./60") = 0 [pid 644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 644] setpgid(0, 0) = 0 [pid 644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 644] write(3, "1000", 4) = 4 [pid 644] close(3) = 0 [pid 644] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 644] write(1, "executing program\n", 18) = 18 [pid 644] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 644] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 644] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 644] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 644] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 644] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 644] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 644] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 644] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 644] memfd_create("syzkaller", 0) = 5 [pid 644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 644] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 644] munmap(0x7f53938b6000, 138412032) = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 644] close(5) = 0 [pid 644] close(6) = 0 [pid 644] mkdir("./file0", 0777) = 0 [pid 644] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 644] chdir("./file0") = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_CLR_FD) = 0 [pid 644] close(6) = 0 [pid 644] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 644] write(6, "#! ./file1\n", 11) = 11 [pid 644] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 644] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 644] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=644, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 35.696488][ T644] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.726717][ T645] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-644: bg 0: block 234: padding at end of block bitmap is not set umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 649 ./strace-static-x86_64: Process 649 attached [pid 649] set_robust_list(0x5555669e6660, 24) = 0 [pid 649] chdir("./61") = 0 [pid 649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 649] setpgid(0, 0) = 0 [pid 649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 649] write(3, "1000", 4) = 4 [pid 649] close(3) = 0 [pid 649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 649] write(1, "executing program\n", 18executing program ) = 18 [pid 649] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 649] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 649] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 649] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 649] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 649] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 649] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 649] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 649] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 649] memfd_create("syzkaller", 0) = 5 [pid 649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 649] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 649] munmap(0x7f53938b6000, 138412032) = 0 [pid 649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 649] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 649] close(5) = 0 [pid 649] close(6) = 0 [pid 649] mkdir("./file0", 0777) = 0 [pid 649] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 649] chdir("./file0") = 0 [pid 649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 649] ioctl(6, LOOP_CLR_FD) = 0 [pid 649] close(6) = 0 [pid 649] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 649] write(6, "#! ./file1\n", 11) = 11 [pid 649] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 649] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 649] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=649, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 35.866516][ T649] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.897618][ T650] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-649: bg 0: block 234: padding at end of block bitmap is not set umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 654 ./strace-static-x86_64: Process 654 attached [pid 654] set_robust_list(0x5555669e6660, 24) = 0 [pid 654] chdir("./62") = 0 [pid 654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 654] setpgid(0, 0) = 0 [pid 654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 654] write(3, "1000", 4) = 4 [pid 654] close(3) = 0 [pid 654] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 654] write(1, "executing program\n", 18) = 18 [pid 654] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 654] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 654] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 654] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 654] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 654] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 654] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 654] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 654] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 654] memfd_create("syzkaller", 0) = 5 [pid 654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 654] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 654] munmap(0x7f53938b6000, 138412032) = 0 [pid 654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 654] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 654] close(5) = 0 [pid 654] close(6) = 0 [pid 654] mkdir("./file0", 0777) = 0 [pid 654] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 654] chdir("./file0") = 0 [pid 654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 654] ioctl(6, LOOP_CLR_FD) = 0 [pid 654] close(6) = 0 [pid 654] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 654] write(6, "#! ./file1\n", 11) = 11 [pid 654] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 654] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 654] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=654, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 36.035232][ T654] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.066579][ T655] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-654: bg 0: block 234: padding at end of block bitmap is not set umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 659 ./strace-static-x86_64: Process 659 attached [pid 659] set_robust_list(0x5555669e6660, 24) = 0 [pid 659] chdir("./63") = 0 [pid 659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 659] setpgid(0, 0) = 0 [pid 659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 659] write(3, "1000", 4) = 4 [pid 659] close(3) = 0 [pid 659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 659] write(1, "executing program\n", 18executing program ) = 18 [pid 659] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 659] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 659] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 659] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 659] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 659] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 659] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 659] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 659] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 659] memfd_create("syzkaller", 0) = 5 [pid 659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 659] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 659] munmap(0x7f53938b6000, 138412032) = 0 [pid 659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 659] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 659] close(5) = 0 [pid 659] close(6) = 0 [pid 659] mkdir("./file0", 0777) = 0 [pid 659] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 659] chdir("./file0") = 0 [pid 659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 659] ioctl(6, LOOP_CLR_FD) = 0 [pid 659] close(6) = 0 [pid 659] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 659] write(6, "#! ./file1\n", 11) = 11 [pid 659] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 659] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 659] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=659, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 36.246602][ T659] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.275243][ T659] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 664 ./strace-static-x86_64: Process 664 attached [pid 664] set_robust_list(0x5555669e6660, 24) = 0 [pid 664] chdir("./64") = 0 [pid 664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 664] setpgid(0, 0) = 0 [pid 664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 664] write(3, "1000", 4) = 4 [pid 664] close(3) = 0 [pid 664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 664] write(1, "executing program\n", 18executing program ) = 18 [pid 664] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 664] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 664] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 664] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 664] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 664] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 664] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 664] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 664] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 664] memfd_create("syzkaller", 0) = 5 [pid 664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 664] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 664] munmap(0x7f53938b6000, 138412032) = 0 [pid 664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 664] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 664] close(5) = 0 [pid 664] close(6) = 0 [pid 664] mkdir("./file0", 0777) = 0 [pid 664] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 664] chdir("./file0") = 0 [pid 664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 664] ioctl(6, LOOP_CLR_FD) = 0 [pid 664] close(6) = 0 [pid 664] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 664] write(6, "#! ./file1\n", 11) = 11 [pid 664] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 36.466474][ T664] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 664] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 664] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=664, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 [ 36.508354][ T665] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-664: bg 0: block 234: padding at end of block bitmap is not set umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 669 ./strace-static-x86_64: Process 669 attached [pid 669] set_robust_list(0x5555669e6660, 24) = 0 [pid 669] chdir("./65") = 0 [pid 669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 669] setpgid(0, 0) = 0 [pid 669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 669] write(3, "1000", 4) = 4 [pid 669] close(3) = 0 [pid 669] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 669] write(1, "executing program\n", 18) = 18 [pid 669] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 669] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 669] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 669] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 669] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 669] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 669] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 669] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 669] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 669] memfd_create("syzkaller", 0) = 5 [pid 669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 669] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 669] munmap(0x7f53938b6000, 138412032) = 0 [pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 669] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 669] close(5) = 0 [pid 669] close(6) = 0 [pid 669] mkdir("./file0", 0777) = 0 [pid 669] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 669] chdir("./file0") = 0 [pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 669] ioctl(6, LOOP_CLR_FD) = 0 [pid 669] close(6) = 0 [pid 669] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 669] write(6, "#! ./file1\n", 11) = 11 [pid 669] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 669] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 669] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=669, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 36.636474][ T669] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.666818][ T670] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-669: bg 0: block 234: padding at end of block bitmap is not set umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 674 ./strace-static-x86_64: Process 674 attached [pid 674] set_robust_list(0x5555669e6660, 24) = 0 [pid 674] chdir("./66") = 0 [pid 674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 674] setpgid(0, 0) = 0 [pid 674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 674] write(3, "1000", 4) = 4 [pid 674] close(3) = 0 [pid 674] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 674] write(1, "executing program\n", 18) = 18 [pid 674] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 674] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 674] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 674] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 674] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 674] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 674] memfd_create("syzkaller", 0) = 5 [pid 674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 674] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 674] munmap(0x7f53938b6000, 138412032) = 0 [pid 674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 674] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 674] close(5) = 0 [pid 674] close(6) = 0 [pid 674] mkdir("./file0", 0777) = 0 [pid 674] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 674] chdir("./file0") = 0 [pid 674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 674] ioctl(6, LOOP_CLR_FD) = 0 [pid 674] close(6) = 0 [pid 674] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 674] write(6, "#! ./file1\n", 11) = 11 [pid 674] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 674] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 674] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=674, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 [ 36.774649][ T674] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.805811][ T675] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-674: bg 0: block 234: padding at end of block bitmap is not set umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 679 ./strace-static-x86_64: Process 679 attached [pid 679] set_robust_list(0x5555669e6660, 24) = 0 [pid 679] chdir("./67") = 0 [pid 679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 679] setpgid(0, 0) = 0 [pid 679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 679] write(3, "1000", 4) = 4 [pid 679] close(3) = 0 [pid 679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 679] write(1, "executing program\n", 18executing program ) = 18 [pid 679] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 679] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 679] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 679] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 679] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 679] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 679] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 679] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 679] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 679] memfd_create("syzkaller", 0) = 5 [pid 679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 679] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 679] munmap(0x7f53938b6000, 138412032) = 0 [pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 679] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 679] close(5) = 0 [pid 679] close(6) = 0 [pid 679] mkdir("./file0", 0777) = 0 [pid 679] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 679] chdir("./file0") = 0 [pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 679] ioctl(6, LOOP_CLR_FD) = 0 [pid 679] close(6) = 0 [pid 679] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 679] write(6, "#! ./file1\n", 11) = 11 [pid 679] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 679] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 679] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=679, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 36.976407][ T679] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.009237][ T680] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-679: bg 0: block 234: padding at end of block bitmap is not set umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 684 ./strace-static-x86_64: Process 684 attached [pid 684] set_robust_list(0x5555669e6660, 24) = 0 [pid 684] chdir("./68") = 0 [pid 684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 684] setpgid(0, 0) = 0 [pid 684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 684] write(3, "1000", 4) = 4 [pid 684] close(3) = 0 [pid 684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 684] write(1, "executing program\n", 18executing program ) = 18 [pid 684] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 684] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 684] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 684] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 684] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 684] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 684] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 684] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 684] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 684] memfd_create("syzkaller", 0) = 5 [pid 684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 684] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 684] munmap(0x7f53938b6000, 138412032) = 0 [pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 684] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 684] close(5) = 0 [pid 684] close(6) = 0 [pid 684] mkdir("./file0", 0777) = 0 [pid 684] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 684] chdir("./file0") = 0 [pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 684] ioctl(6, LOOP_CLR_FD) = 0 [pid 684] close(6) = 0 [pid 684] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 684] write(6, "#! ./file1\n", 11) = 11 [pid 684] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 37.206492][ T684] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 684] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 684] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=684, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 689 ./strace-static-x86_64: Process 689 