./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2521978125 <...> Warning: Permanently added '10.128.0.127' (ED25519) to the list of known hosts. execve("./syz-executor2521978125", ["./syz-executor2521978125"], 0x7ffefafadc20 /* 10 vars */) = 0 brk(NULL) = 0x555558d93000 brk(0x555558d93e00) = 0x555558d93e00 arch_prctl(ARCH_SET_FS, 0x555558d93480) = 0 set_tid_address(0x555558d93750) = 282 set_robust_list(0x555558d93760, 24) = 0 rseq(0x555558d93da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2521978125", 4096) = 28 getrandom("\x5f\x7c\x41\x09\x40\x60\x90\x4a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555558d93e00 brk(0x555558db4e00) = 0x555558db4e00 brk(0x555558db5000) = 0x555558db5000 mprotect(0x7efff31a1000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7efff30f6950, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7efff31003d0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7efff30f6950, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7efff31003d0}, NULL, 8) = 0 mkdir("./syzkaller.4oPmmW", 0700) = 0 chmod("./syzkaller.4oPmmW", 0777) = 0 chdir("./syzkaller.4oPmmW") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 283 ./strace-static-x86_64: Process 283 attached [pid 283] set_robust_list(0x555558d93760, 24) = 0 [pid 283] chdir("./0") = 0 [pid 283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 283] setpgid(0, 0) = 0 [pid 283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 283] write(3, "1000", 4) = 4 [pid 283] close(3) = 0 [pid 283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 283] write(1, "executing program\n", 18executing program ) = 18 [pid 283] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 283] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 283] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 283] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 283] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 283] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 283] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 283] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 283] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 283] memfd_create("syzkaller", 0) = 5 [pid 283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 283] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 283] munmap(0x7effeaced000, 138412032) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.369985][ T24] audit: type=1400 audit(1750577966.880:64): avc: denied { execmem } for pid=282 comm="syz-executor252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.389981][ T24] audit: type=1400 audit(1750577966.900:65): avc: denied { read write } for pid=282 comm="syz-executor252" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 283] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 283] close(5) = 0 [pid 283] close(6) = 0 [pid 283] mkdir("./file0", 0777) = 0 [ 23.415454][ T24] audit: type=1400 audit(1750577966.900:66): avc: denied { open } for pid=282 comm="syz-executor252" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.439801][ T24] audit: type=1400 audit(1750577966.900:67): avc: denied { ioctl } for pid=282 comm="syz-executor252" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.466486][ T24] audit: type=1400 audit(1750577966.910:68): avc: denied { read write } for pid=283 comm="syz-executor252" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 23.490998][ T24] audit: type=1400 audit(1750577966.910:69): avc: denied { open } for pid=283 comm="syz-executor252" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 23.515357][ T24] audit: type=1400 audit(1750577966.910:70): avc: denied { ioctl } for pid=283 comm="syz-executor252" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 23.541096][ T24] audit: type=1400 audit(1750577966.960:71): avc: denied { mounton } for pid=283 comm="syz-executor252" path="/root/syzkaller.4oPmmW/0/file0" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 283] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 283] chdir("./file0") = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 283] ioctl(6, LOOP_CLR_FD) = 0 [pid 283] close(6) = 0 [ 23.570398][ T283] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.590533][ T24] audit: type=1400 audit(1750577967.100:72): avc: denied { mount } for pid=283 comm="syz-executor252" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 283] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 283] write(6, "#! ./file1\n", 11) = 11 [pid 283] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 23.621120][ T24] audit: type=1400 audit(1750577967.140:73): avc: denied { write } for pid=283 comm="syz-executor252" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.645121][ T285] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-283: bg 0: block 234: padding at end of block bitmap is not set [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 23.664402][ T283] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 23.664414][ T285] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-283: lblock 0 mapped to illegal pblock 62218 (length 1) [ 23.664591][ T285] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-283: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [ 23.695045][ T283] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 23.709191][ T285] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-283: lblock 0 mapped to illegal pblock 62218 (length 1) [ 23.724813][ T283] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 23.738825][ T285] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-283: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 283] exit_group(0) = ? [pid 283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=283, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 23.754327][ T283] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 23.768587][ T285] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-283: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 289 ./strace-static-x86_64: Process 289 attached [pid 289] set_robust_list(0x555558d93760, 24) = 0 [pid 289] chdir("./1") = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] setpgid(0, 0) = 0 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "1000", 4) = 4 [pid 289] close(3) = 0 [pid 289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 289] write(1, "executing program\n", 18executing program ) = 18 [pid 289] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 289] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 289] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 289] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 289] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 289] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 289] memfd_create("syzkaller", 0) = 5 [pid 289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 289] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 289] munmap(0x7effeaced000, 138412032) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 289] close(5) = 0 [pid 289] close(6) = 0 [pid 289] mkdir("./file0", 0777) = 0 [pid 289] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 289] chdir("./file0") = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_CLR_FD) = 0 [pid 289] close(6) = 0 [pid 289] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 289] write(6, "#! ./file1\n", 11) = 11 [pid 289] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 289] exit_group(0) = ? [pid 289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 23.901833][ T289] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.928702][ T290] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-289: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 294 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x555558d93760, 24) = 0 [pid 294] chdir("./2") = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setpgid(0, 0) = 0 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 294] write(3, "1000", 4) = 4 [pid 294] close(3) = 0 [pid 294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 294] write(1, "executing program\n", 18executing program ) = 18 [pid 294] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 294] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 294] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 294] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 294] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 294] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 294] memfd_create("syzkaller", 0) = 5 [pid 294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 294] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 294] munmap(0x7effeaced000, 138412032) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 294] close(5) = 0 [pid 294] close(6) = 0 [pid 294] mkdir("./file0", 0777) = 0 [pid 294] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 294] chdir("./file0") = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_CLR_FD) = 0 [pid 294] close(6) = 0 [pid 294] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 294] write(6, "#! ./file1\n", 11) = 11 [pid 294] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 294] exit_group(0) = ? [pid 294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=294, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 24.081883][ T294] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.110389][ T295] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-294: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555558d93760, 24) = 0 [pid 299] chdir("./3") = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] write(1, "executing program\n", 18executing program ) = 18 [pid 299] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 299] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 299] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 299] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 299] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 299] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 299] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 299] memfd_create("syzkaller", 0) = 5 [pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 299] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 299] munmap(0x7effeaced000, 138412032) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 299] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 299] close(5) = 0 [pid 299] close(6) = 0 [pid 299] mkdir("./file0", 0777) = 0 [pid 299] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 299] chdir("./file0") = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 299] ioctl(6, LOOP_CLR_FD) = 0 [pid 299] close(6) = 0 [pid 299] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 299] write(6, "#! ./file1\n", 11) = 11 [pid 299] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.261754][ T299] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 299] exit_group(0) = ? [pid 299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 24.302581][ T300] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-299: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555558d93760, 24) = 0 [pid 305] chdir("./4") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 305] write(1, "executing program\n", 18) = 18 [pid 305] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 305] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 305] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 305] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 305] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 305] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 305] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 305] memfd_create("syzkaller", 0) = 5 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 305] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 305] munmap(0x7effeaced000, 138412032) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 305] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 305] close(5) = 0 [pid 305] close(6) = 0 [pid 305] mkdir("./file0", 0777) = 0 [pid 305] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 305] chdir("./file0") = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 305] ioctl(6, LOOP_CLR_FD) = 0 [pid 305] close(6) = 0 [pid 305] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 305] write(6, "#! ./file1\n", 11) = 11 [pid 305] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 24.421769][ T305] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.450385][ T305] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 24.466232][ T305] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 24.466256][ T306] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-305: lblock 0 mapped to illegal pblock 62218 (length 1) [ 24.466495][ T306] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-305: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [ 24.482082][ T305] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 24.496551][ T306] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-305: lblock 0 mapped to illegal pblock 62218 (length 1) [ 24.511021][ T305] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 24.526265][ T306] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-305: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 305] exit_group(0) = ? [pid 305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 24.570447][ T306] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-305: lblock 0 mapped to illegal pblock 62218 (length 1) [ 24.570856][ T305] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 310 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x555558d93760, 24) = 0 [pid 310] chdir("./5") = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 310] write(1, "executing program\n", 18executing program ) = 18 [pid 310] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 310] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 310] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 310] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 310] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 310] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 310] memfd_create("syzkaller", 0) = 5 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 310] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 310] munmap(0x7effeaced000, 138412032) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 310] close(5) = 0 [pid 310] close(6) = 0 [pid 310] mkdir("./file0", 0777) = 0 [pid 310] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 310] chdir("./file0") = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_CLR_FD) = 0 [pid 310] close(6) = 0 [pid 310] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 310] write(6, "#! ./file1\n", 11) = 11 [pid 310] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 310] exit_group(0) = ? [pid 310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 24.721822][ T310] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.751161][ T310] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555558d93760, 24) = 0 [pid 315] chdir("./6") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] write(1, "executing program\n", 18executing program ) = 18 [pid 315] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 315] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 315] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 315] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 315] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 315] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 315] memfd_create("syzkaller", 0) = 5 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 315] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 315] munmap(0x7effeaced000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 315] close(5) = 0 [pid 315] close(6) = 0 [pid 315] mkdir("./file0", 0777) = 0 [pid 315] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 315] chdir("./file0") = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_CLR_FD) = 0 [pid 315] close(6) = 0 [pid 315] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 315] write(6, "#! ./file1\n", 11) = 11 [pid 315] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 315] exit_group(0) = ? [pid 315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 24.871733][ T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.900931][ T316] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-315: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555558d93760, 24) = 0 [pid 320] chdir("./7") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 320] write(1, "executing program\n", 18) = 18 [pid 320] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 320] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 320] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 320] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 320] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 320] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 320] memfd_create("syzkaller", 0) = 5 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 320] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 320] munmap(0x7effeaced000, 138412032) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 320] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 320] close(5) = 0 [pid 320] close(6) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 320] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 320] chdir("./file0") = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 320] ioctl(6, LOOP_CLR_FD) = 0 [pid 320] close(6) = 0 [pid 320] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 320] write(6, "#! ./file1\n", 11) = 11 [pid 320] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.022251][ T320] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [ 25.062568][ T321] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-320: bg 0: block 234: padding at end of block bitmap is not set [ 25.079605][ T320] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.079617][ T321] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-320: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [ 25.079840][ T321] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-320: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.095730][ T320] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.110110][ T321] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-320: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 320] exit_group(0) = ? [pid 320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 25.124621][ T320] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.139588][ T321] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-320: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.154413][ T320] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.169283][ T321] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-320: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555558d93760, 24) = 0 [pid 325] chdir("./8") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] write(1, "executing program\n", 18) = 18 [pid 325] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 325] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 325] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 325] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 325] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 325] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 325] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 325] memfd_create("syzkaller", 0) = 5 [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 325] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 325] munmap(0x7effeaced000, 138412032) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 325] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 325] close(5) = 0 [pid 325] close(6) = 0 [pid 325] mkdir("./file0", 0777) = 0 [pid 325] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 325] chdir("./file0") = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 325] ioctl(6, LOOP_CLR_FD) = 0 [pid 325] close(6) = 0 [pid 325] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 325] write(6, "#! ./file1\n", 11) = 11 [pid 325] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [ 25.382276][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.412422][ T326] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-325: bg 0: block 234: padding at end of block bitmap is not set [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [ 25.430740][ T325] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.430752][ T326] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-325: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.431067][ T326] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-325: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 325] exit_group(0) = ? [ 25.446458][ T325] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.461145][ T326] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-325: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.505397][ T326] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-325: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=1, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 25.520173][ T326] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-325: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 330 ./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x555558d93760, 24) = 0 [pid 330] chdir("./9") = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 330] write(1, "executing program\n", 18) = 18 [pid 330] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 330] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 330] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 330] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 330] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 330] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 330] memfd_create("syzkaller", 0) = 5 [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 330] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 330] munmap(0x7effeaced000, 138412032) = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 330] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 330] close(5) = 0 [pid 330] close(6) = 0 [pid 330] mkdir("./file0", 0777) = 0 [pid 330] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 330] chdir("./file0") = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 330] ioctl(6, LOOP_CLR_FD) = 0 [pid 330] close(6) = 0 [pid 330] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 330] write(6, "#! ./file1\n", 11) = 11 [pid 330] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.671820][ T330] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [ 25.711806][ T331] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-330: bg 0: block 234: padding at end of block bitmap is not set [ 25.726924][ T330] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.726936][ T331] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-330: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.727139][ T331] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-330: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 25.742966][ T330] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.757271][ T331] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-330: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.771853][ T330] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 330] exit_group(0) = ? [pid 330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 25.787238][ T331] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-330: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.830922][ T330] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 25.831567][ T331] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-330: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x555558d93760, 24) = 0 [pid 335] chdir("./10") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 335] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 335] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 335] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 335] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 335] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 335] memfd_create("syzkaller", 0) = 5 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 335] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 335] munmap(0x7effeaced000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 335] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 335] close(5) = 0 [pid 335] close(6) = 0 [pid 335] mkdir("./file0", 0777) = 0 [pid 335] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 335] chdir("./file0") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 335] ioctl(6, LOOP_CLR_FD) = 0 [pid 335] close(6) = 0 [pid 335] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 335] write(6, "#! ./file1\n", 11) = 11 [pid 335] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 335] exit_group(0) = ? [pid 335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 25.991908][ T335] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.013527][ T335] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x555558d93760, 24) = 0 [pid 340] chdir("./11") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 340] write(1, "executing program\n", 18) = 18 executing program [pid 340] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 340] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 340] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 340] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 340] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 340] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 340] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 340] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 340] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 340] memfd_create("syzkaller", 0) = 5 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 340] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 340] munmap(0x7effeaced000, 138412032) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 340] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 340] close(5) = 0 [pid 340] close(6) = 0 [pid 340] mkdir("./file0", 0777) = 0 [pid 340] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 340] chdir("./file0") = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 340] ioctl(6, LOOP_CLR_FD) = 0 [pid 340] close(6) = 0 [pid 340] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 340] write(6, "#! ./file1\n", 11) = 11 [pid 340] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 340] exit_group(0) = ? [pid 340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 26.164741][ T340] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.191331][ T341] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-340: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555558d93760, 24) = 0 [pid 345] chdir("./12") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] write(1, "executing program\n", 18) = 18 [pid 345] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 345] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 345] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 345] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 345] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 345] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 345] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 345] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 345] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 345] memfd_create("syzkaller", 0) = 5 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 345] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 345] munmap(0x7effeaced000, 138412032) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 345] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 345] close(5) = 0 [pid 345] close(6) = 0 [pid 345] mkdir("./file0", 0777) = 0 [pid 345] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 345] chdir("./file0") = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 345] ioctl(6, LOOP_CLR_FD) = 0 [pid 345] close(6) = 0 [pid 345] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 345] write(6, "#! ./file1\n", 11) = 11 [pid 345] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [ 26.481522][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.509472][ T346] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-345: bg 0: block 234: padding at end of block bitmap is not set [pid 345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 345] exit_group(0) = ? [ 26.527963][ T345] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 26.527985][ T346] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-345: lblock 0 mapped to illegal pblock 62218 (length 1) [ 26.557978][ T346] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-345: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=1, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 26.572714][ T346] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-345: lblock 0 mapped to illegal pblock 62218 (length 1) [ 26.587455][ T346] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-345: lblock 0 mapped to illegal pblock 62218 (length 1) [ 26.602211][ T346] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-345: lblock 0 mapped to illegal pblock 62218 (length 1) [ 26.616953][ T346] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-345: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 350 ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x555558d93760, 24) = 0 [pid 350] chdir("./13") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 350] write(1, "executing program\n", 18executing program ) = 18 [pid 350] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 350] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 350] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 350] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 350] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 350] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 350] memfd_create("syzkaller", 0) = 5 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 350] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 350] munmap(0x7effeaced000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 350] close(5) = 0 [pid 350] close(6) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 350] chdir("./file0") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_CLR_FD) = 0 [pid 350] close(6) = 0 [pid 350] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 350] write(6, "#! ./file1\n", 11) = 11 [pid 350] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 350] exit_group(0) = ? [pid 350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 26.741784][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.771225][ T351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-350: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x555558d93760, 24) = 0 [pid 355] chdir("./14") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18executing program ) = 18 [pid 355] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 355] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 355] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 355] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 355] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 355] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 355] memfd_create("syzkaller", 0) = 5 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 355] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 355] munmap(0x7effeaced000, 138412032) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 355] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 355] close(5) = 0 [pid 355] close(6) = 0 [pid 355] mkdir("./file0", 0777) = 0 [pid 355] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 355] chdir("./file0") = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 355] ioctl(6, LOOP_CLR_FD) = 0 [pid 355] close(6) = 0 [pid 355] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 355] write(6, "#! ./file1\n", 11) = 11 [pid 355] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 355] exit_group(0) = ? [pid 355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 26.911295][ T355] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.939630][ T356] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-355: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555558d93760, 24) = 0 [pid 360] chdir("./15") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 360] write(1, "executing program\n", 18) = 18 [pid 360] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 360] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 360] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 360] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 360] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 360] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 360] memfd_create("syzkaller", 0) = 5 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 360] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 360] munmap(0x7effeaced000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 360] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 360] close(5) = 0 [pid 360] close(6) = 0 [pid 360] mkdir("./file0", 0777) = 0 [pid 360] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 360] chdir("./file0") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 360] ioctl(6, LOOP_CLR_FD) = 0 [pid 360] close(6) = 0 [pid 360] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 360] write(6, "#! ./file1\n", 11) = 11 [pid 360] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 360] exit_group(0) = ? [pid 360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 27.071891][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.096031][ T360] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555558d93760, 24) = 0 [pid 365] chdir("./16") = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 365] write(1, "executing program\n", 18executing program ) = 18 [pid 365] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 365] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 365] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 365] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 365] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 365] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 365] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 365] memfd_create("syzkaller", 0) = 5 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 365] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 365] munmap(0x7effeaced000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 365] close(5) = 0 [pid 365] close(6) = 0 [pid 365] mkdir("./file0", 0777) = 0 [pid 365] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 365] chdir("./file0") = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_CLR_FD) = 0 [pid 365] close(6) = 0 [pid 365] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 365] write(6, "#! ./file1\n", 11) = 11 [pid 365] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [ 27.261830][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.290608][ T366] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-365: bg 0: block 234: padding at end of block bitmap is not set [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 27.306335][ T365] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.306347][ T366] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-365: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.306515][ T366] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-365: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 27.322295][ T365] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.336598][ T366] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-365: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.351439][ T365] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.366152][ T366] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-365: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 365] exit_group(0) = ? [pid 365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 27.381118][ T365] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.396163][ T366] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-365: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x555558d93760, 24) = 0 [pid 370] chdir("./17") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] write(1, "executing program\n", 18) = 18 [pid 370] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 370] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 370] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 370] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 370] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 370] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 370] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 370] memfd_create("syzkaller", 0) = 5 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 370] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 370] munmap(0x7effeaced000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 370] close(5) = 0 [pid 370] close(6) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_CLR_FD) = 0 [pid 370] close(6) = 0 [pid 370] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 370] write(6, "#! ./file1\n", 11) = 11 [pid 370] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.611788][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 27.651652][ T370] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [ 27.666914][ T370] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.666926][ T371] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-370: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.667283][ T371] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-370: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [ 27.682621][ T370] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.697167][ T371] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-370: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.711774][ T370] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 370] exit_group(0) = ? [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 27.726709][ T371] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-370: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.756600][ T370] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.771420][ T371] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-370: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x555558d93760, 24) = 0 [pid 375] chdir("./18") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 375] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 375] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 375] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 375] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 375] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 375] memfd_create("syzkaller", 0) = 5 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 375] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 375] munmap(0x7effeaced000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 375] close(5) = 0 [pid 375] close(6) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_CLR_FD) = 0 [pid 375] close(6) = 0 [pid 375] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 375] write(6, "#! ./file1\n", 11) = 11 [pid 375] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 27.931894][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.964857][ T376] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-375: bg 0: block 234: padding at end of block bitmap is not set [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [ 27.981606][ T375] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.981637][ T376] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-375: lblock 0 mapped to illegal pblock 62218 (length 1) [ 27.981812][ T376] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-375: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [ 27.997607][ T375] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.011720][ T376] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-375: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.026691][ T375] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 375] exit_group(0) = ? [pid 375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 28.041642][ T376] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-375: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.056440][ T375] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.071239][ T376] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-375: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555558d93760, 24) = 0 [pid 380] chdir("./19") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 380] write(1, "executing program\n", 18) = 18 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] memfd_create("syzkaller", 0) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7effeaced000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] write(6, "#! ./file1\n", 11) = 11 [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 380] exit_group(0) = ? [pid 380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 28.266975][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.296964][ T381] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-380: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x555558d93760, 24) = 0 [pid 385] chdir("./20") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18) = 18 [pid 385] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 385] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 385] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 385] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 385] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 385] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 385] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 385] memfd_create("syzkaller", 0) = 5 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 executing program [pid 385] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 385] munmap(0x7effeaced000, 138412032) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 385] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 385] close(5) = 0 [pid 385] close(6) = 0 [pid 385] mkdir("./file0", 0777) = 0 [pid 385] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 385] chdir("./file0") = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 385] ioctl(6, LOOP_CLR_FD) = 0 [pid 385] close(6) = 0 [pid 385] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 385] write(6, "#! ./file1\n", 11) = 11 [ 28.491846][ T385] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 385] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 385] exit_group(0) = ? [pid 385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 390 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x555558d93760, 24) = 0 [pid 390] chdir("./21") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [ 28.532263][ T386] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-385: bg 0: block 234: padding at end of block bitmap is not set [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 390] write(1, "executing program\n", 18executing program ) = 18 [pid 390] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 390] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 390] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 390] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 390] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 390] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 390] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 390] memfd_create("syzkaller", 0) = 5 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 390] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 390] munmap(0x7effeaced000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 390] close(5) = 0 [pid 390] close(6) = 0 [pid 390] mkdir("./file0", 0777) = 0 [pid 390] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 390] chdir("./file0") = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 390] ioctl(6, LOOP_CLR_FD) = 0 [pid 390] close(6) = 0 [pid 390] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 390] write(6, "#! ./file1\n", 11) = 11 [pid 390] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [ 28.621735][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.646151][ T391] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-390: bg 0: block 234: padding at end of block bitmap is not set [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [ 28.661965][ T390] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.661977][ T391] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-390: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.662149][ T391] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-390: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.677845][ T390] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 28.700868][ T391] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-390: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.706962][ T390] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.721746][ T391] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-390: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 390] exit_group(0) = ? [pid 390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 28.736744][ T390] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 28.751315][ T391] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-390: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x555558d93760, 24) = 0 [pid 395] chdir("./22") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] write(1, "executing program\n", 18) = 18 [pid 395] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 395] ioctl(3, VHOST_SET_OWNERexecuting program , 0) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 395] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 395] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 395] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 395] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 395] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 395] memfd_create("syzkaller", 0) = 5 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 395] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 395] munmap(0x7effeaced000, 138412032) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 395] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 395] close(5) = 0 [pid 395] close(6) = 0 [pid 395] mkdir("./file0", 0777) = 0 [pid 395] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 395] chdir("./file0") = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 395] ioctl(6, LOOP_CLR_FD) = 0 [pid 395] close(6) = 0 [pid 395] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 395] write(6, "#! ./file1\n", 11) = 11 [pid 395] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 395] exit_group(0) = ? [pid 395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=395, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 28.931836][ T395] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.955130][ T395] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 400 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x555558d93760, 24) = 0 [pid 400] chdir("./23") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 400] write(1, "executing program\n", 18) = 18 [pid 400] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 400] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 400] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 400] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 400] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 400] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 400] memfd_create("syzkaller", 0) = 5 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 400] munmap(0x7effeaced000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 400] close(5) = 0 [pid 400] close(6) = 0 [pid 400] mkdir("./file0", 0777) = 0 [pid 400] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_CLR_FD) = 0 [pid 400] close(6) = 0 [pid 400] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 400] write(6, "#! ./file1\n", 11) = 11 [pid 400] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 400] exit_group(0) = ? [pid 400] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=400, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 29.091836][ T400] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.115025][ T400] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x555558d93760, 24) = 0 [pid 405] chdir("./24") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 405] write(1, "executing program\n", 18executing program ) = 18 [pid 405] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 405] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 405] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 405] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 405] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 405] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 405] memfd_create("syzkaller", 0) = 5 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 405] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 405] munmap(0x7effeaced000, 138412032) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 405] close(5) = 0 [pid 405] close(6) = 0 [pid 405] mkdir("./file0", 0777) = 0 [pid 405] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 