attached [pid 689] set_robust_list(0x5555669e6660, 24) = 0 [pid 689] chdir("./69") = 0 [pid 689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 37.248119][ T685] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-684: bg 0: block 234: padding at end of block bitmap is not set [pid 689] setpgid(0, 0) = 0 [pid 689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 689] write(3, "1000", 4) = 4 [pid 689] close(3) = 0 [pid 689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 689] write(1, "executing program\n", 18executing program ) = 18 [pid 689] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 689] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 689] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 689] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 689] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 689] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 689] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 689] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 689] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 689] memfd_create("syzkaller", 0) = 5 [pid 689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 689] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 689] munmap(0x7f53938b6000, 138412032) = 0 [pid 689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 689] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 689] close(5) = 0 [pid 689] close(6) = 0 [pid 689] mkdir("./file0", 0777) = 0 [pid 689] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 689] chdir("./file0") = 0 [pid 689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 689] ioctl(6, LOOP_CLR_FD) = 0 [pid 689] close(6) = 0 [pid 689] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 689] write(6, "#! ./file1\n", 11) = 11 [pid 689] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 689] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 689] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=689, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 [ 37.346652][ T689] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.379485][ T690] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-689: bg 0: block 234: padding at end of block bitmap is not set umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 694 ./strace-static-x86_64: Process 694 attached [pid 694] set_robust_list(0x5555669e6660, 24) = 0 [pid 694] chdir("./70") = 0 [pid 694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 694] setpgid(0, 0) = 0 [pid 694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 694] write(3, "1000", 4) = 4 [pid 694] close(3) = 0 [pid 694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 694] write(1, "executing program\n", 18executing program ) = 18 [pid 694] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 694] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 694] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 694] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 694] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 694] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 694] memfd_create("syzkaller", 0) = 5 [pid 694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 694] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 694] munmap(0x7f53938b6000, 138412032) = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 694] close(5) = 0 [pid 694] close(6) = 0 [pid 694] mkdir("./file0", 0777) = 0 [pid 694] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 694] chdir("./file0") = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_CLR_FD) = 0 [pid 694] close(6) = 0 [pid 694] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 694] write(6, "#! ./file1\n", 11) = 11 [pid 694] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 694] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 694] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=694, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 37.506742][ T694] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.536362][ T694] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 699 ./strace-static-x86_64: Process 699 attached [pid 699] set_robust_list(0x5555669e6660, 24) = 0 [pid 699] chdir("./71") = 0 [pid 699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 699] setpgid(0, 0) = 0 [pid 699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 699] write(3, "1000", 4) = 4 [pid 699] close(3) = 0 [pid 699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 699] write(1, "executing program\n", 18) = 18 [pid 699] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 699] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 699] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 699] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 699] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 699] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 699] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 699] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 699] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 699] memfd_create("syzkaller", 0) = 5 [pid 699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 699] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 699] munmap(0x7f53938b6000, 138412032) = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 699] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 699] close(5) = 0 [pid 699] close(6) = 0 [pid 699] mkdir("./file0", 0777) = 0 [pid 699] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 699] chdir("./file0") = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 699] ioctl(6, LOOP_CLR_FD) = 0 [pid 699] close(6) = 0 [pid 699] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 699] write(6, "#! ./file1\n", 11) = 11 [pid 699] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 37.866777][ T699] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 699] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 699] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=699, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 37.907957][ T700] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-699: bg 0: block 234: padding at end of block bitmap is not set umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 704 ./strace-static-x86_64: Process 704 attached [pid 704] set_robust_list(0x5555669e6660, 24) = 0 [pid 704] chdir("./72") = 0 [pid 704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 704] setpgid(0, 0) = 0 [pid 704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 704] write(3, "1000", 4) = 4 [pid 704] close(3) = 0 [pid 704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 704] write(1, "executing program\n", 18executing program ) = 18 [pid 704] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 704] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 704] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 704] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 704] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 704] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 704] memfd_create("syzkaller", 0) = 5 [pid 704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 704] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 704] munmap(0x7f53938b6000, 138412032) = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 704] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 704] close(5) = 0 [pid 704] close(6) = 0 [pid 704] mkdir("./file0", 0777) = 0 [pid 704] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 704] chdir("./file0") = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 704] ioctl(6, LOOP_CLR_FD) = 0 [pid 704] close(6) = 0 [pid 704] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 704] write(6, "#! ./file1\n", 11) = 11 [pid 704] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 38.056544][ T704] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 704] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 704] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=704, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 38.099991][ T705] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-704: bg 0: block 234: padding at end of block bitmap is not set umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 709 ./strace-static-x86_64: Process 709 attached [pid 709] set_robust_list(0x5555669e6660, 24) = 0 [pid 709] chdir("./73") = 0 [pid 709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 709] setpgid(0, 0) = 0 [pid 709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 709] write(3, "1000", 4) = 4 [pid 709] close(3) = 0 [pid 709] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 709] write(1, "executing program\n", 18) = 18 [pid 709] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 709] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 709] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 709] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 709] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 709] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 709] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 709] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 709] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 709] memfd_create("syzkaller", 0) = 5 [pid 709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 709] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 709] munmap(0x7f53938b6000, 138412032) = 0 [pid 709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 709] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 709] close(5) = 0 [pid 709] close(6) = 0 [pid 709] mkdir("./file0", 0777) = 0 [pid 709] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 709] chdir("./file0") = 0 [pid 709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 709] ioctl(6, LOOP_CLR_FD) = 0 [pid 709] close(6) = 0 [pid 709] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 709] write(6, "#! ./file1\n", 11) = 11 [pid 709] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 709] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 709] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=709, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 38.266174][ T709] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.297656][ T710] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-709: bg 0: block 234: padding at end of block bitmap is not set umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 714 ./strace-static-x86_64: Process 714 attached [pid 714] set_robust_list(0x5555669e6660, 24) = 0 [pid 714] chdir("./74") = 0 [pid 714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 714] setpgid(0, 0) = 0 [pid 714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 714] write(3, "1000", 4) = 4 [pid 714] close(3) = 0 [pid 714] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 714] write(1, "executing program\n", 18) = 18 [pid 714] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 714] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 714] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 714] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 714] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 714] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 714] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 714] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 714] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 714] memfd_create("syzkaller", 0) = 5 [pid 714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 714] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 714] munmap(0x7f53938b6000, 138412032) = 0 [pid 714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 714] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 714] close(5) = 0 [pid 714] close(6) = 0 [pid 714] mkdir("./file0", 0777) = 0 [pid 714] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 714] chdir("./file0") = 0 [pid 714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 714] ioctl(6, LOOP_CLR_FD) = 0 [pid 714] close(6) = 0 [pid 714] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 714] write(6, "#! ./file1\n", 11) = 11 [pid 714] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 714] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 714] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=714, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 38.456227][ T714] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.487707][ T715] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-714: bg 0: block 234: padding at end of block bitmap is not set umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 719 ./strace-static-x86_64: Process 719 attached [pid 719] set_robust_list(0x5555669e6660, 24) = 0 [pid 719] chdir("./75") = 0 [pid 719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 719] setpgid(0, 0) = 0 [pid 719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 719] write(3, "1000", 4) = 4 [pid 719] close(3) = 0 [pid 719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 719] write(1, "executing program\n", 18executing program ) = 18 [pid 719] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 719] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 719] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 719] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 719] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 719] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 719] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 719] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 719] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 719] memfd_create("syzkaller", 0) = 5 [pid 719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 719] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 719] munmap(0x7f53938b6000, 138412032) = 0 [pid 719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 719] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 719] close(5) = 0 [pid 719] close(6) = 0 [pid 719] mkdir("./file0", 0777) = 0 [pid 719] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 719] chdir("./file0") = 0 [pid 719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 719] ioctl(6, LOOP_CLR_FD) = 0 [pid 719] close(6) = 0 [pid 719] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 719] write(6, "#! ./file1\n", 11) = 11 [pid 719] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 719] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 719] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=719, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 38.653164][ T719] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.683951][ T720] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-719: bg 0: block 234: padding at end of block bitmap is not set unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 724 ./strace-static-x86_64: Process 724 attached [pid 724] set_robust_list(0x5555669e6660, 24) = 0 [pid 724] chdir("./76") = 0 [pid 724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 724] setpgid(0, 0) = 0 [pid 724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 724] write(3, "1000", 4) = 4 [pid 724] close(3) = 0 [pid 724] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 724] write(1, "executing program\n", 18) = 18 [pid 724] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 724] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 724] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 724] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 724] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 724] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 724] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 724] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 724] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 724] memfd_create("syzkaller", 0) = 5 [pid 724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 724] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 724] munmap(0x7f53938b6000, 138412032) = 0 [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 724] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 724] close(5) = 0 [pid 724] close(6) = 0 [pid 724] mkdir("./file0", 0777) = 0 [pid 724] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 724] chdir("./file0") = 0 [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 724] ioctl(6, LOOP_CLR_FD) = 0 [pid 724] close(6) = 0 [pid 724] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 724] write(6, "#! ./file1\n", 11) = 11 [pid 724] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 724] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 724] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=724, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 [ 38.855700][ T724] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.886279][ T725] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-724: bg 0: block 234: padding at end of block bitmap is not set umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 729 ./strace-static-x86_64: Process 729 attached [pid 729] set_robust_list(0x5555669e6660, 24) = 0 [pid 729] chdir("./77") = 0 [pid 729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 729] setpgid(0, 0) = 0 [pid 729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 729] write(3, "1000", 4) = 4 [pid 729] close(3) = 0 [pid 729] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 729] write(1, "executing program\n", 18) = 18 [pid 729] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 729] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 729] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 729] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 729] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 729] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 729] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 729] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 729] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 729] memfd_create("syzkaller", 0) = 5 [pid 729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 729] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 729] munmap(0x7f53938b6000, 138412032) = 0 [pid 729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 729] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 729] close(5) = 0 [pid 729] close(6) = 0 [pid 729] mkdir("./file0", 0777) = 0 [pid 729] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 729] chdir("./file0") = 0 [pid 729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 729] ioctl(6, LOOP_CLR_FD) = 0 [pid 729] close(6) = 0 [pid 729] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 729] write(6, "#! ./file1\n", 11) = 11 [pid 729] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 729] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 729] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=729, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 39.066499][ T729] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.096332][ T730] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-729: bg 0: block 234: padding at end of block bitmap is not set umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 734 ./strace-static-x86_64: Process 734 attached [pid 734] set_robust_list(0x5555669e6660, 24) = 0 [pid 734] chdir("./78") = 0 [pid 734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 734] setpgid(0, 0) = 0 [pid 734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 734] write(3, "1000", 4) = 4 [pid 734] close(3) = 0 [pid 734] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 734] write(1, "executing program\n", 18) = 18 [pid 734] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 734] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 734] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 734] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 734] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 734] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 734] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 734] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 734] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 734] memfd_create("syzkaller", 0) = 5 [pid 734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 734] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 734] munmap(0x7f53938b6000, 138412032) = 0 [pid 734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 734] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 734] close(5) = 0 [pid 734] close(6) = 0 [pid 734] mkdir("./file0", 0777) = 0 [pid 734] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 734] chdir("./file0") = 0 [pid 734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 734] ioctl(6, LOOP_CLR_FD) = 0 [pid 734] close(6) = 0 [pid 734] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 734] write(6, "#! ./file1\n", 11) = 11 [pid 734] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 734] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 734] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=734, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 [ 39.196620][ T734] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.227931][ T735] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-734: bg 0: block 234: padding at end of block bitmap is not set umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 739 ./strace-static-x86_64: Process 739 attached [pid 739] set_robust_list(0x5555669e6660, 24) = 0 [pid 739] chdir("./79") = 0 [pid 739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 739] setpgid(0, 0) = 0 [pid 739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 739] write(3, "1000", 4) = 4 [pid 739] close(3) = 0 [pid 739] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 739] write(1, "executing program\n", 18) = 18 [pid 739] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 739] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 739] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 739] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 739] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 739] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 739] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 739] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 739] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 739] memfd_create("syzkaller", 0) = 5 [pid 739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 739] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 739] munmap(0x7f53938b6000, 138412032) = 0 [pid 739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 739] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 739] close(5) = 0 [pid 739] close(6) = 0 [pid 739] mkdir("./file0", 0777) = 0 [pid 739] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 739] chdir("./file0") = 0 [pid 739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 739] ioctl(6, LOOP_CLR_FD) = 0 [pid 739] close(6) = 0 [pid 739] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 739] write(6, "#! ./file1\n", 11) = 11 [pid 739] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 739] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 739] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=739, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 [ 39.353145][ T739] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.384696][ T740] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-739: bg 0: block 234: padding at end of block bitmap is not set umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 744 ./strace-static-x86_64: Process 744 attached [pid 744] set_robust_list(0x5555669e6660, 24) = 0 [pid 744] chdir("./80") = 0 [pid 744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 744] setpgid(0, 0) = 0 [pid 744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 744] write(3, "1000", 4) = 4 [pid 744] close(3) = 0 [pid 744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 744] write(1, "executing program\n", 18executing program ) = 18 [pid 744] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 744] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 744] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 744] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 744] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 744] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 744] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 744] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 744] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 744] memfd_create("syzkaller", 0) = 5 [pid 744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 744] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 744] munmap(0x7f53938b6000, 138412032) = 0 [pid 744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 744] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 744] close(5) = 0 [pid 744] close(6) = 0 [pid 744] mkdir("./file0", 0777) = 0 [pid 744] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 744] chdir("./file0") = 0 [pid 744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 744] ioctl(6, LOOP_CLR_FD) = 0 [pid 744] close(6) = 0 [pid 744] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 744] write(6, "#! ./file1\n", 11) = 11 [pid 744] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 744] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 744] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=744, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 [ 39.476400][ T744] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.504132][ T744] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 749 ./strace-static-x86_64: Process 749 attached [pid 749] set_robust_list(0x5555669e6660, 24) = 0 [pid 749] chdir("./81") = 0 [pid 749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 749] setpgid(0, 0) = 0 [pid 749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 749] write(3, "1000", 4) = 4 [pid 749] close(3) = 0 [pid 749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 749] write(1, "executing program\n", 18executing program ) = 18 [pid 749] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 749] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 749] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 749] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 749] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 749] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 749] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 749] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 749] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 749] memfd_create("syzkaller", 0) = 5 [pid 749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 749] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 749] munmap(0x7f53938b6000, 138412032) = 0 [pid 749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 749] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 749] close(5) = 0 [pid 749] close(6) = 0 [pid 749] mkdir("./file0", 0777) = 0 [pid 749] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 749] chdir("./file0") = 0 [pid 749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 749] ioctl(6, LOOP_CLR_FD) = 0 [pid 749] close(6) = 0 [pid 749] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 749] write(6, "#! ./file1\n", 11) = 11 [pid 749] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 749] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 749] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=749, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 39.695099][ T749] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.726011][ T750] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-749: bg 0: block 234: padding at end of block bitmap is not set umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 754 ./strace-static-x86_64: Process 754 attached [pid 754] set_robust_list(0x5555669e6660, 24) = 0 [pid 754] chdir("./82") = 0 [pid 754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 754] setpgid(0, 0) = 0 [pid 754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 754] write(3, "1000", 4) = 4 [pid 754] close(3) = 0 [pid 754] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 754] write(1, "executing program\n", 18) = 18 [pid 754] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 754] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 754] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 754] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 754] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 754] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 754] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 754] memfd_create("syzkaller", 0) = 5 [pid 754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 754] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 754] munmap(0x7f53938b6000, 138412032) = 0 [pid 754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 754] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 754] close(5) = 0 [pid 754] close(6) = 0 [pid 754] mkdir("./file0", 0777) = 0 [pid 754] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 754] chdir("./file0") = 0 [pid 754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 754] ioctl(6, LOOP_CLR_FD) = 0 [pid 754] close(6) = 0 [pid 754] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 754] write(6, "#! ./file1\n", 11) = 11 [pid 754] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 39.956624][ T754] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 754] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 754] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=754, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 [ 39.998650][ T755] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-754: bg 0: block 234: padding at end of block bitmap is not set umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 759 ./strace-static-x86_64: Process 759 attached [pid 759] set_robust_list(0x5555669e6660, 24) = 0 [pid 759] chdir("./83") = 0 [pid 759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 759] setpgid(0, 0) = 0 [pid 759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 759] write(3, "1000", 4) = 4 [pid 759] close(3) = 0 [pid 759] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 759] write(1, "executing program\n", 18) = 18 [pid 759] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 759] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 759] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 759] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 759] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 759] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 759] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 759] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 759] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 759] memfd_create("syzkaller", 0) = 5 [pid 759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 759] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 759] munmap(0x7f53938b6000, 138412032) = 0 [pid 759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 759] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 759] close(5) = 0 [pid 759] close(6) = 0 [pid 759] mkdir("./file0", 0777) = 0 [pid 759] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 759] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 759] chdir("./file0") = 0 [pid 759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 759] ioctl(6, LOOP_CLR_FD) = 0 [pid 759] close(6) = 0 [pid 759] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 759] write(6, "#! ./file1\n", 11) = 11 [pid 759] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 759] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 759] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=759, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 [ 40.156604][ T759] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.187943][ T760] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-759: bg 0: block 234: padding at end of block bitmap is not set umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 764 ./strace-static-x86_64: Process 764 attached [pid 764] set_robust_list(0x5555669e6660, 24) = 0 [pid 764] chdir("./84") = 0 [pid 764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 764] setpgid(0, 0) = 0 [pid 764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 764] write(3, "1000", 4) = 4 [pid 764] close(3) = 0 [pid 764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 764] write(1, "executing program\n", 18executing program ) = 18 [pid 764] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 764] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 764] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 764] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 764] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 764] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 764] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 764] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 764] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 764] memfd_create("syzkaller", 0) = 5 [pid 764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 764] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 764] munmap(0x7f53938b6000, 138412032) = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 764] close(5) = 0 [pid 764] close(6) = 0 [pid 764] mkdir("./file0", 0777) = 0 [pid 764] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 764] chdir("./file0") = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_CLR_FD) = 0 [pid 764] close(6) = 0 [pid 764] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 764] write(6, "#! ./file1\n", 11) = 11 [pid 764] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 40.368054][ T764] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 764] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 764] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=764, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 [ 40.407442][ T765] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-764: bg 0: block 234: padding at end of block bitmap is not set umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 769 ./strace-static-x86_64: Process 769 attached [pid 769] set_robust_list(0x5555669e6660, 24) = 0 [pid 769] chdir("./85") = 0 [pid 769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 769] setpgid(0, 0) = 0 [pid 769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 769] write(3, "1000", 4) = 4 [pid 769] close(3) = 0 [pid 769] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 769] write(1, "executing program\n", 18) = 18 [pid 769] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 769] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 769] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 769] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 769] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 769] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 769] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 769] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 769] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 769] memfd_create("syzkaller", 0) = 5 [pid 769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 769] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 769] munmap(0x7f53938b6000, 138412032) = 0 [pid 769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 769] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 769] close(5) = 0 [pid 769] close(6) = 0 [pid 769] mkdir("./file0", 0777) = 0 [pid 769] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 769] chdir("./file0") = 0 [pid 769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 769] ioctl(6, LOOP_CLR_FD) = 0 [pid 769] close(6) = 0 [pid 769] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 769] write(6, "#! ./file1\n", 11) = 11 [pid 769] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 40.546357][ T769] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 769] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 769] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=769, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 [ 40.587460][ T770] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-769: bg 0: block 234: padding at end of block bitmap is not set umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 774 ./strace-static-x86_64: Process 774 attached [pid 774] set_robust_list(0x5555669e6660, 24) = 0 [pid 774] chdir("./86") = 0 [pid 774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 774] setpgid(0, 0) = 0 [pid 774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 774] write(3, "1000", 4) = 4 [pid 774] close(3) = 0 [pid 774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 774] write(1, "executing program\n", 18executing program ) = 18 [pid 774] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 774] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 774] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 774] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 774] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 774] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 774] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 774] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 774] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 774] memfd_create("syzkaller", 0) = 5 [pid 774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 774] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 774] munmap(0x7f53938b6000, 138412032) = 0 [pid 774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 774] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 774] close(5) = 0 [pid 774] close(6) = 0 [pid 774] mkdir("./file0", 0777) = 0 [pid 774] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 774] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 774] chdir("./file0") = 0 [pid 774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 774] ioctl(6, LOOP_CLR_FD) = 