405] chdir("./file0") = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_CLR_FD) = 0 [pid 405] close(6) = 0 [pid 405] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 405] write(6, "#! ./file1\n", 11) = 11 [pid 405] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 29.312096][ T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.336499][ T406] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-405: bg 0: block 234: padding at end of block bitmap is not set [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [ 29.352735][ T405] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.352747][ T406] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-405: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.352909][ T406] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-405: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.397639][ T406] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-405: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.397794][ T405] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.412577][ T406] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-405: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.442269][ T406] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-405: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 405] exit_group(0) = ? [pid 405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 29.457065][ T406] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-405: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.471940][ T406] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-405: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 410 ./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x555558d93760, 24) = 0 [pid 410] chdir("./25") = 0 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] setpgid(0, 0) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3) = 0 [pid 410] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 410] write(1, "executing program\n", 18) = 18 [pid 410] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 410] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 410] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 410] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 410] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 410] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 410] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 410] memfd_create("syzkaller", 0) = 5 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 410] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 410] munmap(0x7effeaced000, 138412032) = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 410] close(5) = 0 [pid 410] close(6) = 0 [pid 410] mkdir("./file0", 0777) = 0 [pid 410] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 410] chdir("./file0") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_CLR_FD) = 0 [pid 410] close(6) = 0 [pid 410] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 410] write(6, "#! ./file1\n", 11) = 11 [pid 410] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 29.584424][ T410] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.619129][ T411] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-410: bg 0: block 234: padding at end of block bitmap is not set [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 29.634615][ T410] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.634627][ T411] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-410: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.634942][ T411] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-410: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 29.650477][ T410] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.664631][ T411] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-410: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.679584][ T410] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 410] exit_group(0) = ? [pid 410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 29.694559][ T411] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-410: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.709291][ T410] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 29.724251][ T411] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-410: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x555558d93760, 24) = 0 [pid 415] chdir("./26") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 415] write(1, "executing program\n", 18executing program ) = 18 [pid 415] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 415] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 415] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 415] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 415] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 415] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 415] memfd_create("syzkaller", 0) = 5 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 415] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 415] munmap(0x7effeaced000, 138412032) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 415] close(5) = 0 [pid 415] close(6) = 0 [pid 415] mkdir("./file0", 0777) = 0 [pid 415] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 415] chdir("./file0") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_CLR_FD) = 0 [pid 415] close(6) = 0 [pid 415] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 415] write(6, "#! ./file1\n", 11) = 11 [pid 415] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 415] exit_group(0) = ? [pid 415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 29.901609][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.926243][ T415] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 420 attached , child_tidptr=0x555558d93750) = 420 [pid 420] set_robust_list(0x555558d93760, 24) = 0 [pid 420] chdir("./27") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] write(1, "executing program\n", 18executing program ) = 18 [pid 420] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 420] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 420] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 420] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 420] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 420] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 420] memfd_create("syzkaller", 0) = 5 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 420] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 420] munmap(0x7effeaced000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 420] close(5) = 0 [pid 420] close(6) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 420] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 420] chdir("./file0") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_CLR_FD) = 0 [pid 420] close(6) = 0 [pid 420] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 420] write(6, "#! ./file1\n", 11) = 11 [pid 420] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [ 30.051836][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.079896][ T421] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-420: bg 0: block 234: padding at end of block bitmap is not set [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [ 30.097234][ T420] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 30.097246][ T421] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-420: lblock 0 mapped to illegal pblock 62218 (length 1) [ 30.097458][ T421] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-420: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 30.113113][ T420] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 30.127670][ T421] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-420: lblock 0 mapped to illegal pblock 62218 (length 1) [ 30.142379][ T420] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 30.157362][ T421] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-420: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 420] exit_group(0) = ? [pid 420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 30.172030][ T420] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 30.186783][ T421] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-420: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 425 ./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x555558d93760, 24) = 0 [pid 425] chdir("./28") = 0 [pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 425] setpgid(0, 0) = 0 [pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 425] write(3, "1000", 4) = 4 [pid 425] close(3) = 0 [pid 425] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 425] write(1, "executing program\n", 18) = 18 [pid 425] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 425] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 425] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 425] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 425] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 425] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 425] memfd_create("syzkaller", 0) = 5 [pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 425] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 425] munmap(0x7effeaced000, 138412032) = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 425] close(5) = 0 [pid 425] close(6) = 0 [pid 425] mkdir("./file0", 0777) = 0 [pid 425] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 425] chdir("./file0") = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_CLR_FD) = 0 [pid 425] close(6) = 0 [pid 425] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 425] write(6, "#! ./file1\n", 11) = 11 [pid 425] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 425] exit_group(0) = ? [pid 425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=425, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 30.335044][ T425] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.365910][ T426] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-425: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555558d93750) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x555558d93760, 24) = 0 [pid 430] chdir("./29") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] write(1, "executing program\n", 18) = 18 [pid 430] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 430] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 430] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 430] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 430] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 430] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 430] memfd_create("syzkaller", 0) = 5 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 430] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 430] munmap(0x7effeaced000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 430] close(5) = 0 [pid 430] close(6) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 430] chdir("./file0") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_CLR_FD) = 0 [pid 430] close(6) = 0 [pid 430] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 430] write(6, "#! ./file1\n", 11) = 11 [pid 430] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 30.501887][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 430] exit_group(0) = ? [pid 430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 30.542871][ T430] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x555558d93760, 24) = 0 [pid 435] chdir("./30") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] write(1, "executing program\n", 18) = 18 [pid 435] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 435] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 435] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 435] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 435] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 435] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 435] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 435] memfd_create("syzkaller", 0) = 5 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 435] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 435] munmap(0x7effeaced000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 435] close(5) = 0 [pid 435] close(6) = 0 [pid 435] mkdir("./file0", 0777) = 0 [pid 435] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_CLR_FD) = 0 [pid 435] close(6) = 0 [pid 435] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 435] write(6, "#! ./file1\n", 11) = 11 [pid 435] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 435] exit_group(0) = ? [pid 435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 30.691697][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.714865][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 440 ./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x555558d93760, 24) = 0 [pid 440] chdir("./31") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 440] write(1, "executing program\n", 18executing program ) = 18 [pid 440] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 440] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 440] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 440] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 440] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 440] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 440] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 440] memfd_create("syzkaller", 0) = 5 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 440] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7effeaced000, 138412032) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 440] close(5) = 0 [pid 440] close(6) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 440] write(6, "#! ./file1\n", 11) = 11 [pid 440] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 440] exit_group(0) = ? [pid 440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=440, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 30.861917][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.890414][ T440] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x555558d93760, 24) = 0 [pid 445] chdir("./32") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18executing program ) = 18 [pid 445] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 445] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 445] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 445] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 445] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 445] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 445] memfd_create("syzkaller", 0) = 5 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 445] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 445] munmap(0x7effeaced000, 138412032) = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 445] close(5) = 0 [pid 445] close(6) = 0 [pid 445] mkdir("./file0", 0777) = 0 [pid 445] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 445] chdir("./file0") = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_CLR_FD) = 0 [pid 445] close(6) = 0 [pid 445] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 445] write(6, "#! ./file1\n", 11) = 11 [pid 445] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [ 30.991833][ T445] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.019011][ T446] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-445: bg 0: block 234: padding at end of block bitmap is not set [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [ 31.035591][ T445] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.035604][ T446] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-445: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.035828][ T446] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-445: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 31.051268][ T445] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.065963][ T446] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-445: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.080868][ T445] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.095536][ T446] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-445: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 445] exit_group(0) = ? [pid 445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=445, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 31.110249][ T445] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.125314][ T446] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-445: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555558d93750) = 450 ./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x555558d93760, 24) = 0 [pid 450] chdir("./33") = 0 [pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 450] setpgid(0, 0) = 0 [pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 450] write(3, "1000", 4) = 4 [pid 450] close(3) = 0 [pid 450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 450] write(1, "executing program\n", 18) = 18 [pid 450] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 450] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 450] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 450] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 450] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 450] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 450] memfd_create("syzkaller", 0) = 5 [pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 450] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 450] munmap(0x7effeaced000, 138412032) = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 450] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 450] close(5) = 0 [pid 450] close(6) = 0 [pid 450] mkdir("./file0", 0777) = 0 [pid 450] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 450] chdir("./file0") = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 450] ioctl(6, LOOP_CLR_FD) = 0 [pid 450] close(6) = 0 [pid 450] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 450] write(6, "#! ./file1\n", 11) = 11 [pid 450] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 31.331899][ T450] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 450] exit_group(0) = ? [pid 450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=450, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 31.372749][ T451] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-450: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 455 ./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x555558d93760, 24) = 0 [pid 455] chdir("./34") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 455] write(1, "executing program\n", 18executing program ) = 18 [pid 455] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 455] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 455] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 455] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 455] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 455] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 455] memfd_create("syzkaller", 0) = 5 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 455] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 455] munmap(0x7effeaced000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 455] close(5) = 0 [pid 455] close(6) = 0 [pid 455] mkdir("./file0", 0777) = 0 [pid 455] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 455] chdir("./file0") = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_CLR_FD) = 0 [pid 455] close(6) = 0 [pid 455] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 455] write(6, "#! ./file1\n", 11) = 11 [pid 455] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 31.481743][ T455] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.508840][ T456] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-455: bg 0: block 234: padding at end of block bitmap is not set [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 31.524431][ T455] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.524443][ T456] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-455: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.524721][ T456] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-455: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 31.540220][ T455] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.554546][ T456] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-455: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.569405][ T455] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.584463][ T456] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-455: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 455] exit_group(0) = ? [pid 455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=455, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 31.599247][ T455] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 31.614028][ T456] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-455: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 460 ./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x555558d93760, 24) = 0 [pid 460] chdir("./35") = 0 [pid 460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 460] setpgid(0, 0) = 0 [pid 460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 460] write(3, "1000", 4) = 4 [pid 460] close(3) = 0 [pid 460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 460] write(1, "executing program\n", 18executing program ) = 18 [pid 460] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 460] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 460] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 460] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 460] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 460] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 460] memfd_create("syzkaller", 0) = 5 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 460] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 460] munmap(0x7effeaced000, 138412032) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 460] close(5) = 0 [pid 460] close(6) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 460] chdir("./file0") = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_CLR_FD) = 0 [pid 460] close(6) = 0 [pid 460] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 460] write(6, "#! ./file1\n", 11) = 11 [pid 460] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 460] exit_group(0) = ? [pid 460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=460, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 31.791978][ T460] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.820137][ T461] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-460: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x555558d93760, 24) = 0 [pid 465] chdir("./36") = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 465] write(1, "executing program\n", 18) = 18 [pid 465] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 465] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 465] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 465] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 465] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 465] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 465] memfd_create("syzkaller", 0) = 5 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 465] munmap(0x7effeaced000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 465] close(5) = 0 [pid 465] close(6) = 0 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] close(6) = 0 [pid 465] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 465] write(6, "#! ./file1\n", 11) = 11 [pid 465] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 465] exit_group(0) = ? [pid 465] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=465, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 31.951990][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.978766][ T465] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 470 ./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x555558d93760, 24) = 0 [pid 470] chdir("./37") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 470] write(1, "executing program\n", 18executing program ) = 18 [pid 470] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 470] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 470] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 470] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 470] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 470] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 470] memfd_create("syzkaller", 0) = 5 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 470] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 470] munmap(0x7effeaced000, 138412032) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 