0 [pid 774] close(6) = 0 [pid 774] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 774] write(6, "#! ./file1\n", 11) = 11 [pid 774] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 774] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 774] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=774, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 [ 40.725612][ T774] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.755977][ T775] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-774: bg 0: block 234: padding at end of block bitmap is not set umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 779 ./strace-static-x86_64: Process 779 attached [pid 779] set_robust_list(0x5555669e6660, 24) = 0 [pid 779] chdir("./87") = 0 [pid 779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 779] setpgid(0, 0) = 0 [pid 779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 779] write(3, "1000", 4) = 4 [pid 779] close(3) = 0 [pid 779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 779] write(1, "executing program\n", 18executing program ) = 18 [pid 779] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 779] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 779] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 779] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 779] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 779] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 779] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 779] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 779] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 779] memfd_create("syzkaller", 0) = 5 [pid 779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 779] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 779] munmap(0x7f53938b6000, 138412032) = 0 [pid 779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 779] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 779] close(5) = 0 [pid 779] close(6) = 0 [pid 779] mkdir("./file0", 0777) = 0 [pid 779] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 779] chdir("./file0") = 0 [pid 779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 779] ioctl(6, LOOP_CLR_FD) = 0 [pid 779] close(6) = 0 [pid 779] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 779] write(6, "#! ./file1\n", 11) = 11 [pid 779] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 779] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 779] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=779, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 [ 40.886569][ T779] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.917443][ T780] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-779: bg 0: block 234: padding at end of block bitmap is not set umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 784 ./strace-static-x86_64: Process 784 attached [pid 784] set_robust_list(0x5555669e6660, 24) = 0 [pid 784] chdir("./88") = 0 [pid 784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 784] setpgid(0, 0) = 0 [pid 784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 784] write(3, "1000", 4) = 4 [pid 784] close(3) = 0 [pid 784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 784] write(1, "executing program\n", 18executing program ) = 18 [pid 784] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 784] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 784] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 784] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 784] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 784] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 784] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 784] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 784] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 784] memfd_create("syzkaller", 0) = 5 [pid 784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 784] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 784] munmap(0x7f53938b6000, 138412032) = 0 [pid 784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 784] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 784] close(5) = 0 [pid 784] close(6) = 0 [pid 784] mkdir("./file0", 0777) = 0 [pid 784] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 784] chdir("./file0") = 0 [pid 784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 784] ioctl(6, LOOP_CLR_FD) = 0 [pid 784] close(6) = 0 [pid 784] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 784] write(6, "#! ./file1\n", 11) = 11 [pid 784] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 784] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 784] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=784, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 [ 41.056115][ T784] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.087138][ T785] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-784: bg 0: block 234: padding at end of block bitmap is not set umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 789 ./strace-static-x86_64: Process 789 attached [pid 789] set_robust_list(0x5555669e6660, 24) = 0 [pid 789] chdir("./89") = 0 [pid 789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 789] setpgid(0, 0) = 0 [pid 789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 789] write(3, "1000", 4) = 4 [pid 789] close(3) = 0 [pid 789] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 789] write(1, "executing program\n", 18) = 18 [pid 789] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 789] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 789] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 789] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 789] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 789] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 789] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 789] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 789] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 789] memfd_create("syzkaller", 0) = 5 [pid 789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 789] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 789] munmap(0x7f53938b6000, 138412032) = 0 [pid 789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 789] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 789] close(5) = 0 [pid 789] close(6) = 0 [pid 789] mkdir("./file0", 0777) = 0 [pid 789] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 789] chdir("./file0") = 0 [pid 789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 789] ioctl(6, LOOP_CLR_FD) = 0 [pid 789] close(6) = 0 [pid 789] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 789] write(6, "#! ./file1\n", 11) = 11 [pid 789] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 789] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 789] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=789, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 41.216148][ T789] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.247078][ T790] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-789: bg 0: block 234: padding at end of block bitmap is not set umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 794 ./strace-static-x86_64: Process 794 attached [pid 794] set_robust_list(0x5555669e6660, 24) = 0 [pid 794] chdir("./90") = 0 [pid 794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 794] setpgid(0, 0) = 0 [pid 794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 794] write(3, "1000", 4) = 4 [pid 794] close(3) = 0 [pid 794] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 794] write(1, "executing program\n", 18) = 18 [pid 794] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 794] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 794] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 794] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 794] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 794] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 794] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 794] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 794] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 794] memfd_create("syzkaller", 0) = 5 [pid 794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 794] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 794] munmap(0x7f53938b6000, 138412032) = 0 [pid 794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 794] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 794] close(5) = 0 [pid 794] close(6) = 0 [pid 794] mkdir("./file0", 0777) = 0 [pid 794] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 794] chdir("./file0") = 0 [pid 794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 794] ioctl(6, LOOP_CLR_FD) = 0 [pid 794] close(6) = 0 [pid 794] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 794] write(6, "#! ./file1\n", 11) = 11 [pid 794] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 794] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 794] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=794, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 [ 41.374851][ T794] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.404854][ T795] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-794: bg 0: block 234: padding at end of block bitmap is not set umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 799 ./strace-static-x86_64: Process 799 attached [pid 799] set_robust_list(0x5555669e6660, 24) = 0 [pid 799] chdir("./91") = 0 [pid 799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 799] setpgid(0, 0) = 0 [pid 799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 799] write(3, "1000", 4) = 4 [pid 799] close(3) = 0 [pid 799] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 799] write(1, "executing program\n", 18) = 18 [pid 799] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 799] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 799] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 799] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 799] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 799] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 799] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 799] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 799] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 799] memfd_create("syzkaller", 0) = 5 [pid 799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 799] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 799] munmap(0x7f53938b6000, 138412032) = 0 [pid 799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 799] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 799] close(5) = 0 [pid 799] close(6) = 0 [pid 799] mkdir("./file0", 0777) = 0 [pid 799] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 799] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 799] chdir("./file0") = 0 [pid 799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 799] ioctl(6, LOOP_CLR_FD) = 0 [pid 799] close(6) = 0 [pid 799] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 799] write(6, "#! ./file1\n", 11) = 11 [pid 799] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 799] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=799, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 [ 41.516485][ T799] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.547952][ T800] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-799: bg 0: block 234: padding at end of block bitmap is not set umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 804 ./strace-static-x86_64: Process 804 attached [pid 804] set_robust_list(0x5555669e6660, 24) = 0 [pid 804] chdir("./92") = 0 [pid 804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 804] setpgid(0, 0) = 0 [pid 804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 804] write(3, "1000", 4) = 4 [pid 804] close(3) = 0 [pid 804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 804] write(1, "executing program\n", 18executing program ) = 18 [pid 804] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 804] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 804] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 804] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 804] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 804] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 804] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 804] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 804] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 804] memfd_create("syzkaller", 0) = 5 [pid 804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 804] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 804] munmap(0x7f53938b6000, 138412032) = 0 [pid 804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 804] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 804] close(5) = 0 [pid 804] close(6) = 0 [pid 804] mkdir("./file0", 0777) = 0 [pid 804] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 804] chdir("./file0") = 0 [pid 804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 804] ioctl(6, LOOP_CLR_FD) = 0 [pid 804] close(6) = 0 [pid 804] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 804] write(6, "#! ./file1\n", 11) = 11 [pid 804] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 804] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 804] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=804, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 [ 41.716432][ T804] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.746091][ T805] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-804: bg 0: block 234: padding at end of block bitmap is not set umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 809 attached , child_tidptr=0x5555669e6650) = 809 [pid 809] set_robust_list(0x5555669e6660, 24) = 0 [pid 809] chdir("./93") = 0 [pid 809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 809] setpgid(0, 0) = 0 [pid 809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 809] write(3, "1000", 4) = 4 [pid 809] close(3) = 0 [pid 809] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 809] write(1, "executing program\n", 18) = 18 [pid 809] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 809] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 809] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 809] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 809] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 809] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 809] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 809] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 809] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 809] memfd_create("syzkaller", 0) = 5 [pid 809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 809] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 809] munmap(0x7f53938b6000, 138412032) = 0 [pid 809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 809] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 809] close(5) = 0 [pid 809] close(6) = 0 [pid 809] mkdir("./file0", 0777) = 0 [pid 809] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 809] chdir("./file0") = 0 [pid 809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 809] ioctl(6, LOOP_CLR_FD) = 0 [pid 809] close(6) = 0 [pid 809] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 809] write(6, "#! ./file1\n", 11) = 11 [pid 809] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 809] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=809, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 [ 41.946500][ T809] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.977914][ T810] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-809: bg 0: block 234: padding at end of block bitmap is not set umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 814 ./strace-static-x86_64: Process 814 attached [pid 814] set_robust_list(0x5555669e6660, 24) = 0 [pid 814] chdir("./94") = 0 [pid 814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 814] setpgid(0, 0) = 0 [pid 814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 814] write(3, "1000", 4) = 4 [pid 814] close(3) = 0 [pid 814] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 814] write(1, "executing program\n", 18) = 18 [pid 814] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 814] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 814] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 814] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 814] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 814] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 814] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 814] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 814] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 814] memfd_create("syzkaller", 0) = 5 [pid 814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 814] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 814] munmap(0x7f53938b6000, 138412032) = 0 [pid 814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 814] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 814] close(5) = 0 [pid 814] close(6) = 0 [pid 814] mkdir("./file0", 0777) = 0 [pid 814] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 814] chdir("./file0") = 0 [pid 814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 814] ioctl(6, LOOP_CLR_FD) = 0 [pid 814] close(6) = 0 [pid 814] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 814] write(6, "#! ./file1\n", 11) = 11 [pid 814] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 814] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 814] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=814, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 [ 42.136494][ T814] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.165725][ T815] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-814: bg 0: block 234: padding at end of block bitmap is not set umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 819 attached [pid 819] set_robust_list(0x5555669e6660, 24) = 0 [pid 819] chdir("./95") = 0 [pid 819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 819] setpgid(0, 0) = 0 [pid 819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 341] <... clone resumed>, child_tidptr=0x5555669e6650) = 819 [pid 819] <... openat resumed>) = 3 [pid 819] write(3, "1000", 4) = 4 [pid 819] close(3) = 0 [pid 819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 819] write(1, "executing program\n", 18executing program ) = 18 [pid 819] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 819] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 819] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 819] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 819] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 819] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 819] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 819] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 819] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 819] memfd_create("syzkaller", 0) = 5 [pid 819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 819] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 819] munmap(0x7f53938b6000, 138412032) = 0 [pid 819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 819] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 819] close(5) = 0 [pid 819] close(6) = 0 [pid 819] mkdir("./file0", 0777) = 0 [pid 819] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 819] chdir("./file0") = 0 [pid 819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 819] ioctl(6, LOOP_CLR_FD) = 0 [pid 819] close(6) = 0 [pid 819] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 819] write(6, "#! ./file1\n", 11) = 11 [pid 819] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 819] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 819] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=819, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 [ 42.266583][ T819] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.297598][ T820] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-819: bg 0: block 234: padding at end of block bitmap is not set umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 824 ./strace-static-x86_64: Process 824 attached [pid 824] set_robust_list(0x5555669e6660, 24) = 0 [pid 824] chdir("./96") = 0 [pid 824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 824] setpgid(0, 0) = 0 [pid 824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 824] write(3, "1000", 4) = 4 [pid 824] close(3) = 0 [pid 824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 824] write(1, "executing program\n", 18executing program ) = 18 [pid 824] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 824] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 824] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 824] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 824] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 824] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 824] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 824] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 824] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 824] memfd_create("syzkaller", 0) = 5 [pid 824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 824] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 824] munmap(0x7f53938b6000, 138412032) = 0 [pid 824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 824] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 824] close(5) = 0 [pid 824] close(6) = 0 [pid 824] mkdir("./file0", 0777) = 0 [pid 824] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 824] chdir("./file0") = 0 [pid 824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 824] ioctl(6, LOOP_CLR_FD) = 0 [pid 824] close(6) = 0 [pid 824] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 824] write(6, "#! ./file1\n", 11) = 11 [pid 824] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 824] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 824] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=824, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 [ 42.436412][ T824] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.467036][ T825] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-824: bg 0: block 234: padding at end of block bitmap is not set umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 829 ./strace-static-x86_64: Process 829 attached [pid 829] set_robust_list(0x5555669e6660, 24) = 0 [pid 829] chdir("./97") = 0 [pid 829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 829] setpgid(0, 0) = 0 [pid 829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 829] write(3, "1000", 4) = 4 [pid 829] close(3) = 0 [pid 829] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 829] write(1, "executing program\n", 18) = 18 [pid 829] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 829] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 829] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 829] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 829] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 829] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 829] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 829] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 829] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 829] memfd_create("syzkaller", 0) = 5 [pid 829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 829] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 829] munmap(0x7f53938b6000, 138412032) = 0 [pid 829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 829] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 829] close(5) = 0 [pid 829] close(6) = 0 [pid 829] mkdir("./file0", 0777) = 0 [pid 829] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 829] chdir("./file0") = 0 [pid 829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 829] ioctl(6, LOOP_CLR_FD) = 0 [pid 829] close(6) = 0 [pid 829] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 829] write(6, "#! ./file1\n", 11) = 11 [pid 829] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 829] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 829] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=829, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 [ 42.596408][ T829] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.621698][ T829] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 834 ./strace-static-x86_64: Process 834 attached [pid 834] set_robust_list(0x5555669e6660, 24) = 0 [pid 834] chdir("./98") = 0 [pid 834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 834] setpgid(0, 0) = 0 [pid 834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 834] write(3, "1000", 4) = 4 [pid 834] close(3) = 0 [pid 834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 834] write(1, "executing program\n", 18executing program ) = 18 [pid 834] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 834] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 834] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 834] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 834] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 834] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 834] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 834] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 834] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 834] memfd_create("syzkaller", 0) = 5 [pid 834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 834] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 834] munmap(0x7f53938b6000, 138412032) = 0 [pid 834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 834] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 834] close(5) = 0 [pid 834] close(6) = 0 [pid 834] mkdir("./file0", 0777) = 0 [pid 834] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 834] chdir("./file0") = 0 [pid 834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 834] ioctl(6, LOOP_CLR_FD) = 0 [pid 834] close(6) = 0 [pid 834] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 834] write(6, "#! ./file1\n", 11) = 11 [pid 834] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 834] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 834] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=834, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 [ 42.806620][ T834] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.832312][ T834] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 839 ./strace-static-x86_64: Process 839 attached [pid 839] set_robust_list(0x5555669e6660, 24) = 0 [pid 839] chdir("./99") = 0 [pid 839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 839] setpgid(0, 0) = 0 [pid 839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 839] write(3, "1000", 4) = 4 [pid 839] close(3) = 0 [pid 839] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 839] write(1, "executing program\n", 18) = 18 [pid 839] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 839] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 839] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 839] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 839] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 839] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 839] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 839] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 839] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 839] memfd_create("syzkaller", 0) = 5 [pid 839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 839] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 839] munmap(0x7f53938b6000, 138412032) = 0 [pid 839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 839] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 839] close(5) = 0 [pid 839] close(6) = 0 [pid 839] mkdir("./file0", 0777) = 0 [pid 839] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 839] chdir("./file0") = 0 [pid 839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 839] ioctl(6, LOOP_CLR_FD) = 0 [pid 839] close(6) = 0 [pid 839] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 839] write(6, "#! ./file1\n", 11) = 11 [pid 839] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 839] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 839] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=839, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 [ 42.976609][ T839] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.007430][ T840] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-839: bg 0: block 234: padding at end of block bitmap is not set umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 844 attached [pid 844] set_robust_list(0x5555669e6660, 24) = 0 [pid 844] chdir("./100") = 0 [pid 844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 844] setpgid(0, 0) = 0 [pid 844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 844] write(3, "1000", 4) = 4 [pid 844] close(3) = 0 [pid 844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 844] write(1, "executing program\n", 18executing program ) = 18 [pid 844] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 844] ioctl(3, VHOST_SET_OWNER [pid 341] <... clone resumed>, child_tidptr=0x5555669e6650) = 844 [pid 844] <... ioctl resumed>, 0) = 0 [pid 844] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 844] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 844] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 844] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 844] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 844] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 844] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 844] memfd_create("syzkaller", 0) = 5 [pid 844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 844] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 844] munmap(0x7f53938b6000, 138412032) = 0 [pid 844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 844] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 844] close(5) = 0 [pid 844] close(6) = 0 [pid 844] mkdir("./file0", 0777) = 0 [pid 844] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 844] chdir("./file0") = 0 [pid 844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 844] ioctl(6, LOOP_CLR_FD) = 0 [pid 844] close(6) = 0 [pid 844] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 844] write(6, "#! ./file1\n", 11) = 11 [pid 844] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 844] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 844] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=844, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 [ 43.145316][ T844] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.177604][ T845] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-844: bg 0: block 234: padding at end of block bitmap is not set umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 849 ./strace-static-x86_64: Process 849 attached [pid 849] set_robust_list(0x5555669e6660, 24) = 0 [pid 849] chdir("./101") = 0 [pid 849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 849] setpgid(0, 0) = 0 [pid 849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 849] write(3, "1000", 4) = 4 [pid 849] close(3) = 0 [pid 849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 849] write(1, "executing program\n", 18executing program ) = 18 [pid 849] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 849] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 849] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 849] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 849] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 849] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 849] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 849] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 849] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 849] memfd_create("syzkaller", 0) = 5 [pid 849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 849] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 849] munmap(0x7f53938b6000, 138412032) = 0 [pid 849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 849] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 849] close(5) = 0 [pid 849] close(6) = 0 [pid 849] mkdir("./file0", 0777) = 0 [pid 849] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 849] chdir("./file0") = 0 [pid 849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 849] ioctl(6, LOOP_CLR_FD) = 0 [pid 849] close(6) = 0 [pid 849] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 849] write(6, "#! ./file1\n", 11) = 11 [pid 849] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 849] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=849, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 [ 43.324224][ T849] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.355313][ T850] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-849: bg 0: block 234: padding at end of block bitmap is not set umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 854 ./strace-static-x86_64: Process 854 attached [pid 854] set_robust_list(0x5555669e6660, 24) = 0 [pid 854] chdir("./102") = 0 [pid 854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 854] setpgid(0, 0) = 0 [pid 854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 854] write(3, "1000", 4) = 4 [pid 854] close(3) = 0 [pid 854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 854] write(1, "executing program\n", 18executing program ) = 18 [pid 854] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 854] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 854] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 854] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 854] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 854] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 854] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 854] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 854] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 854] memfd_create("syzkaller", 0) = 5 [pid 854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 854] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 854] munmap(0x7f53938b6000, 138412032) = 0 [pid 854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 854] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 854] close(5) = 0 [pid 854] close(6) = 0 [pid 854] mkdir("./file0", 0777) = 0 [pid 854] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 854] chdir("./file0") = 0 [pid 854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 854] ioctl(6, LOOP_CLR_FD) = 0 [pid 854] close(6) = 0 [pid 854] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 854] write(6, "#! ./file1\n", 11) = 11 [pid 854] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 854] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 854] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=854, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 [ 43.493530][ T854] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.524249][ T855] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-854: bg 0: block 234: padding at end of block bitmap is not set umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 859 ./strace-static-x86_64: Process 859 attached [pid 859] set_robust_list(0x5555669e6660, 24) = 0 [pid 859] chdir("./103") = 0 [pid 859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 859] setpgid(0, 0) = 0 [pid 859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 859] write(3, "1000", 4) = 4 [pid 859] close(3) = 0 [pid 859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 859] write(1, "executing program\n", 18executing program ) = 18 [pid 859] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 859] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 859] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 859] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 859] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 859] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 859] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 859] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 859] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 859] memfd_create("syzkaller", 0) = 5 [pid 859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 859] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 859] munmap(0x7f53938b6000, 138412032) = 0 [pid 859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 859] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 859] close(5) = 0 [pid 859] close(6) = 0 [pid 859] mkdir("./file0", 0777) = 0 [pid 859] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 859] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 859] chdir("./file0") = 0 [pid 859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 859] ioctl(6, LOOP_CLR_FD) = 0 [pid 859] close(6) = 0 [pid 859] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 859] write(6, "#! ./file1\n", 11) = 11 [pid 859] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 859] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 859] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=859, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 [ 43.689904][ T859] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.721406][ T860] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-859: bg 0: block 234: padding at end of block bitmap is not set umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 864 ./strace-static-x86_64: Process 864 attached [pid 864] set_robust_list(0x5555669e6660, 24) = 0 [pid 864] chdir("./104") = 0 [pid 864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 864] setpgid(0, 0) = 0 [pid 864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 864] write(3, "1000", 4) = 4 [pid 864] close(3) = 0 [pid 864] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 864] write(1, "executing program\n", 18) = 18 [pid 864] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 864] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 864] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 864] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 864] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 864] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 864] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 864] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 864] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 864] memfd_create("syzkaller", 0) = 5 [pid 864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 864] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 864] munmap(0x7f53938b6000, 138412032) = 0 [pid 864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 864] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 864] close(5) = 0 [pid 864] close(6) = 0 [pid 864] mkdir("./file0", 0777) = 0 [pid 864] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 864] chdir("./file0") = 0 [pid 864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 864] ioctl(6, LOOP_CLR_FD) = 0 [pid 864] close(6) = 0 [pid 864] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 864] write(6, "#! ./file1\n", 11) = 11 [pid 864] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 864] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=864, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 [ 43.876513][ T864] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.907269][ T865] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-864: bg 0: block 234: padding at end of block bitmap is not set umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 869 ./strace-static-x86_64: Process 869 attached [pid 869] set_robust_list(0x5555669e6660, 24) = 0 [pid 869] chdir("./105") = 0 [pid 869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 869] setpgid(0, 0) = 0 [pid 869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 869] write(3, "1000", 4) = 4 [pid 869] close(3) = 0 [pid 869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 869] write(1, "executing program\n", 18executing program ) = 18 [pid 869] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 869] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 869] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 869] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 869] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 869] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 869] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 869] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 869] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 869] memfd_create("syzkaller", 0) = 5 [pid 869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 869] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 869] munmap(0x7f53938b6000, 138412032) = 0 [pid 869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 869] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 869] close(5) = 0 [pid 869] close(6) = 0 [pid 869] mkdir("./file0", 0777) = 0 [pid 869] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 869] chdir("./file0") = 0 [pid 869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 869] ioctl(6, LOOP_CLR_FD) = 0 [pid 869] close(6) = 0 [pid 869] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 869] write(6, "#! ./file1\n", 11) = 11 [pid 869] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 869] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 869] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=869, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 [ 44.096814][ T869] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.127801][ T870] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-869: bg 0: block 234: padding at end of block bitmap is not set umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 874 ./strace-static-x86_64: Process 874 attached [pid 874] set_robust_list(0x5555669e6660, 24) = 0 [pid 874] chdir("./106") = 0 [pid 874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 874] setpgid(0, 0) = 0 [pid 874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 874] write(3, "1000", 4) = 4 [pid 874] close(3) = 0 [pid 874] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 874] write(1, "executing program\n", 18) = 18 [pid 874] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 874] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 874] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 874] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 874] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 874] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 874] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 874] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 874] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 874] memfd_create("syzkaller", 0) = 5 [pid 874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 874] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 874] munmap(0x7f53938b6000, 138412032) = 0 [pid 874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 874] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 874] close(5) = 0 [pid 874] close(6) = 0 [pid 874] mkdir("./file0", 0777) = 0 [pid 874] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 874] chdir("./file0") = 0 [pid 874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 874] ioctl(6, LOOP_CLR_FD) = 0 [pid 874] close(6) = 0 [pid 874] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 874] write(6, "#! ./file1\n", 11) = 11 [pid 874] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 874] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 874] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=874, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 [ 44.276297][ T874] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.307387][ T875] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-874: bg 0: block 234: padding at end of block bitmap is not set umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 879 ./strace-static-x86_64: Process 879 attached [pid 879] set_robust_list(0x5555669e6660, 24) = 0 [pid 879] chdir("./107") = 0 [pid 879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 879] setpgid(0, 0) = 0 [pid 879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 879] write(3, "1000", 4) = 4 [pid 879] close(3) = 0 [pid 879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 879] write(1, "executing program\n", 18executing program ) = 18 [pid 879] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 879] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 879] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 879] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 879] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 879] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 879] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 879] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 879] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 879] memfd_create("syzkaller", 0) = 5 [pid 879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 879] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 879] munmap(0x7f53938b6000, 138412032) = 0 [pid 879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 879] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 879] close(5) = 0 [pid 879] close(6) = 0 [pid 879] mkdir("./file0", 0777) = 0 [pid 879] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 879] chdir("./file0") = 0 [pid 879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 879] ioctl(6, LOOP_CLR_FD) = 0 [pid 879] close(6) = 0 [pid 879] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 879] write(6, "#! ./file1\n", 11) = 11 [pid 879] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 879] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 879] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=879, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 [ 44.496488][ T879] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.522705][ T880] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-879: bg 0: block 234: padding at end of block bitmap is not set umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 884 ./strace-static-x86_64: Process 884 attached [pid 884] set_robust_list(0x5555669e6660, 24) = 0 [pid 884] chdir("./108") = 0 [pid 884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 884] setpgid(0, 0) = 0 [pid 884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 884] write(3, "1000", 4) = 4 [pid 884] close(3) = 0 [pid 884] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 884] write(1, "executing program\n", 18) = 18 [pid 884] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 884] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 884] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 884] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 884] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 884] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 884] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 884] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 884] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 884] memfd_create("syzkaller", 0) = 5 [pid 884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 884] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 884] munmap(0x7f53938b6000, 138412032) = 0 [pid 884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 884] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 884] close(5) = 0 [pid 884] close(6) = 0 [pid 884] mkdir("./file0", 0777) = 0 [pid 884] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 884] chdir("./file0") = 0 [pid 884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 884] ioctl(6, LOOP_CLR_FD) = 0 [pid 884] close(6) = 0 [pid 884] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 884] write(6, "#! ./file1\n", 11) = 11 [pid 884] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 884] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 884] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=884, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 [ 44.656456][ T884] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.688134][ T885] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-884: bg 0: block 234: padding at end of block bitmap is not set umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 889 ./strace-static-x86_64: Process 889 attached [pid 889] set_robust_list(0x5555669e6660, 24) = 0 [pid 889] chdir("./109") = 0 [pid 889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 889] setpgid(0, 0) = 0 [pid 889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 889] write(3, "1000", 4) = 4 [pid 889] close(3) = 0 [pid 889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 889] write(1, "executing program\n", 18executing program ) = 18 [pid 889] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 889] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 889] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 889] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 889] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 889] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 889] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 889] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 889] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 889] memfd_create("syzkaller", 0) = 5 [pid 889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 889] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 889] munmap(0x7f53938b6000, 138412032) = 0 [pid 889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 889] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 889] close(5) = 0 [pid 889] close(6) = 0 [pid 889] mkdir("./file0", 0777) = 0 [pid 889] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 889] chdir("./file0") = 0 [pid 889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 889] ioctl(6, LOOP_CLR_FD) = 0 [pid 889] close(6) = 0 [pid 889] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 889] write(6, "#! ./file1\n", 11) = 11 [pid 889] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 44.910619][ T889] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 889] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=889, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 [ 44.953855][ T890] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-889: bg 0: block 234: padding at end of block bitmap is not set umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 894 ./strace-static-x86_64: Process 894 attached [pid 894] set_robust_list(0x5555669e6660, 24) = 0 [pid 894] chdir("./110") = 0 [pid 894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 894] setpgid(0, 0) = 0 [pid 894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 894] write(3, "1000", 4) = 4 [pid 894] close(3) = 0 [pid 894] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 894] write(1, "executing program\n", 18) = 18 [pid 894] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 894] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 894] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 894] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 894] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 894] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 894] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 894] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 894] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 894] memfd_create("syzkaller", 0) = 5 [pid 894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 894] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 894] munmap(0x7f53938b6000, 138412032) = 0 [pid 894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 894] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 894] close(5) = 0 [pid 894] close(6) = 0 [pid 894] mkdir("./file0", 0777) = 0 [pid 894] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 894] chdir("./file0") = 0 [pid 894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 894] ioctl(6, LOOP_CLR_FD) = 0 [pid 894] close(6) = 0 [pid 894] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 894] write(6, "#! ./file1\n", 11) = 11 [pid 894] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 894] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 894] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=894, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 [ 45.146124][ T894] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.177917][ T895] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-894: bg 0: block 234: padding at end of block bitmap is not set umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 899 ./strace-static-x86_64: Process 899 attached [pid 899] set_robust_list(0x5555669e6660, 24) = 0 [pid 899] chdir("./111") = 0 [pid 899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 899] setpgid(0, 0) = 0 [pid 899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 899] write(3, "1000", 4) = 4 [pid 899] close(3) = 0 [pid 899] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 899] write(1, "executing program\n", 18) = 18 [pid 899] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 899] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 899] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 899] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 899] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 899] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 899] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 899] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 899] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 899] memfd_create("syzkaller", 0) = 5 [pid 899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 899] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 899] munmap(0x7f53938b6000, 138412032) = 0 [pid 899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 899] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 899] close(5) = 0 [pid 899] close(6) = 0 [pid 899] mkdir("./file0", 0777) = 0 [pid 899] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 899] chdir("./file0") = 0 [pid 899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 899] ioctl(6, LOOP_CLR_FD) = 0 [pid 899] close(6) = 0 [pid 899] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 899] write(6, "#! ./file1\n", 11) = 11 [pid 899] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 899] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 899] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=899, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 [ 45.296017][ T899] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.327465][ T900] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-899: bg 0: block 234: padding at end of block bitmap is not set umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 904 ./strace-static-x86_64: Process 904 attached [pid 904] set_robust_list(0x5555669e6660, 24) = 0 [pid 904] chdir("./112") = 0 [pid 904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 904] setpgid(0, 0) = 0 [pid 904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 904] write(3, "1000", 4) = 4 [pid 904] close(3) = 0 [pid 904] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 904] write(1, "executing program\n", 18) = 18 [pid 904] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 904] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 904] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 904] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 904] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 904] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 904] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 904] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 904] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 904] memfd_create("syzkaller", 0) = 5 [pid 904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 904] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 904] munmap(0x7f53938b6000, 138412032) = 0 [pid 904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 904] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 904] close(5) = 0 [pid 904] close(6) = 0 [pid 904] mkdir("./file0", 0777) = 0 [pid 904] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 904] chdir("./file0") = 0 [pid 904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 904] ioctl(6, LOOP_CLR_FD) = 0 [pid 904] close(6) = 0 [pid 904] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 904] write(6, "#! ./file1\n", 11) = 11 [pid 904] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 904] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 904] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=904, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 [ 