470] close(5) = 0 [pid 470] close(6) = 0 [pid 470] mkdir("./file0", 0777) = 0 [pid 470] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 470] chdir("./file0") = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_CLR_FD) = 0 [pid 470] close(6) = 0 [pid 470] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 470] write(6, "#! ./file1\n", 11) = 11 [pid 470] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 470] exit_group(0) = ? [pid 470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=470, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 32.141857][ T470] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.171097][ T471] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-470: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555558d93750) = 475 ./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x555558d93760, 24) = 0 [pid 475] chdir("./38") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 475] write(1, "executing program\n", 18) = 18 [pid 475] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 475] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 475] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 475] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 475] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 475] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 475] memfd_create("syzkaller", 0) = 5 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 475] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 475] munmap(0x7effeaced000, 138412032) = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 475] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 475] close(5) = 0 [pid 475] close(6) = 0 [pid 475] mkdir("./file0", 0777) = 0 [pid 475] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 475] chdir("./file0") = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 475] ioctl(6, LOOP_CLR_FD) = 0 [pid 475] close(6) = 0 [pid 475] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 475] write(6, "#! ./file1\n", 11) = 11 [pid 475] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 32.381765][ T475] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 475] exit_group(0) = ? [pid 475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=475, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 32.422556][ T476] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-475: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 480 attached , child_tidptr=0x555558d93750) = 480 [pid 480] set_robust_list(0x555558d93760, 24) = 0 [pid 480] chdir("./39") = 0 [pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 480] setpgid(0, 0) = 0 [pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 480] write(3, "1000", 4) = 4 [pid 480] close(3) = 0 [pid 480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 480] write(1, "executing program\n", 18executing program ) = 18 [pid 480] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 480] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 480] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 480] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 480] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 480] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 480] memfd_create("syzkaller", 0) = 5 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 480] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 480] munmap(0x7effeaced000, 138412032) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 480] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 480] close(5) = 0 [pid 480] close(6) = 0 [pid 480] mkdir("./file0", 0777) = 0 [pid 480] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 480] chdir("./file0") = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 480] ioctl(6, LOOP_CLR_FD) = 0 [pid 480] close(6) = 0 [pid 480] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 480] write(6, "#! ./file1\n", 11) = 11 [pid 480] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [ 32.541751][ T480] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.570242][ T481] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-480: bg 0: block 234: padding at end of block bitmap is not set [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 480] exit_group(0) = ? [ 32.588929][ T480] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 32.588940][ T481] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-480: lblock 0 mapped to illegal pblock 62218 (length 1) [ 32.589144][ T481] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-480: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=480, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 32.633523][ T481] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-480: lblock 0 mapped to illegal pblock 62218 (length 1) [ 32.648341][ T481] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-480: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 485 attached , child_tidptr=0x555558d93750) = 485 [pid 485] set_robust_list(0x555558d93760, 24) = 0 [pid 485] chdir("./40") = 0 [pid 485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 485] setpgid(0, 0) = 0 [pid 485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 485] write(3, "1000", 4) = 4 [pid 485] close(3) = 0 [pid 485] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 485] write(1, "executing program\n", 18) = 18 [pid 485] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 485] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 485] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 485] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 485] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 485] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 485] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 485] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 485] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 485] memfd_create("syzkaller", 0) = 5 [pid 485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 485] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 485] munmap(0x7effeaced000, 138412032) = 0 [pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 485] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 485] close(5) = 0 [pid 485] close(6) = 0 [pid 485] mkdir("./file0", 0777) = 0 [pid 485] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 485] chdir("./file0") = 0 [pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 485] ioctl(6, LOOP_CLR_FD) = 0 [pid 485] close(6) = 0 [pid 485] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 485] write(6, "#! ./file1\n", 11) = 11 [pid 485] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 485] exit_group(0) = ? [pid 485] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=485, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 32.782592][ T485] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.811358][ T486] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-485: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 490 ./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x555558d93760, 24) = 0 [pid 490] chdir("./41") = 0 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 490] setpgid(0, 0) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 490] write(3, "1000", 4) = 4 [pid 490] close(3) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 490] write(1, "executing program\n", 18executing program ) = 18 [pid 490] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 490] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 490] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 490] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 490] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 490] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 490] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 490] memfd_create("syzkaller", 0) = 5 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 490] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 490] munmap(0x7effeaced000, 138412032) = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 490] close(5) = 0 [pid 490] close(6) = 0 [pid 490] mkdir("./file0", 0777) = 0 [pid 490] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 490] chdir("./file0") = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_CLR_FD) = 0 [pid 490] close(6) = 0 [pid 490] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 490] write(6, "#! ./file1\n", 11) = 11 [pid 490] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 490] exit_group(0) = ? [pid 490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 32.942047][ T490] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.971922][ T490] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 495 attached , child_tidptr=0x555558d93750) = 495 [pid 495] set_robust_list(0x555558d93760, 24) = 0 [pid 495] chdir("./42") = 0 [pid 495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 495] setpgid(0, 0) = 0 [pid 495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 495] write(3, "1000", 4) = 4 [pid 495] close(3) = 0 [pid 495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 495] write(1, "executing program\n", 18executing program ) = 18 [pid 495] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 495] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 495] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 495] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 495] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 495] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 495] memfd_create("syzkaller", 0) = 5 [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 495] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 495] munmap(0x7effeaced000, 138412032) = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 495] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 495] close(5) = 0 [pid 495] close(6) = 0 [pid 495] mkdir("./file0", 0777) = 0 [pid 495] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 495] chdir("./file0") = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 495] ioctl(6, LOOP_CLR_FD) = 0 [pid 495] close(6) = 0 [pid 495] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 495] write(6, "#! ./file1\n", 11) = 11 [pid 495] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 495] exit_group(0) = ? [pid 495] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=495, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 33.141641][ T495] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.169951][ T496] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-495: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 500 attached , child_tidptr=0x555558d93750) = 500 [pid 500] set_robust_list(0x555558d93760, 24) = 0 [pid 500] chdir("./43") = 0 [pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 500] setpgid(0, 0) = 0 [pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 500] write(3, "1000", 4) = 4 [pid 500] close(3) = 0 [pid 500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 500] write(1, "executing program\n", 18executing program ) = 18 [pid 500] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 500] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 500] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 500] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 500] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 500] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 500] memfd_create("syzkaller", 0) = 5 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 500] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 500] munmap(0x7effeaced000, 138412032) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 500] close(5) = 0 [pid 500] close(6) = 0 [pid 500] mkdir("./file0", 0777) = 0 [pid 500] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 500] chdir("./file0") = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_CLR_FD) = 0 [pid 500] close(6) = 0 [pid 500] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 500] write(6, "#! ./file1\n", 11) = 11 [pid 500] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 500] exit_group(0) = ? [pid 500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=500, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 33.301824][ T500] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.331170][ T501] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-500: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x555558d93760, 24) = 0 [pid 505] chdir("./44") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 505] write(1, "executing program\n", 18executing program ) = 18 [pid 505] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 505] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 505] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 505] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 505] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 505] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 505] memfd_create("syzkaller", 0) = 5 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 505] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 505] munmap(0x7effeaced000, 138412032) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 505] close(5) = 0 [pid 505] close(6) = 0 [pid 505] mkdir("./file0", 0777) = 0 [pid 505] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 505] chdir("./file0") = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_CLR_FD) = 0 [pid 505] close(6) = 0 [pid 505] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 505] write(6, "#! ./file1\n", 11) = 11 [pid 505] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [ 33.501828][ T505] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.530488][ T506] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-505: bg 0: block 234: padding at end of block bitmap is not set [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 33.545158][ T505] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 33.545172][ T506] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-505: lblock 0 mapped to illegal pblock 62218 (length 1) [ 33.545420][ T506] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-505: lblock 0 mapped to illegal pblock 62218 (length 1) [ 33.561036][ T505] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 33.575317][ T506] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-505: lblock 0 mapped to illegal pblock 62218 (length 1) [ 33.590982][ T505] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 33.605606][ T506] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-505: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 505] exit_group(0) = ? [pid 505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 33.649537][ T506] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-505: lblock 0 mapped to illegal pblock 62218 (length 1) [ 33.664306][ T506] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-505: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 510 ./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x555558d93760, 24) = 0 [pid 510] chdir("./45") = 0 [pid 510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 510] setpgid(0, 0) = 0 [pid 510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 510] write(3, "1000", 4) = 4 [pid 510] close(3) = 0 [pid 510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 510] write(1, "executing program\n", 18) = 18 [pid 510] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 510] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 510] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 510] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 510] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 510] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 510] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 510] memfd_create("syzkaller", 0) = 5 [pid 510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 510] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 510] munmap(0x7effeaced000, 138412032) = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 510] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 510] close(5) = 0 [pid 510] close(6) = 0 [pid 510] mkdir("./file0", 0777) = 0 [pid 510] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 510] chdir("./file0") = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 510] ioctl(6, LOOP_CLR_FD) = 0 [pid 510] close(6) = 0 [pid 510] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 510] write(6, "#! ./file1\n", 11) = 11 [pid 510] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.861921][ T510] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 510] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 510] exit_group(0) = ? [pid 510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=510, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 33.902285][ T511] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-510: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 515 ./strace-static-x86_64: Process 515 attached [pid 515] set_robust_list(0x555558d93760, 24) = 0 [pid 515] chdir("./46") = 0 [pid 515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 515] setpgid(0, 0) = 0 [pid 515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 515] write(3, "1000", 4) = 4 [pid 515] close(3) = 0 [pid 515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 515] write(1, "executing program\n", 18) = 18 [pid 515] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 515] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 515] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 515] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 515] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 515] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 515] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 515] memfd_create("syzkaller", 0) = 5 [pid 515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 515] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 515] munmap(0x7effeaced000, 138412032) = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 515] close(5) = 0 [pid 515] close(6) = 0 [pid 515] mkdir("./file0", 0777) = 0 [pid 515] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 515] chdir("./file0") = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_CLR_FD) = 0 [pid 515] close(6) = 0 [pid 515] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 515] write(6, "#! ./file1\n", 11) = 11 [pid 515] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 515] exit_group(0) = ? [pid 515] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=515, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 34.051807][ T515] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.075371][ T515] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x555558d93760, 24) = 0 [pid 520] chdir("./47") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] write(1, "executing program\n", 18executing program ) = 18 [pid 520] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 520] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 520] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 520] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 520] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 520] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 520] memfd_create("syzkaller", 0) = 5 [pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 520] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 520] munmap(0x7effeaced000, 138412032) = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 520] close(5) = 0 [pid 520] close(6) = 0 [pid 520] mkdir("./file0", 0777) = 0 [pid 520] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 520] chdir("./file0") = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_CLR_FD) = 0 [pid 520] close(6) = 0 [pid 520] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 520] write(6, "#! ./file1\n", 11) = 11 [pid 520] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [ 34.178927][ T520] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.200806][ T520] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 34.219280][ T520] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.219422][ T521] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-520: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.249295][ T521] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-520: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.249555][ T520] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 520] exit_group(0) = ? [ 34.264551][ T521] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-520: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.294008][ T521] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-520: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.308844][ T521] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-520: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=520, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 34.323580][ T521] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-520: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 525 ./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x555558d93760, 24) = 0 [pid 525] chdir("./48") = 0 [pid 525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 525] setpgid(0, 0) = 0 [pid 525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 525] write(3, "1000", 4) = 4 [pid 525] close(3) = 0 [pid 525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 525] write(1, "executing program\n", 18executing program ) = 18 [pid 525] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 525] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 525] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 525] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 525] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 525] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 525] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 525] memfd_create("syzkaller", 0) = 5 [pid 525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 525] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 525] munmap(0x7effeaced000, 138412032) = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 525] close(5) = 0 [pid 525] close(6) = 0 [pid 525] mkdir("./file0", 0777) = 0 [pid 525] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 525] chdir("./file0") = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 525] ioctl(6, LOOP_CLR_FD) = 0 [pid 525] close(6) = 0 [pid 525] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 525] write(6, "#! ./file1\n", 11) = 11 [pid 525] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 525] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 525] exit_group(0) = ? [pid 525] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=525, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 34.452055][ T525] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.481022][ T525] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 530 ./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x555558d93760, 24) = 0 [pid 530] chdir("./49") = 0 [pid 530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 530] setpgid(0, 0) = 0 [pid 530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 530] write(3, "1000", 4) = 4 [pid 530] close(3) = 0 [pid 530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 530] write(1, "executing program\n", 18executing program ) = 18 [pid 530] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 530] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 530] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 530] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 530] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 530] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 530] memfd_create("syzkaller", 0) = 5 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 530] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 530] munmap(0x7effeaced000, 138412032) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 530] close(5) = 0 [pid 530] close(6) = 0 [pid 530] mkdir("./file0", 0777) = 0 [pid 530] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 530] chdir("./file0") = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_CLR_FD) = 0 [pid 530] close(6) = 0 [pid 530] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 530] write(6, "#! ./file1\n", 11) = 11 [pid 530] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [ 34.582022][ T530] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.611078][ T531] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-530: bg 0: block 234: padding at end of block bitmap is not set [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 34.626803][ T530] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.626815][ T531] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-530: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.627039][ T531] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-530: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [ 34.642965][ T530] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.656844][ T531] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-530: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.671907][ T530] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.686672][ T531] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-530: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 530] exit_group(0) = ? [pid 530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=530, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 34.730974][ T531] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-530: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.745824][ T531] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-530: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 535 ./strace-static-x86_64: Process 535 attached [pid 535] set_robust_list(0x555558d93760, 24) = 0 [pid 535] chdir("./50") = 0 [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 535] setpgid(0, 0) = 0 [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 535] write(3, "1000", 4) = 4 [pid 535] close(3) = 0 [pid 535] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 535] write(1, "executing program\n", 18) = 18 [pid 535] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 535] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 535] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 535] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 535] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 535] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 535] memfd_create("syzkaller", 0) = 5 [pid 535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 535] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 535] munmap(0x7effeaced000, 138412032) = 0 [pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 535] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 535] close(5) = 0 [pid 535] close(6) = 0 [pid 535] mkdir("./file0", 0777) = 0 [pid 535] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 535] chdir("./file0") = 0 [pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 535] ioctl(6, LOOP_CLR_FD) = 0 [pid 535] close(6) = 0 [pid 535] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 535] write(6, "#! ./file1\n", 11) = 11 [pid 535] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [ 34.851816][ T535] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.878815][ T535] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [ 34.895429][ T535] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.895442][ T536] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-535: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.895632][ T536] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-535: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 34.911454][ T535] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.925511][ T536] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-535: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.940377][ T535] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.955313][ T536] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-535: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 535] exit_group(0) = ? [pid 535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=535, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 34.970149][ T535] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 34.984846][ T536] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-535: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 540 ./strace-static-x86_64: Process 540 attached [pid 540] set_robust_list(0x555558d93760, 24) = 0 [pid 540] chdir("./51") = 0 [pid 540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 540] setpgid(0, 0) = 0 [pid 540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 540] write(3, "1000", 4) = 4 [pid 540] close(3) = 0 [pid 540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 540] write(1, "executing program\n", 18executing program ) = 18 [pid 540] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 540] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 540] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 540] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 540] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 540] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 540] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 540] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 540] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 540] memfd_create("syzkaller", 0) = 5 [pid 540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 540] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 540] munmap(0x7effeaced000, 138412032) = 0 [pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 540] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 540] close(5) = 0 [pid 540] close(6) = 0 [pid 540] mkdir("./file0", 0777) = 0 [pid 540] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 540] chdir("./file0") = 0 [pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 540] ioctl(6, LOOP_CLR_FD) = 0 [pid 540] close(6) = 0 [pid 540] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 540] write(6, "#! ./file1\n", 11) = 11 [pid 540] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 540] exit_group(0) = ? [pid 540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=540, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 35.141806][ T540] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.169946][ T541] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-540: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 545 ./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x555558d93760, 24) = 0 [pid 545] chdir("./52") = 0 [pid 545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 545] setpgid(0, 0) = 0 [pid 545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 545] write(3, "1000", 4) = 4 [pid 545] close(3) = 0 [pid 545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 545] write(1, "executing program\n", 18executing program ) = 18 [pid 545] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 545] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 545] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 545] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 545] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 545] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 545] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 545] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 545] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 545] memfd_create("syzkaller", 0) = 5 [pid 545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 545] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 545] munmap(0x7effeaced000, 138412032) = 0 [pid 545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 545] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 545] close(5) = 0 [pid 545] close(6) = 0 [pid 545] mkdir("./file0", 0777) = 0 [pid 545] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 545] chdir("./file0") = 0 [pid 545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 545] ioctl(6, LOOP_CLR_FD) = 0 [pid 545] close(6) = 0 [pid 545] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 545] write(6, "#! ./file1\n", 11) = 11 [pid 545] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 545] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 545] exit_group(0) = ? [pid 545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=545, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 35.281792][ T545] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.310853][ T546] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-545: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 550 ./strace-static-x86_64: Process 550 attached [pid 550] set_robust_list(0x555558d93760, 24) = 0 [pid 550] chdir("./53") = 0 [pid 550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 550] setpgid(0, 0) = 0 [pid 550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 550] write(3, "1000", 4) = 4 [pid 550] close(3) = 0 [pid 550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 550] write(1, "executing program\n", 18executing program ) = 18 [pid 550] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 550] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 550] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 550] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 550] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 550] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 550] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 550] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 550] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 550] memfd_create("syzkaller", 0) = 5 [pid 550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 550] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 550] munmap(0x7effeaced000, 138412032) = 0 [pid 550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 550] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 550] close(5) = 0 [pid 550] close(6) = 0 [pid 550] mkdir("./file0", 0777) = 0 [pid 550] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 550] chdir("./file0") = 0 [pid 550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 550] ioctl(6, LOOP_CLR_FD) = 0 [pid 550] close(6) = 0 [pid 550] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 550] write(6, "#! ./file1\n", 11) = 11 [pid 550] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 35.391709][ T550] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 550] exit_group(0) = ? [pid 550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=550, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 35.431580][ T550] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 555 ./strace-static-x86_64: Process 555 attached [pid 555] set_robust_list(0x555558d93760, 24) = 0 [pid 555] chdir("./54") = 0 [pid 555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 555] setpgid(0, 0) = 0 [pid 555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 555] write(3, "1000", 4) = 4 [pid 555] close(3) = 0 [pid 555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 555] write(1, "executing program\n", 18executing program ) = 18 [pid 555] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 555] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 555] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 555] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 555] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 555] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 555] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 555] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 555] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 555] memfd_create("syzkaller", 0) = 5 [pid 555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 555] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 555] munmap(0x7effeaced000, 138412032) = 0 [pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 555] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 555] close(5) = 0 [pid 555] close(6) = 0 [pid 555] mkdir("./file0", 0777) = 0 [pid 555] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 555] chdir("./file0") = 0 [pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 555] ioctl(6, LOOP_CLR_FD) = 0 [pid 555] close(6) = 0 [pid 555] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 555] write(6, "#! ./file1\n", 11) = 11 [pid 555] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 35.651686][ T555] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 555] exit_group(0) = ? [pid 555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=555, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 35.689565][ T556] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-555: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 560 ./strace-static-x86_64: Process 560 attached [pid 560] set_robust_list(0x555558d93760, 24) = 0 [pid 560] chdir("./55") = 0 [pid 560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 560] setpgid(0, 0) = 0 [pid 560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 560] write(3, "1000", 4) = 4 [pid 560] close(3) = 0 [pid 560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 560] write(1, "executing program\n", 18executing program ) = 18 [pid 560] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 560] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 560] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 560] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 560] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 560] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 560] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 560] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 560] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 560] memfd_create("syzkaller", 0) = 5 [pid 560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 560] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 560] munmap(0x7effeaced000, 138412032) = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 560] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 560] close(5) = 0 [pid 560] close(6) = 0 [pid 560] mkdir("./file0", 0777) = 0 [pid 560] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 560] chdir("./file0") = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 560] ioctl(6, LOOP_CLR_FD) = 0 [pid 560] close(6) = 0 [pid 560] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 560] write(6, "#! ./file1\n", 11) = 11 [pid 560] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 560] exit_group(0) = ? [pid 560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=560, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 35.811949][ T560] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.841278][ T561] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-560: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 565 ./strace-static-x86_64: Process 565 attached [pid 565] set_robust_list(0x555558d93760, 24) = 0 [pid 565] chdir("./56") = 0 [pid 565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 565] setpgid(0, 0) = 0 [pid 565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 565] write(3, "1000", 4) = 4 [pid 565] close(3) = 0 [pid 565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 565] write(1, "executing program\n", 18executing program ) = 18 [pid 565] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 565] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 565] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 565] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 565] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 565] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 565] memfd_create("syzkaller", 0) = 5 [pid 565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 565] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 565] munmap(0x7effeaced000, 138412032) = 0 [pid 565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 565] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 565] close(5) = 0 [pid 565] close(6) = 0 [pid 565] mkdir("./file0", 0777) = 0 [pid 565] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 565] chdir("./file0") = 0 [pid 565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 565] ioctl(6, LOOP_CLR_FD) = 0 [pid 565] close(6) = 0 [pid 565] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 565] write(6, "#! ./file1\n", 11) = 11 [pid 565] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 35.981759][ T565] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.006471][ T565] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 36.022100][ T565] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.022111][ T566] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-565: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.022336][ T566] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-565: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.037989][ T565] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 36.060838][ T566] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-565: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.067100][ T565] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.081958][ T566] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-565: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 565] exit_group(0) = ? [pid 565] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=565, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 36.096747][ T565] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.111655][ T566] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-565: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 570 ./strace-static-x86_64: Process 570 attached [pid 570] set_robust_list(0x555558d93760, 24) = 0 [pid 570] chdir("./57") = 0 [pid 570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 570] setpgid(0, 0) = 0 [pid 570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 570] write(3, "1000", 4) = 4 [pid 570] close(3) = 0 [pid 570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 570] write(1, "executing program\n", 18) = 18 [pid 570] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 570] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 570] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 570] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 570] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 570] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 570] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 570] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 570] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 570] memfd_create("syzkaller", 0) = 5 [pid 570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 570] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 570] munmap(0x7effeaced000, 138412032) = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 570] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 570] close(5) = 0 [pid 570] close(6) = 0 [pid 570] mkdir("./file0", 0777) = 0 [pid 570] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 570] chdir("./file0") = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 570] ioctl(6, LOOP_CLR_FD) = 0 [pid 570] close(6) = 0 [pid 570] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 570] write(6, "#! ./file1\n", 11) = 11 [pid 570] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 570] exit_group(0) = ? [pid 570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=570, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 36.258784][ T570] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.286692][ T571] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-570: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 575 ./strace-static-x86_64: Process 575 attached [pid 575] set_robust_list(0x555558d93760, 24) = 0 [pid 575] chdir("./58") = 0 [pid 575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 575] setpgid(0, 0) = 0 [pid 575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 575] write(3, "1000", 4) = 4 [pid 575] close(3) = 0 [pid 575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 575] write(1, "executing program\n", 18executing program ) = 18 [pid 575] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 575] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 575] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 575] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 575] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 575] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 575] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 575] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 575] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 575] memfd_create("syzkaller", 0) = 5 [pid 575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 575] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 575] munmap(0x7effeaced000, 138412032) = 0 [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 575] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 575] close(5) = 0 [pid 575] close(6) = 0 [pid 575] mkdir("./file0", 0777) = 0 [pid 575] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 575] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 575] chdir("./file0") = 0 [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 575] ioctl(6, LOOP_CLR_FD) = 0 [pid 575] close(6) = 0 [pid 575] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 575] write(6, "#! ./file1\n", 11) = 11 [pid 575] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 36.381723][ T575] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.405495][ T575] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 36.421052][ T575] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.421064][ T576] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-575: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.421277][ T576] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-575: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.451453][ T575] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [ 36.465812][ T576] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-575: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.481184][ T575] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.495548][ T576] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-575: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 575] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 575] exit_group(0) = ? [pid 575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=575, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 36.510775][ T575] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 36.525231][ T576] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-575: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 580 ./strace-static-x86_64: Process 580 attached [pid 580] set_robust_list(0x555558d93760, 24) = 0 [pid 580] chdir("./59") = 0 [pid 580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 580] setpgid(0, 0) = 0 [pid 580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 580] write(3, "1000", 4) = 4 [pid 580] close(3) = 0 [pid 580] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 580] write(1, "executing program\n", 18) = 18 [pid 580] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 580] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 580] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 580] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 580] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 580] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 580] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 580] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 580] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 580] memfd_create("syzkaller", 0) = 5 [pid 580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 580] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 580] munmap(0x7effeaced000, 138412032) = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 580] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 580] close(5) = 0 [pid 580] close(6) = 0 [pid 580] mkdir("./file0", 0777) = 0 [pid 580] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 580] chdir("./file0") = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 580] ioctl(6, LOOP_CLR_FD) = 0 [pid 580] close(6) = 0 [pid 580] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 580] write(6, "#! ./file1\n", 11) = 11 [pid 580] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 580] exit_group(0) = ? [pid 580] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=580, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 36.821659][ T580] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.845864][ T580] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 585 ./strace-static-x86_64: Process 585 attached [pid 585] set_robust_list(0x555558d93760, 24) = 0 [pid 585] chdir("./60") = 0 [pid 585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 585] setpgid(0, 0) = 0 [pid 585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 585] write(3, "1000", 4) = 4 [pid 585] close(3) = 0 [pid 585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 585] write(1, "executing program\n", 18executing program ) = 18 [pid 585] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 585] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 585] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 585] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 585] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 585] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 585] memfd_create("syzkaller", 0) = 5 [pid 585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 585] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 585] munmap(0x7effeaced000, 138412032) = 0 [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 585] close(5) = 0 [pid 585] close(6) = 0 [pid 585] mkdir("./file0", 0777) = 0 [pid 585] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 585] chdir("./file0") = 0 [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_CLR_FD) = 0 [pid 585] close(6) = 0 [pid 585] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 585] write(6, "#! ./file1\n", 11) = 11 [pid 585] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [ 37.061765][ T585] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.086076][ T585] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 37.102439][ T585] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 37.102451][ T586] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-585: lblock 0 mapped to illegal pblock 62218 (length 1) [ 37.132341][ T585] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 37.132568][ T586] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-585: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [ 37.148082][ T585] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 37.162618][ T586] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-585: lblock 0 mapped to illegal pblock 62218 (length 1) [ 37.177722][ T585] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 585] exit_group(0) = ? [pid 585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=585, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 37.192282][ T586] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-585: lblock 0 mapped to illegal pblock 62218 (length 1) [ 37.207415][ T585] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 590 ./strace-static-x86_64: Process 590 attached [pid 590] set_robust_list(0x555558d93760, 24) = 0 [pid 590] chdir("./61") = 0 [pid 590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 590] setpgid(0, 0) = 0 [pid 590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 590] write(3, "1000", 4) = 4 [pid 590] close(3) = 0 [pid 590] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 590] write(1, "executing program\n", 18) = 18 [pid 590] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 590] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 590] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 590] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 590] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 590] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 590] memfd_create("syzkaller", 0) = 5 [pid 590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 590] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 590] munmap(0x7effeaced000, 138412032) = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 590] close(5) = 0 [pid 590] close(6) = 0 [pid 590] mkdir("./file0", 0777) = 0 [pid 590] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 590] chdir("./file0") = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_CLR_FD) = 0 [pid 590] close(6) = 0 [pid 590] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 590] write(6, "#! ./file1\n", 11) = 11 [pid 590] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 590] exit_group(0) = ? [pid 590] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=590, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 37.401715][ T590] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.429658][ T591] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-590: bg 0: block 234: padding at end of block bitmap is not set umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 595 attached , child_tidptr=0x555558d93750) = 595 [pid 595] set_robust_list(0x555558d93760, 24) = 0 [pid 595] chdir("./62") = 0 [pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 595] setpgid(0, 0) = 0 [pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 595] write(3, "1000", 4) = 4 [pid 595] close(3) = 0 [pid 595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 595] write(1, "executing program\n", 18executing program ) = 18 [pid 595] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 595] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 595] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 595] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 595] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 595] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 595] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 595] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 595] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 595] memfd_create("syzkaller", 0) = 5 [pid 595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 595] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 595] munmap(0x7effeaced000, 138412032) = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 595] close(5) = 0 [pid 595] close(6) = 0 [pid 595] mkdir("./file0", 0777) = 0 [pid 595] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 595] chdir("./file0") = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_CLR_FD) = 0 [pid 595] close(6) = 0 [pid 595] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 595] write(6, "#! ./file1\n", 11) = 11 [pid 595] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 595] exit_group(0) = ? [pid 595] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=595, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 37.541676][ T595] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.565206][ T595] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 600 attached , child_tidptr=0x555558d93750) = 600 [pid 600] set_robust_list(0x555558d93760, 24) = 0 [pid 600] chdir("./63") = 0 [pid 600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 600] setpgid(0, 0) = 0 [pid 600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 600] write(3, "1000", 4) = 4 [pid 600] close(3) = 0 [pid 600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 600] write(1, "executing program\n", 18executing program ) = 18 [pid 600] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 600] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 600] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 600] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 600] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 600] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 600] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 600] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 600] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 600] memfd_create("syzkaller", 0) = 5 [pid 600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 600] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 600] munmap(0x7effeaced000, 138412032) = 0 [pid 600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 600] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 600] close(5) = 0 [pid 600] close(6) = 0 [pid 600] mkdir("./file0", 0777) = 0 [pid 600] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 600] chdir("./file0") = 0 [pid 600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 600] ioctl(6, LOOP_CLR_FD) = 0 [pid 600] close(6) = 0 [pid 600] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 600] write(6, "#! ./file1\n", 11) = 11 [pid 600] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 600] exit_group(0) = ? [pid 600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=600, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 37.741858][ T600] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.770548][ T601] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-600: bg 0: block 234: padding at end of block bitmap is not set umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 605 ./strace-static-x86_64: Process 605 attached [pid 605] set_robust_list(0x555558d93760, 24) = 0 [pid 605] chdir("./64") = 0 [pid 605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 605] setpgid(0, 0) = 0 [pid 605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 605] write(3, "1000", 4) = 4 [pid 605] close(3) = 0 [pid 605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 605] write(1, "executing program\n", 18) = 18 [pid 605] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 605] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 605] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 605] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 605] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 605] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 605] memfd_create("syzkaller", 0) = 5 [pid 605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 605] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 605] munmap(0x7effeaced000, 138412032) = 0 [pid 605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 605] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 605] close(5) = 0 [pid 605] close(6) = 0 [pid 605] mkdir("./file0", 0777) = 0 [pid 605] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 605] chdir("./file0") = 0 [pid 605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 605] ioctl(6, LOOP_CLR_FD) = 0 [pid 605] close(6) = 0 [pid 605] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 605] write(6, "#! ./file1\n", 11) = 11 [pid 605] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [ 37.941582][ T605] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.972630][ T606] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-605: bg 0: block 234: padding at end of block bitmap is not set [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [ 37.990761][ T605] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 37.990984][ T606] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-605: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.011006][ T605] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 605] exit_group(0) = ? [ 38.021088][ T606] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-605: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.050707][ T606] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-605: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.065552][ T606] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-605: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 605] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=605, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 38.080312][ T606] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-605: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.095055][ T606] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-605: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 610 ./strace-static-x86_64: Process 610 attached [pid 610] set_robust_list(0x555558d93760, 24) = 0 [pid 610] chdir("./65") = 0 [pid 610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 610] setpgid(0, 0) = 0 [pid 610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 610] write(3, "1000", 4) = 4 [pid 610] close(3) = 0 [pid 610] symlink("/dev/binderfs", "./binderfs") = 0 [pid 610] write(1, "executing program\n", 18) = 18 [pid 610] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 610] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 610] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 610] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 610] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 610] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 610] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 610] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 610] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 610] memfd_create("syzkaller", 0) = 5 [pid 610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 610] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 610] munmap(0x7effeaced000, 138412032) = 0 [pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 610] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 610] close(5) = 0 [pid 610] close(6) = 0 [pid 610] mkdir("./file0", 0777) = 0 [pid 610] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 610] chdir("./file0") = 0 [pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 610] ioctl(6, LOOP_CLR_FD) = 0 [pid 610] close(6) = 0 [pid 610] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 610] write(6, "#! ./file1\n", 11) = 11 [pid 610] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 38.201888][ T610] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 610] exit_group(0) = ? [pid 610] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=610, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 38.241757][ T611] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-610: bg 0: block 234: padding at end of block bitmap is not set umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 615 ./strace-static-x86_64: Process 615 attached [pid 615] set_robust_list(0x555558d93760, 24) = 0 [pid 615] chdir("./66") = 0 [pid 615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 615] setpgid(0, 0) = 0 [pid 615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 615] write(3, "1000", 4) = 4 [pid 615] close(3) = 0 [pid 615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 615] write(1, "executing program\n", 18) = 18 [pid 615] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 615] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 615] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 615] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 615] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 615] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 615] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 615] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 615] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 615] memfd_create("syzkaller", 0) = 5 [pid 615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 615] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 615] munmap(0x7effeaced000, 138412032) = 0 [pid 615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 615] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 615] close(5) = 0 [pid 615] close(6) = 0 [pid 615] mkdir("./file0", 0777) = 0 [pid 615] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 615] chdir("./file0") = 0 [pid 615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 615] ioctl(6, LOOP_CLR_FD) = 0 [pid 615] close(6) = 0 [pid 615] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 615] write(6, "#! ./file1\n", 11) = 11 [pid 615] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 38.381956][ T615] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [ 38.423134][ T615] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [ 38.439270][ T615] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.439283][ T616] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-615: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 38.439490][ T616] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-615: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.455490][ T615] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.469167][ T616] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-615: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 615] exit_group(0) = ? [pid 615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=615, si_uid=0, si_status=0, si_utime=1, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 38.484315][ T615] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.498817][ T616] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-615: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.514074][ T615] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.528619][ T616] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-615: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 620 ./strace-static-x86_64: Process 620 attached [pid 620] set_robust_list(0x555558d93760, 24) = 0 [pid 620] chdir("./67") = 0 [pid 620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 620] setpgid(0, 0) = 0 [pid 620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 620] write(3, "1000", 4) = 4 [pid 620] close(3) = 0 [pid 620] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 620] write(1, "executing program\n", 18) = 18 [pid 620] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 620] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 620] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 620] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 620] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 620] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 620] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 620] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 620] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 620] memfd_create("syzkaller", 0) = 5 [pid 620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 620] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 620] munmap(0x7effeaced000, 138412032) = 0 [pid 620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 620] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 620] close(5) = 0 [pid 620] close(6) = 0 [pid 620] mkdir("./file0", 0777) = 0 [pid 620] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 620] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 620] chdir("./file0") = 0 [pid 620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 620] ioctl(6, LOOP_CLR_FD) = 0 [pid 620] close(6) = 0 [pid 620] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 620] write(6, "#! ./file1\n", 11) = 11 [pid 620] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 620] exit_group(0) = ? [pid 620] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=620, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 38.671723][ T620] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.696711][ T621] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-620: bg 0: block 234: padding at end of block bitmap is not set umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 625 ./strace-static-x86_64: Process 625 attached [pid 625] set_robust_list(0x555558d93760, 24) = 0 [pid 625] chdir("./68") = 0 [pid 625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 625] setpgid(0, 0) = 0 [pid 625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 625] write(3, "1000", 4) = 4 [pid 625] close(3) = 0 [pid 625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 625] write(1, "executing program\n", 18) = 18 [pid 625] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 625] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 625] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 625] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 625] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 625] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 625] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 625] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 625] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 625] memfd_create("syzkaller", 0) = 5 [pid 625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 625] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 625] munmap(0x7effeaced000, 138412032) = 0 [pid 625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 625] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 625] close(5) = 0 [pid 625] close(6) = 0 [pid 625] mkdir("./file0", 0777) = 0 [pid 625] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 625] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 625] chdir("./file0") = 0 [pid 625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 625] ioctl(6, LOOP_CLR_FD) = 0 [pid 625] close(6) = 0 [pid 625] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 625] write(6, "#! ./file1\n", 11) = 11 [pid 625] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 38.941643][ T625] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 625] exit_group(0) = ? [pid 625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=625, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 38.982161][ T626] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-625: bg 0: block 234: padding at end of block bitmap is not set umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 630 ./strace-static-x86_64: Process 630 attached [pid 630] set_robust_list(0x555558d93760, 24) = 0 [pid 630] chdir("./69") = 0 [pid 630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 630] setpgid(0, 0) = 0 [pid 630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 630] write(3, "1000", 4) = 4 [pid 630] close(3) = 0 [pid 630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 630] write(1, "executing program\n", 18executing program ) = 18 [pid 630] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 630] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 630] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 630] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 630] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 630] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 630] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 630] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 630] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 630] memfd_create("syzkaller", 0) = 5 [pid 630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 630] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 630] munmap(0x7effeaced000, 138412032) = 0 [pid 630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 630] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 630] close(5) = 0 [pid 630] close(6) = 0 [pid 630] mkdir("./file0", 0777) = 0 [pid 630] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 630] chdir("./file0") = 0 [pid 630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 630] ioctl(6, LOOP_CLR_FD) = 0 [pid 630] close(6) = 0 [pid 630] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 630] write(6, "#! ./file1\n", 11) = 11 [pid 630] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [ 39.101758][ T630] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.130149][ T631] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-630: bg 0: block 234: padding at end of block bitmap is not set [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 39.144875][ T630] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.144887][ T631] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-630: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.145170][ T631] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-630: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 39.161471][ T630] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.174924][ T631] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-630: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.190013][ T630] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.205007][ T631] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-630: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 630] exit_group(0) = ? [pid 630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=630, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 39.219874][ T630] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.234589][ T631] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-630: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 635 ./strace-static-x86_64: Process 635 attached [pid 635] set_robust_list(0x555558d93760, 24) = 0 executing program [pid 635] chdir("./70") = 0 [pid 635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 635] setpgid(0, 0) = 0 [pid 635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 635] write(3, "1000", 4) = 4 [pid 635] close(3) = 0 [pid 635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 635] write(1, "executing program\n", 18) = 18 [pid 635] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 635] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 635] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 635] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 635] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 635] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 635] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 635] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 635] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 635] memfd_create("syzkaller", 0) = 5 [pid 635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 635] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 635] munmap(0x7effeaced000, 138412032) = 0 [pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 635] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 635] close(5) = 0 [pid 635] close(6) = 0 [pid 635] mkdir("./file0", 0777) = 0 [pid 635] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 635] chdir("./file0") = 0 [pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 635] ioctl(6, LOOP_CLR_FD) = 0 [pid 635] close(6) = 0 [pid 635] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 635] write(6, "#! ./file1\n", 11) = 11 [pid 635] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 39.501734][ T635] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 39.542620][ T636] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-635: bg 0: block 234: padding at end of block bitmap is not set [ 39.557859][ T635] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.557874][ T636] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-635: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [ 39.573454][ T636] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-635: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.588237][ T635] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.602735][ T636] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-635: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 635] exit_group(0) = ? [pid 635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=635, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 39.617891][ T635] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.632314][ T636] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-635: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.647516][ T635] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.662119][ T636] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-635: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 640 ./strace-static-x86_64: Process 640 attached [pid 640] set_robust_list(0x555558d93760, 24) = 0 [pid 640] chdir("./71") = 0 [pid 640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 640] setpgid(0, 0) = 0 [pid 640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 640] write(3, "1000", 4) = 4 [pid 640] close(3) = 0 [pid 640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 640] write(1, "executing program\n", 18executing program ) = 18 [pid 640] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 640] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 640] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 640] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 640] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 640] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 640] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 640] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 640] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 640] memfd_create("syzkaller", 0) = 5 [pid 640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 640] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 640] munmap(0x7effeaced000, 138412032) = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 640] close(5) = 0 [pid 640] close(6) = 0 [pid 640] mkdir("./file0", 0777) = 0 [pid 640] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 640] chdir("./file0") = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_CLR_FD) = 0 [pid 640] close(6) = 0 [pid 640] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 640] write(6, "#! ./file1\n", 11) = 11 [pid 640] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [ 39.821776][ T640] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.850663][ T641] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-640: bg 0: block 234: padding at end of block bitmap is not set [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 39.865618][ T640] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.865631][ T641] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-640: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.865872][ T641] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-640: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [ 39.881478][ T640] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.895762][ T641] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-640: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.910702][ T640] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.925427][ T641] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-640: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 640] exit_group(0) = ? [pid 640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=640, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 39.940349][ T640] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 39.955197][ T641] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-640: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 645 attached , child_tidptr=0x555558d93750) = 645 [pid 645] set_robust_list(0x555558d93760, 24) = 0 [pid 645] chdir("./72") = 0 [pid 645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 645] setpgid(0, 0) = 0 [pid 645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 645] write(3, "1000", 4) = 4 [pid 645] close(3) = 0 [pid 645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 645] write(1, "executing program\n", 18executing program ) = 18 [pid 645] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 645] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 645] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 645] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 645] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 645] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 645] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 645] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 645] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 645] memfd_create("syzkaller", 0) = 5 [pid 645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 645] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 645] munmap(0x7effeaced000, 138412032) = 0 [pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 645] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 645] close(5) = 0 [pid 645] close(6) = 0 [pid 645] mkdir("./file0", 0777) = 0 [pid 645] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 645] chdir("./file0") = 0 [pid 645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 645] ioctl(6, LOOP_CLR_FD) = 0 [pid 645] close(6) = 0 [pid 645] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 645] write(6, "#! ./file1\n", 11) = 11 [pid 645] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 645] exit_group(0) = ? [pid 645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=645, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 40.101759][ T645] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.131485][ T645] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 650 ./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x555558d93760, 24) = 0 [pid 650] chdir("./73") = 0 [pid 650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 650] setpgid(0, 0) = 0 [pid 650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 650] write(3, "1000", 4) = 4 [pid 650] close(3) = 0 [pid 650] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 650] write(1, "executing program\n", 18) = 18 [pid 650] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 650] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 650] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 650] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 650] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 650] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 650] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 650] memfd_create("syzkaller", 0) = 5 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 650] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 650] munmap(0x7effeaced000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 650] close(5) = 0 [pid 650] close(6) = 0 [pid 650] mkdir("./file0", 0777) = 0 [pid 650] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 650] chdir("./file0") = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_CLR_FD) = 0 [pid 650] close(6) = 0 [pid 650] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 650] write(6, "#! ./file1\n", 11) = 11 [pid 650] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [ 40.301897][ T650] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.326536][ T651] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-650: bg 0: block 234: padding at end of block bitmap is not set [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [ 40.344067][ T650] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.344091][ T651] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-650: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.344256][ T651] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-650: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 40.359965][ T650] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.380872][ T651] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-650: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.389096][ T650] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.403869][ T651] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-650: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 650] exit_group(0) = ? [pid 650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=650, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 40.418745][ T650] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.433509][ T651] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-650: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 655 ./strace-static-x86_64: Process 655 attached [pid 655] set_robust_list(0x555558d93760, 24) = 0 [pid 655] chdir("./74") = 0 [pid 655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] setpgid(0, 0) = 0 [pid 655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] write(3, "1000", 4) = 4 [pid 655] close(3) = 0 [pid 655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 655] write(1, "executing program\n", 18executing program ) = 18 [pid 655] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 655] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 655] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 655] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 655] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 655] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 655] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 655] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 655] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 655] memfd_create("syzkaller", 0) = 5 [pid 655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 655] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 655] munmap(0x7effeaced000, 138412032) = 0 [pid 655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 655] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 655] close(5) = 0 [pid 655] close(6) = 0 [pid 655] mkdir("./file0", 0777) = 0 [pid 655] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 655] chdir("./file0") = 0 [pid 655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 655] ioctl(6, LOOP_CLR_FD) = 0 [pid 655] close(6) = 0 [pid 655] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 655] write(6, "#! ./file1\n", 11) = 11 [pid 655] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 655] exit_group(0) = ? [pid 655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=655, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 40.581897][ T655] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.611353][ T656] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-655: bg 0: block 234: padding at end of block bitmap is not set umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 660 ./strace-static-x86_64: Process 660 attached [pid 660] set_robust_list(0x555558d93760, 24) = 0 [pid 660] chdir("./75") = 0 [pid 660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 660] setpgid(0, 0) = 0 [pid 660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 660] write(3, "1000", 4) = 4 [pid 660] close(3) = 0 [pid 660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 660] write(1, "executing program\n", 18) = 18 [pid 660] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 660] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 660] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 660] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 660] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 660] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 660] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 660] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 660] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 660] memfd_create("syzkaller", 0) = 5 [pid 660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 660] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 660] munmap(0x7effeaced000, 138412032) = 0 [pid 660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 660] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 660] close(5) = 0 [pid 660] close(6) = 0 [pid 660] mkdir("./file0", 0777) = 0 [pid 660] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 660] chdir("./file0") = 0 [pid 660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 660] ioctl(6, LOOP_CLR_FD) = 0 [pid 660] close(6) = 0 [pid 660] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 660] write(6, "#! ./file1\n", 11) = 11 [pid 660] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 40.781970][ T660] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.806169][ T660] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 40.822037][ T660] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.822058][ T661] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-660: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.852063][ T660] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.852294][ T661] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-660: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 40.867842][ T660] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.882510][ T661] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-660: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.897557][ T660] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 660] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 660] exit_group(0) = ? [pid 660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=660, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 40.912092][ T661] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-660: lblock 0 mapped to illegal pblock 62218 (length 1) [ 40.927308][ T660] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 665 ./strace-static-x86_64: Process 665 attached [pid 665] set_robust_list(0x555558d93760, 24) = 0 [pid 665] chdir("./76") = 0 [pid 665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 665] setpgid(0, 0) = 0 [pid 665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 665] write(3, "1000", 4) = 4 [pid 665] close(3) = 0 [pid 665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 665] write(1, "executing program\n", 18executing program ) = 18 [pid 665] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 665] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 665] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 665] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 665] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 665] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 665] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 665] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 665] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 665] memfd_create("syzkaller", 0) = 5 [pid 665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 665] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 665] munmap(0x7effeaced000, 138412032) = 0 [pid 665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 665] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 665] close(5) = 0 [pid 665] close(6) = 0 [pid 665] mkdir("./file0", 0777) = 0 [pid 665] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 665] chdir("./file0") = 0 [pid 665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 665] ioctl(6, LOOP_CLR_FD) = 0 [pid 665] close(6) = 0 [pid 665] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 665] write(6, "#! ./file1\n", 11) = 11 [pid 665] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 665] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 665] exit_group(0) = ? [pid 665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=665, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 41.091725][ T665] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.120677][ T666] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-665: bg 0: block 234: padding at end of block bitmap is not set umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 670 ./strace-static-x86_64: Process 670 attached [pid 670] set_robust_list(0x555558d93760, 24) = 0 [pid 670] chdir("./77") = 0 [pid 670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 670] setpgid(0, 0) = 0 [pid 670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 670] write(3, "1000", 4) = 4 [pid 670] close(3) = 0 [pid 670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 670] write(1, "executing program\n", 18) = 18 [pid 670] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 670] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 670] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 670] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 670] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 670] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 670] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 670] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 670] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 670] memfd_create("syzkaller", 0) = 5 [pid 670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 670] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 670] munmap(0x7effeaced000, 138412032) = 0 [pid 670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 670] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 670] close(5) = 0 [pid 670] close(6) = 0 [pid 670] mkdir("./file0", 0777) = 0 [pid 670] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 670] chdir("./file0") = 0 [pid 670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 670] ioctl(6, LOOP_CLR_FD) = 0 [pid 670] close(6) = 0 [pid 670] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 670] write(6, "#! ./file1\n", 11) = 11 [pid 670] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [ 41.222669][ T670] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.243979][ T670] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [ 41.261846][ T670] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.261860][ T671] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-670: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.262065][ T671] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-670: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.277859][ T670] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 41.291935][ T671] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-670: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.306752][ T670] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.321927][ T671] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-670: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 670] exit_group(0) = ? [pid 670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=670, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 41.336870][ T670] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.351388][ T671] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-670: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 675 ./strace-static-x86_64: Process 675 attached [pid 675] set_robust_list(0x555558d93760, 24) = 0 [pid 675] chdir("./78") = 0 [pid 675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 675] setpgid(0, 0) = 0 [pid 675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 675] write(3, "1000", 4) = 4 [pid 675] close(3) = 0 [pid 675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 675] write(1, "executing program\n", 18) = 18 [pid 675] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 675] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 675] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 675] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 675] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 675] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 675] memfd_create("syzkaller", 0) = 5 [pid 675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 675] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 675] munmap(0x7effeaced000, 138412032) = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 675] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 675] close(5) = 0 [pid 675] close(6) = 0 [pid 675] mkdir("./file0", 0777) = 0 [pid 675] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 675] chdir("./file0") = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 675] ioctl(6, LOOP_CLR_FD) = 0 [pid 675] close(6) = 0 [pid 675] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 675] write(6, "#! ./file1\n", 11) = 11 [pid 675] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [ 41.538663][ T675] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.569644][ T675] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 41.590901][ T675] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.590914][ T676] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-675: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.591079][ T676] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-675: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [ 41.606780][ T675] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.621202][ T676] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-675: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.636245][ T675] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 675] exit_group(0) = ? [pid 675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=675, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 41.651332][ T676] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-675: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.666116][ T675] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 41.681096][ T676] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-675: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 680 ./strace-static-x86_64: Process 680 attached [pid 680] set_robust_list(0x555558d93760, 24) = 0 [pid 680] chdir("./79") = 0 [pid 680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 680] setpgid(0, 0) = 0 [pid 680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 680] write(3, "1000", 4) = 4 [pid 680] close(3) = 0 [pid 680] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 680] write(1, "executing program\n", 18) = 18 [pid 680] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 680] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 680] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 680] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 680] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 680] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 680] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 680] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 680] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 680] memfd_create("syzkaller", 0) = 5 [pid 680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 680] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 680] munmap(0x7effeaced000, 138412032) = 0 [pid 680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 680] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 680] close(5) = 0 [pid 680] close(6) = 0 [pid 680] mkdir("./file0", 0777) = 0 [pid 680] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 680] chdir("./file0") = 0 [pid 680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 680] ioctl(6, LOOP_CLR_FD) = 0 [pid 680] close(6) = 0 [pid 680] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 680] write(6, "#! ./file1\n", 11) = 11 [pid 680] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 680] exit_group(0) = ? [pid 680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=680, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 41.861966][ T680] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.886490][ T680] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 685 attached , child_tidptr=0x555558d93750) = 685 [pid 685] set_robust_list(0x555558d93760, 24) = 0 [pid 685] chdir("./80") = 0 [pid 685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 685] setpgid(0, 0) = 0 [pid 685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 685] write(3, "1000", 4) = 4 [pid 