45.494007][ T904] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.525523][ T905] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-904: bg 0: block 234: padding at end of block bitmap is not set umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 909 ./strace-static-x86_64: Process 909 attached [pid 909] set_robust_list(0x5555669e6660, 24) = 0 [pid 909] chdir("./113") = 0 [pid 909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 909] setpgid(0, 0) = 0 [pid 909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 909] write(3, "1000", 4) = 4 [pid 909] close(3) = 0 [pid 909] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 909] write(1, "executing program\n", 18) = 18 [pid 909] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 909] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 909] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 909] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 909] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 909] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 909] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 909] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 909] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 909] memfd_create("syzkaller", 0) = 5 [pid 909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 909] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 909] munmap(0x7f53938b6000, 138412032) = 0 [pid 909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 909] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 909] close(5) = 0 [pid 909] close(6) = 0 [pid 909] mkdir("./file0", 0777) = 0 [pid 909] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 909] chdir("./file0") = 0 [pid 909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 909] ioctl(6, LOOP_CLR_FD) = 0 [pid 909] close(6) = 0 [pid 909] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 909] write(6, "#! ./file1\n", 11) = 11 [pid 909] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 909] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=909, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 [ 45.656493][ T909] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.687431][ T910] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-909: bg 0: block 234: padding at end of block bitmap is not set umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 914 ./strace-static-x86_64: Process 914 attached [pid 914] set_robust_list(0x5555669e6660, 24) = 0 [pid 914] chdir("./114") = 0 [pid 914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 914] setpgid(0, 0) = 0 [pid 914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 914] write(3, "1000", 4) = 4 [pid 914] close(3) = 0 [pid 914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 914] write(1, "executing program\n", 18executing program ) = 18 [pid 914] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 914] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 914] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 914] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 914] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 914] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 914] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 914] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 914] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 914] memfd_create("syzkaller", 0) = 5 [pid 914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 914] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 914] munmap(0x7f53938b6000, 138412032) = 0 [pid 914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 914] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 914] close(5) = 0 [pid 914] close(6) = 0 [pid 914] mkdir("./file0", 0777) = 0 [pid 914] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 914] chdir("./file0") = 0 [pid 914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 914] ioctl(6, LOOP_CLR_FD) = 0 [pid 914] close(6) = 0 [pid 914] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 914] write(6, "#! ./file1\n", 11) = 11 [pid 914] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 914] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 914] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=914, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 [ 45.872388][ T915] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-914: bg 0: block 234: padding at end of block bitmap is not set umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 919 ./strace-static-x86_64: Process 919 attached [pid 919] set_robust_list(0x5555669e6660, 24) = 0 [pid 919] chdir("./115") = 0 [pid 919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 919] setpgid(0, 0) = 0 [pid 919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 919] write(3, "1000", 4) = 4 [pid 919] close(3) = 0 [pid 919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 919] write(1, "executing program\n", 18executing program ) = 18 [pid 919] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 919] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 919] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 919] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 919] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 919] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 919] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 919] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 919] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 919] memfd_create("syzkaller", 0) = 5 [pid 919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 919] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 919] munmap(0x7f53938b6000, 138412032) = 0 [pid 919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 919] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 919] close(5) = 0 [pid 919] close(6) = 0 [pid 919] mkdir("./file0", 0777) = 0 [pid 919] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 919] chdir("./file0") = 0 [pid 919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 919] ioctl(6, LOOP_CLR_FD) = 0 [pid 919] close(6) = 0 [pid 919] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 919] write(6, "#! ./file1\n", 11) = 11 [pid 919] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 919] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 919] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=919, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 [ 46.015619][ T920] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-919: bg 0: block 234: padding at end of block bitmap is not set umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 924 ./strace-static-x86_64: Process 924 attached [pid 924] set_robust_list(0x5555669e6660, 24) = 0 [pid 924] chdir("./116") = 0 [pid 924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 924] setpgid(0, 0) = 0 [pid 924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 924] write(3, "1000", 4) = 4 [pid 924] close(3) = 0 [pid 924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 924] write(1, "executing program\n", 18executing program ) = 18 [pid 924] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 924] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 924] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 924] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 924] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 924] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 924] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 924] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 924] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 924] memfd_create("syzkaller", 0) = 5 [pid 924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 924] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 924] munmap(0x7f53938b6000, 138412032) = 0 [pid 924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 924] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 924] close(5) = 0 [pid 924] close(6) = 0 [pid 924] mkdir("./file0", 0777) = 0 [pid 924] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 924] chdir("./file0") = 0 [pid 924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 924] ioctl(6, LOOP_CLR_FD) = 0 [pid 924] close(6) = 0 [pid 924] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 924] write(6, "#! ./file1\n", 11) = 11 [pid 924] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 924] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 924] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=924, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 [ 46.197640][ T925] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-924: bg 0: block 234: padding at end of block bitmap is not set umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 929 ./strace-static-x86_64: Process 929 attached [pid 929] set_robust_list(0x5555669e6660, 24) = 0 [pid 929] chdir("./117") = 0 [pid 929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 929] setpgid(0, 0) = 0 [pid 929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 929] write(3, "1000", 4) = 4 [pid 929] close(3) = 0 [pid 929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 929] write(1, "executing program\n", 18executing program ) = 18 [pid 929] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 929] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 929] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 929] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 929] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 929] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 929] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 929] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 929] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 929] memfd_create("syzkaller", 0) = 5 [pid 929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 929] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 929] munmap(0x7f53938b6000, 138412032) = 0 [pid 929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 929] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 929] close(5) = 0 [pid 929] close(6) = 0 [pid 929] mkdir("./file0", 0777) = 0 [pid 929] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 929] chdir("./file0") = 0 [pid 929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 929] ioctl(6, LOOP_CLR_FD) = 0 [pid 929] close(6) = 0 [pid 929] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 929] write(6, "#! ./file1\n", 11) = 11 [pid 929] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 929] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 929] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=929, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 [ 46.385164][ T929] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 934 ./strace-static-x86_64: Process 934 attached [pid 934] set_robust_list(0x5555669e6660, 24) = 0 [pid 934] chdir("./118") = 0 [pid 934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 934] setpgid(0, 0) = 0 [pid 934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 934] write(3, "1000", 4) = 4 [pid 934] close(3) = 0 [pid 934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 934] write(1, "executing program\n", 18executing program ) = 18 [pid 934] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 934] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 934] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 934] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 934] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 934] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 934] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 934] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 934] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 934] memfd_create("syzkaller", 0) = 5 [pid 934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 934] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 934] munmap(0x7f53938b6000, 138412032) = 0 [pid 934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 934] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 934] close(5) = 0 [pid 934] close(6) = 0 [pid 934] mkdir("./file0", 0777) = 0 [pid 934] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 934] chdir("./file0") = 0 [pid 934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 934] ioctl(6, LOOP_CLR_FD) = 0 [pid 934] close(6) = 0 [pid 934] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 934] write(6, "#! ./file1\n", 11) = 11 [pid 934] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 934] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=934, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 [ 46.583218][ T935] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-934: bg 0: block 234: padding at end of block bitmap is not set umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 939 ./strace-static-x86_64: Process 939 attached [pid 939] set_robust_list(0x5555669e6660, 24) = 0 [pid 939] chdir("./119") = 0 [pid 939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 939] setpgid(0, 0) = 0 [pid 939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 939] write(3, "1000", 4) = 4 [pid 939] close(3) = 0 [pid 939] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 939] write(1, "executing program\n", 18) = 18 [pid 939] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 939] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 939] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 939] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 939] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 939] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 939] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 939] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 939] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 939] memfd_create("syzkaller", 0) = 5 [pid 939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 939] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 939] munmap(0x7f53938b6000, 138412032) = 0 [pid 939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 939] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 939] close(5) = 0 [pid 939] close(6) = 0 [pid 939] mkdir("./file0", 0777) = 0 [pid 939] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 939] chdir("./file0") = 0 [pid 939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 939] ioctl(6, LOOP_CLR_FD) = 0 [pid 939] close(6) = 0 [pid 939] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 939] write(6, "#! ./file1\n", 11) = 11 [pid 939] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 939] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 939] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=939, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 [ 46.713626][ T939] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor246: bg 0: block 234: padding at end of block bitmap is not set umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 944 ./strace-static-x86_64: Process 944 attached [pid 944] set_robust_list(0x5555669e6660, 24) = 0 [pid 944] chdir("./120") = 0 [pid 944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 944] setpgid(0, 0) = 0 [pid 944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 944] write(3, "1000", 4) = 4 [pid 944] close(3) = 0 [pid 944] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 944] write(1, "executing program\n", 18) = 18 [pid 944] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 944] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 944] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 944] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 944] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 944] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 944] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 944] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 944] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 944] memfd_create("syzkaller", 0) = 5 [pid 944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 944] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 944] munmap(0x7f53938b6000, 138412032) = 0 [pid 944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 944] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 944] close(5) = 0 [pid 944] close(6) = 0 [pid 944] mkdir("./file0", 0777) = 0 [pid 944] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 944] chdir("./file0") = 0 [pid 944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 944] ioctl(6, LOOP_CLR_FD) = 0 [pid 944] close(6) = 0 [pid 944] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 944] write(6, "#! ./file1\n", 11) = 11 [pid 944] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 944] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 944] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=944, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 46.907986][ T945] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-944: bg 0: block 234: padding at end of block bitmap is not set umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 949 ./strace-static-x86_64: Process 949 attached [pid 949] set_robust_list(0x5555669e6660, 24) = 0 [pid 949] chdir("./121") = 0 [pid 949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 949] setpgid(0, 0) = 0 [pid 949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 949] write(3, "1000", 4) = 4 [pid 949] close(3) = 0 [pid 949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 949] write(1, "executing program\n", 18executing program ) = 18 [pid 949] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 949] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 949] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 949] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 949] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 949] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 949] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 949] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 949] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 949] memfd_create("syzkaller", 0) = 5 [pid 949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 949] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 949] munmap(0x7f53938b6000, 138412032) = 0 [pid 949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 949] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 949] close(5) = 0 [pid 949] close(6) = 0 [pid 949] mkdir("./file0", 0777) = 0 [pid 949] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 949] chdir("./file0") = 0 [pid 949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 949] ioctl(6, LOOP_CLR_FD) = 0 [pid 949] close(6) = 0 [pid 949] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 949] write(6, "#! ./file1\n", 11) = 11 [pid 949] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 949] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=949, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 [ 47.023958][ T950] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-949: bg 0: block 234: padding at end of block bitmap is not set umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 954 ./strace-static-x86_64: Process 954 attached [pid 954] set_robust_list(0x5555669e6660, 24) = 0 [pid 954] chdir("./122") = 0 [pid 954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 954] setpgid(0, 0) = 0 [pid 954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 954] write(3, "1000", 4) = 4 [pid 954] close(3) = 0 [pid 954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 954] write(1, "executing program\n", 18executing program ) = 18 [pid 954] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 954] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 954] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 954] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 954] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 954] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 954] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 954] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 954] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 954] memfd_create("syzkaller", 0) = 5 [pid 954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 954] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 954] munmap(0x7f53938b6000, 138412032) = 0 [pid 954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 954] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 954] close(5) = 0 [pid 954] close(6) = 0 [pid 954] mkdir("./file0", 0777) = 0 [pid 954] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 954] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 954] chdir("./file0") = 0 [pid 954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 954] ioctl(6, LOOP_CLR_FD) = 0 [pid 954] close(6) = 0 [pid 954] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 954] write(6, "#! ./file1\n", 11) = 11 [pid 954] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 954] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 954] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=954, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 [ 47.186767][ T955] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-954: bg 0: block 234: padding at end of block bitmap is not set umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 959 ./strace-static-x86_64: Process 959 attached [pid 959] set_robust_list(0x5555669e6660, 24) = 0 [pid 959] chdir("./123") = 0 [pid 959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 959] setpgid(0, 0) = 0 [pid 959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 959] write(3, "1000", 4) = 4 [pid 959] close(3) = 0 [pid 959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 959] write(1, "executing program\n", 18executing program ) = 18 [pid 959] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 959] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 959] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 959] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 959] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 959] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 959] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 959] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 959] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 959] memfd_create("syzkaller", 0) = 5 [pid 959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 959] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 959] munmap(0x7f53938b6000, 138412032) = 0 [pid 959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 959] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 959] close(5) = 0 [pid 959] close(6) = 0 [pid 959] mkdir("./file0", 0777) = 0 [pid 959] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 959] chdir("./file0") = 0 [pid 959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 959] ioctl(6, LOOP_CLR_FD) = 0 [pid 959] close(6) = 0 [pid 959] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 959] write(6, "#! ./file1\n", 11) = 11 [pid 959] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 959] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 959] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=959, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 [ 47.327628][ T960] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-959: bg 0: block 234: padding at end of block bitmap is not set umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 964 ./strace-static-x86_64: Process 964 attached [pid 964] set_robust_list(0x5555669e6660, 24) = 0 [pid 964] chdir("./124") = 0 [pid 964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 964] setpgid(0, 0) = 0 [pid 964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 964] write(3, "1000", 4) = 4 [pid 964] close(3) = 0 [pid 964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 964] write(1, "executing program\n", 18executing program ) = 18 [pid 964] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 964] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 964] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 964] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 964] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 964] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 964] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 964] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 964] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 964] memfd_create("syzkaller", 0) = 5 [pid 964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 964] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 964] munmap(0x7f53938b6000, 138412032) = 0 [pid 964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 964] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 964] close(5) = 0 [pid 964] close(6) = 0 [pid 964] mkdir("./file0", 0777) = 0 [pid 964] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 964] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 964] chdir("./file0") = 0 [pid 964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 964] ioctl(6, LOOP_CLR_FD) = 0 [pid 964] close(6) = 0 [pid 964] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 964] write(6, "#! ./file1\n", 11) = 11 [pid 964] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 964] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 964] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=964, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 [ 47.456896][ T965] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-964: bg 0: block 234: padding at end of block bitmap is not set umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 969 ./strace-static-x86_64: Process 969 attached [pid 969] set_robust_list(0x5555669e6660, 24) = 0 [pid 969] chdir("./125") = 0 [pid 969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 969] setpgid(0, 0) = 0 [pid 969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 969] write(3, "1000", 4) = 4 [pid 969] close(3) = 0 [pid 969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 969] write(1, "executing program\n", 18executing program ) = 18 [pid 969] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 969] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 969] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 969] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 969] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 969] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 969] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 969] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 969] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 969] memfd_create("syzkaller", 0) = 5 [pid 969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 969] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 969] munmap(0x7f53938b6000, 138412032) = 0 [pid 969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 969] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 969] close(5) = 0 [pid 969] close(6) = 0 [pid 969] mkdir("./file0", 0777) = 0 [pid 969] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 969] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 969] chdir("./file0") = 0 [pid 969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 969] ioctl(6, LOOP_CLR_FD) = 0 [pid 969] close(6) = 0 [pid 969] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 969] write(6, "#! ./file1\n", 11) = 11 [pid 969] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 969] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 969] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=969, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 [ 47.767228][ T970] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-969: bg 0: block 234: padding at end of block bitmap is not set umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 974 ./strace-static-x86_64: Process 974 attached [pid 974] set_robust_list(0x5555669e6660, 24) = 0 [pid 974] chdir("./126") = 0 [pid 974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 974] setpgid(0, 0) = 0 [pid 974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 974] write(3, "1000", 4) = 4 [pid 974] close(3) = 0 [pid 974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 974] write(1, "executing program\n", 18executing program ) = 18 [pid 974] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 974] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 974] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 974] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 974] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 974] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 974] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 974] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 974] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 974] memfd_create("syzkaller", 0) = 5 [pid 974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 974] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 974] munmap(0x7f53938b6000, 138412032) = 0 [pid 974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 974] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 974] close(5) = 0 [pid 974] close(6) = 0 [pid 974] mkdir("./file0", 0777) = 0 [pid 974] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 974] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 974] chdir("./file0") = 0 [pid 974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 974] ioctl(6, LOOP_CLR_FD) = 0 [pid 974] close(6) = 0 [pid 974] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 974] write(6, "#! ./file1\n", 11) = 11 [pid 974] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000007d0} --- [pid 974] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=974, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 [ 47.946382][ T975] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-974: bg 0: block 234: padding at end of block bitmap is not set umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555669ef730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555669ef730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x5555669e76f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555669e6650) = 979 ./strace-static-x86_64: Process 979 attached [pid 979] set_robust_list(0x5555669e6660, 24) = 0 [pid 979] chdir("./127") = 0 [pid 979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 979] setpgid(0, 0) = 0 [pid 979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 979] write(3, "1000", 4) = 4 [pid 979] close(3) = 0 [pid 979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 979] write(1, "executing program\n", 18executing program ) = 18 [pid 979] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 979] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 979] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 979] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 979] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 979] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 979] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 979] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 979] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 979] memfd_create("syzkaller", 0) = 5 [pid 979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f53938b6000 [pid 979] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 979] munmap(0x7f53938b6000, 138412032) = 0 [pid 979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 979] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 979] close(5) = 0 [pid 979] close(6) = 0 [pid 979] mkdir("./file0", 0777) = 0 [pid 979] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 979] chdir("./file0") = 0 [pid 979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 979] ioctl(6, LOOP_CLR_FD) = 0 [pid 979] close(6) = 0 [pid 979] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 979] write(6, "#! ./file1\n", 11) = 11 [pid 979] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 979] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_STACK_TRACE, key_size=4, value_size=8, max_entries=1, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 7 [pid 979] exit_group(0) = ? [ 48.099542][ T980] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-979: bg 0: block 234: padding at end of block bitmap is not set [ 48.103169][ T23] kauditd_printk_skb: 6 callbacks suppressed [ 48.103183][ T23] audit: type=1400 audit(1746549779.190:97): avc: denied { map_create } for pid=979 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [pid 979] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=979, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555669e76f0 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 [ 48.140501][ T23] audit: type=1400 audit(1746549779.190:98): avc: denied { map_read map_write } for pid=979 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 48.175289][ T102] ------------[ cut here ]------------ [ 48.180771][ T102] kernel BUG at fs/ext4/inode.c:2844! [ 48.186258][ T102] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 48.192351][ T102] CPU: 0 PID: 102 Comm: kworker/u4:2 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0 [ 48.202222][ T102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 48.212297][ T102] Workqueue: writeback wb_workfn (flush-7:0) [ 48.218373][ T102] RIP: 0010:ext4_writepages+0x2f83/0x2fb0 [ 48.224075][ T102] Code: 0f 94 c6 bf 02 00 00 00 e8 6a 29 a1 ff 84 db 75 2e e8 11 27 a1 ff 49 bc 00 00 00 00 00 fc ff df e9 47 f9 ff ff e8 fd 26 a1 ff <0f> 0b e8 f6 26 a1 ff 0f 0b e8 ef 26 a1 ff e8 ba ef 41 ff eb 9b e8 [ 48.243768][ T102] RSP: 0018:ffff8881ee9c71a0 EFLAGS: 00010293 [ 48.249833][ T102] RAX: ffffffff81be57e3 RBX: 0000010410000000 RCX: ffff8881f0dade80 [ 48.257805][ T102] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 48.265765][ T102] RBP: ffff8881ee9c74f0 R08: dffffc0000000000 R09: ffffed103b97f00b [ 48.273736][ T102] R10: ffffed103b97f00b R11: 1ffff1103b97f00a R12: dffffc0000000000 [ 48.281686][ T102] R13: ffff8881ee9c7810 R14: 0000010000000000 R15: ffff8881dcbf8128 [ 48.289637][ T102] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 48.298544][ T102] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.305115][ T102] CR2: 000000003774e418 CR3: 00000001f02f4000 CR4: 00000000003406b0 [ 48.313074][ T102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.321046][ T102] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.329006][ T102] Call Trace: [ 48.332286][ T102] ? __kasan_check_read+0x11/0x20 [ 48.337293][ T102] ? __find_get_block+0xab4/0xe90 [ 48.342295][ T102] ? write_boundary_block+0x140/0x140 [ 48.347646][ T102] ? ext4_readpage+0x310/0x310 [ 48.352385][ T102] ? dd_has_work+0x153/0x180 [ 48.356954][ T102] ? __getblk_gfp+0x3b/0x760 [ 48.361526][ T102] ? ext4_get_group_desc+0x249/0x2a0 [ 48.366792][ T102] ? debug_smp_processor_id+0x20/0x20 [ 48.372161][ T102] ? ext4_readpage+0x310/0x310 [ 48.376926][ T102] do_writepages+0x127/0x270 [ 48.381501][ T102] ? debug_smp_processor_id+0x20/0x20 [ 48.386871][ T102] ? __writepage+0x120/0x120 [ 48.391444][ T102] ? __kasan_check_write+0x14/0x20 [ 48.396531][ T102] ? _raw_spin_lock+0x8e/0xe0 [ 48.401244][ T102] ? __kasan_check_write+0x14/0x20 [ 48.406337][ T102] __writeback_single_inode+0xd9/0xc30 [ 48.411772][ T102] ? wbc_attach_and_unlock_inode+0x3b3/0x5b0 [ 48.417728][ T102] writeback_sb_inodes+0x94f/0x1700 [ 48.422925][ T102] ? _raw_spin_lock+0x8e/0xe0 [ 48.427591][ T102] ? queue_io+0x4e0/0x4e0 [ 48.431906][ T102] ? __kasan_check_read+0x11/0x20 [ 48.436911][ T102] wb_writeback+0x3e1/0xc20 [ 48.441398][ T102] ? wb_io_lists_depopulated+0x170/0x170 [ 48.447027][ T102] ? check_preemption_disabled+0x9b/0x300 [ 48.452721][ T102] ? debug_smp_processor_id+0x20/0x20 [ 48.458070][ T102] ? __kasan_check_write+0x14/0x20 [ 48.463184][ T102] ? check_preemption_disabled+0x9b/0x300 [ 48.468982][ T102] wb_workfn+0x375/0xf90 [ 48.473214][ T102] ? inode_wait_for_writeback+0x200/0x200 [ 48.478911][ T102] ? _raw_spin_unlock_irq+0x4e/0x70 [ 48.484162][ T102] ? finish_task_switch+0x12e/0x590 [ 48.489390][ T102] ? __schedule+0xa57/0x12a0 [ 48.493981][ T102] ? __kasan_check_read+0x11/0x20 [ 48.498992][ T102] ? read_word_at_a_time+0x12/0x20 [ 48.504105][ T102] ? strscpy+0x9b/0x290 [ 48.508422][ T102] process_one_work+0x73b/0xcc0 [ 48.513282][ T102] worker_thread+0xa5c/0x13b0 [ 48.517960][ T102] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 48.523495][ T102] kthread+0x31e/0x3a0 [ 48.527583][ T102] ? worker_clr_flags+0x190/0x190 [ 48.532595][ T102] ? kthread_blkcg+0xd0/0xd0 [ 48.537165][ T102] ret_from_fork+0x1f/0x30 [ 48.541582][ T102] Modules linked in: [ 48.545620][ T102] ---[ end trace 96d6ced91235172a ]--- [ 48.551091][ T102] RIP: 0010:ext4_writepages+0x2f83/0x2fb0 [ 48.556841][ T102] Code: 0f 94 c6 bf 02 00 00 00 e8 6a 29 a1 ff 84 db 75 2e e8 11 27 a1 ff 49 bc 00 00 00 00 00 fc ff df e9 47 f9 ff ff e8 fd 26 a1 ff <0f> 0b e8 f6 26 a1 ff 0f 0b e8 ef 26 a1 ff e8 ba ef 41 ff eb 9b e8 [ 48.576622][ T102] RSP: 0018:ffff8881ee9c71a0 EFLAGS: 00010293 [ 48.582732][ T102] RAX: ffffffff81be57e3 RBX: 0000010410000000 RCX: ffff8881f0dade80 [ 48.590732][ T102] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 48.598755][ T102] RBP: ffff8881ee9c74f0 R08: dffffc0000000000 R09: ffffed103b97f00b [ 48.606936][ T102] R10: ffffed103b97f00b R11: 1ffff1103b97f00a R12: dffffc0000000000 [ 48.614904][ T102] R13: ffff8881ee9c7810 R14: 0000010000000000 R15: ffff8881dcbf8128 [ 48.622885][ T102] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 48.631824][ T102] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.638436][ T102] CR2: 000000003774e418 CR3: 00000001f02f4000 CR4: 00000000003406b0 [ 48.646420][ T102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.654501][ T102] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.662515][ T102] Kernel panic - not syncing: Fatal exception [ 48.668859][ T102] Kernel Offset: disabled [ 48.673190][ T102] Rebooting in 86400 seconds..