685] close(3) = 0 [pid 685] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 685] write(1, "executing program\n", 18) = 18 [pid 685] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 685] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 685] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 685] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 685] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 685] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 685] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 685] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 685] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 685] memfd_create("syzkaller", 0) = 5 [pid 685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 685] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 685] munmap(0x7effeaced000, 138412032) = 0 [pid 685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 685] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 685] close(5) = 0 [pid 685] close(6) = 0 [pid 685] mkdir("./file0", 0777) = 0 [pid 685] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 685] chdir("./file0") = 0 [pid 685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 685] ioctl(6, LOOP_CLR_FD) = 0 [pid 685] close(6) = 0 [pid 685] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 685] write(6, "#! ./file1\n", 11) = 11 [pid 685] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [ 42.021758][ T685] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.049855][ T685] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [ 42.066951][ T685] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.067076][ T686] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-685: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.097229][ T686] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-685: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [ 42.112147][ T686] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-685: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.126922][ T686] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-685: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.141665][ T685] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.157028][ T686] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-685: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 685] exit_group(0) = ? [pid 685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=685, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 42.157233][ T685] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.172202][ T686] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-685: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 690 ./strace-static-x86_64: Process 690 attached [pid 690] set_robust_list(0x555558d93760, 24) = 0 [pid 690] chdir("./81") = 0 [pid 690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 690] setpgid(0, 0) = 0 [pid 690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 690] write(3, "1000", 4) = 4 [pid 690] close(3) = 0 [pid 690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 690] write(1, "executing program\n", 18executing program ) = 18 [pid 690] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 690] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 690] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 690] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 690] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 690] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 690] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 690] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 690] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 690] memfd_create("syzkaller", 0) = 5 [pid 690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 690] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 690] munmap(0x7effeaced000, 138412032) = 0 [pid 690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 690] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 690] close(5) = 0 [pid 690] close(6) = 0 [pid 690] mkdir("./file0", 0777) = 0 [pid 690] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 690] chdir("./file0") = 0 [pid 690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 690] ioctl(6, LOOP_CLR_FD) = 0 [pid 690] close(6) = 0 [pid 690] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 690] write(6, "#! ./file1\n", 11) = 11 [pid 690] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 690] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 690] exit_group(0) = ? [pid 690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=690, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 42.341812][ T690] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.366948][ T690] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 695 ./strace-static-x86_64: Process 695 attached [pid 695] set_robust_list(0x555558d93760, 24) = 0 [pid 695] chdir("./82") = 0 [pid 695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 695] setpgid(0, 0) = 0 [pid 695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 695] write(3, "1000", 4) = 4 [pid 695] close(3) = 0 [pid 695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 695] write(1, "executing program\n", 18executing program ) = 18 [pid 695] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 695] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 695] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 695] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 695] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 695] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 695] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 695] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 695] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 695] memfd_create("syzkaller", 0) = 5 [pid 695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 695] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 695] munmap(0x7effeaced000, 138412032) = 0 [pid 695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 695] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 695] close(5) = 0 [pid 695] close(6) = 0 [pid 695] mkdir("./file0", 0777) = 0 [pid 695] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 695] chdir("./file0") = 0 [pid 695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 695] ioctl(6, LOOP_CLR_FD) = 0 [pid 695] close(6) = 0 [pid 695] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 695] write(6, "#! ./file1\n", 11) = 11 [pid 695] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 695] exit_group(0) = ? [pid 695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=695, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 42.541707][ T695] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.570629][ T696] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-695: bg 0: block 234: padding at end of block bitmap is not set umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 700 ./strace-static-x86_64: Process 700 attached [pid 700] set_robust_list(0x555558d93760, 24) = 0 [pid 700] chdir("./83") = 0 [pid 700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 700] setpgid(0, 0) = 0 [pid 700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 700] write(3, "1000", 4) = 4 [pid 700] close(3) = 0 executing program [pid 700] symlink("/dev/binderfs", "./binderfs") = 0 [pid 700] write(1, "executing program\n", 18) = 18 [pid 700] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 700] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 700] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 700] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 700] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 700] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 700] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 700] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 700] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 700] memfd_create("syzkaller", 0) = 5 [pid 700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 700] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 700] munmap(0x7effeaced000, 138412032) = 0 [pid 700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 700] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 700] close(5) = 0 [pid 700] close(6) = 0 [pid 700] mkdir("./file0", 0777) = 0 [pid 700] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 700] chdir("./file0") = 0 [pid 700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 700] ioctl(6, LOOP_CLR_FD) = 0 [pid 700] close(6) = 0 [pid 700] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 700] write(6, "#! ./file1\n", 11) = 11 [pid 700] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [ 42.671733][ T700] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.700243][ T700] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 42.718803][ T700] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.718815][ T701] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-700: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.719103][ T701] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-700: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 700] exit_group(0) = ? [ 42.740966][ T700] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.748959][ T701] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-700: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.793287][ T701] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-700: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=700, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 42.808247][ T701] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-700: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.823083][ T701] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-700: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 705 ./strace-static-x86_64: Process 705 attached [pid 705] set_robust_list(0x555558d93760, 24) = 0 [pid 705] chdir("./84") = 0 [pid 705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 705] setpgid(0, 0) = 0 [pid 705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 705] write(3, "1000", 4) = 4 [pid 705] close(3) = 0 [pid 705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 705] write(1, "executing program\n", 18executing program ) = 18 [pid 705] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 705] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 705] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 705] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 705] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 705] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 705] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 705] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 705] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 705] memfd_create("syzkaller", 0) = 5 [pid 705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 705] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 705] munmap(0x7effeaced000, 138412032) = 0 [pid 705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 705] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 705] close(5) = 0 [pid 705] close(6) = 0 [pid 705] mkdir("./file0", 0777) = 0 [pid 705] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 705] chdir("./file0") = 0 [pid 705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 705] ioctl(6, LOOP_CLR_FD) = 0 [pid 705] close(6) = 0 [pid 705] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 705] write(6, "#! ./file1\n", 11) = 11 [pid 705] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 42.941866][ T705] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.975966][ T706] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-705: bg 0: block 234: padding at end of block bitmap is not set [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [ 42.991890][ T705] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.991903][ T706] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-705: lblock 0 mapped to illegal pblock 62218 (length 1) [ 42.992194][ T706] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-705: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [ 43.007878][ T705] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.022004][ T706] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-705: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.037206][ T705] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 705] exit_group(0) = ? [pid 705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=705, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 43.051818][ T706] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-705: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.066834][ T705] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.081542][ T706] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-705: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 710 ./strace-static-x86_64: Process 710 attached [pid 710] set_robust_list(0x555558d93760, 24) = 0 [pid 710] chdir("./85") = 0 [pid 710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 710] setpgid(0, 0) = 0 [pid 710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 710] write(3, "1000", 4) = 4 [pid 710] close(3) = 0 [pid 710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 710] write(1, "executing program\n", 18executing program ) = 18 [pid 710] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 710] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 710] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 710] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 710] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 710] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 710] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 710] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 710] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 710] memfd_create("syzkaller", 0) = 5 [pid 710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 710] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 710] munmap(0x7effeaced000, 138412032) = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 710] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 710] close(5) = 0 [pid 710] close(6) = 0 [pid 710] mkdir("./file0", 0777) = 0 [pid 710] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 710] chdir("./file0") = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 710] ioctl(6, LOOP_CLR_FD) = 0 [pid 710] close(6) = 0 [pid 710] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 710] write(6, "#! ./file1\n", 11) = 11 [pid 710] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 710] exit_group(0) = ? [pid 710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=710, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 43.221876][ T710] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.251659][ T711] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-710: bg 0: block 234: padding at end of block bitmap is not set umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 715 attached , child_tidptr=0x555558d93750) = 715 [pid 715] set_robust_list(0x555558d93760, 24) = 0 [pid 715] chdir("./86") = 0 [pid 715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 715] setpgid(0, 0) = 0 [pid 715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 715] write(3, "1000", 4) = 4 [pid 715] close(3) = 0 [pid 715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 715] write(1, "executing program\n", 18executing program ) = 18 [pid 715] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 715] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 715] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 715] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 715] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 715] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 715] memfd_create("syzkaller", 0) = 5 [pid 715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 715] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 715] munmap(0x7effeaced000, 138412032) = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 715] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 715] close(5) = 0 [pid 715] close(6) = 0 [pid 715] mkdir("./file0", 0777) = 0 [pid 715] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 715] chdir("./file0") = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 715] ioctl(6, LOOP_CLR_FD) = 0 [pid 715] close(6) = 0 [pid 715] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 715] write(6, "#! ./file1\n", 11) = 11 [pid 715] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 715] exit_group(0) = ? [pid 715] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=715, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 43.381645][ T715] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.405451][ T715] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 720 ./strace-static-x86_64: Process 720 attached [pid 720] set_robust_list(0x555558d93760, 24) = 0 [pid 720] chdir("./87") = 0 [pid 720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 720] setpgid(0, 0) = 0 [pid 720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 720] write(3, "1000", 4) = 4 [pid 720] close(3) = 0 [pid 720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 720] write(1, "executing program\n", 18) = 18 [pid 720] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 720] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 720] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 720] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 720] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 720] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 720] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 720] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 720] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 720] memfd_create("syzkaller", 0) = 5 [pid 720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 720] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 720] munmap(0x7effeaced000, 138412032) = 0 [pid 720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 720] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 720] close(5) = 0 [pid 720] close(6) = 0 [pid 720] mkdir("./file0", 0777) = 0 [pid 720] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 720] chdir("./file0") = 0 [pid 720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 720] ioctl(6, LOOP_CLR_FD) = 0 [pid 720] close(6) = 0 [pid 720] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 720] write(6, "#! ./file1\n", 11) = 11 [pid 720] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [ 43.522177][ T720] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.544002][ T720] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 43.560126][ T720] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.560137][ T721] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-720: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.560301][ T721] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-720: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.586260][ T720] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 43.591043][ T721] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-720: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.604994][ T720] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.620340][ T721] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-720: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 720] exit_group(0) = ? [pid 720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=720, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 43.634894][ T720] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.650203][ T721] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-720: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 725 ./strace-static-x86_64: Process 725 attached [pid 725] set_robust_list(0x555558d93760, 24) = 0 [pid 725] chdir("./88") = 0 [pid 725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 725] setpgid(0, 0) = 0 [pid 725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 725] write(3, "1000", 4) = 4 [pid 725] close(3) = 0 [pid 725] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 725] write(1, "executing program\n", 18) = 18 [pid 725] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 725] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 725] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 725] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 725] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 725] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 725] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 725] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 725] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 725] memfd_create("syzkaller", 0) = 5 [pid 725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 725] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 725] munmap(0x7effeaced000, 138412032) = 0 [pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 725] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 725] close(5) = 0 [pid 725] close(6) = 0 [pid 725] mkdir("./file0", 0777) = 0 [pid 725] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 725] chdir("./file0") = 0 [pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 725] ioctl(6, LOOP_CLR_FD) = 0 [pid 725] close(6) = 0 [pid 725] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 725] write(6, "#! ./file1\n", 11) = 11 [pid 725] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 43.821874][ T725] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.846358][ T725] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 43.862610][ T725] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.862637][ T726] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-725: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.862896][ T726] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-725: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.892910][ T725] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 43.907302][ T726] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-725: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.922827][ T725] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.937242][ T726] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-725: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 725] exit_group(0) = ? [pid 725] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=725, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 43.952970][ T725] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 43.967395][ T726] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-725: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 730 ./strace-static-x86_64: Process 730 attached [pid 730] set_robust_list(0x555558d93760, 24) = 0 [pid 730] chdir("./89") = 0 [pid 730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 730] setpgid(0, 0) = 0 [pid 730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 730] write(3, "1000", 4) = 4 [pid 730] close(3) = 0 [pid 730] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 730] write(1, "executing program\n", 18) = 18 [pid 730] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 730] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 730] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 730] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 730] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 730] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 730] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 730] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 730] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 730] memfd_create("syzkaller", 0) = 5 [pid 730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 730] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 730] munmap(0x7effeaced000, 138412032) = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 730] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 730] close(5) = 0 [pid 730] close(6) = 0 [pid 730] mkdir("./file0", 0777) = 0 [pid 730] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 730] chdir("./file0") = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 730] ioctl(6, LOOP_CLR_FD) = 0 [pid 730] close(6) = 0 [pid 730] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 730] write(6, "#! ./file1\n", 11) = 11 [pid 730] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 730] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 730] exit_group(0) = ? [pid 730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=730, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 44.141874][ T730] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.170422][ T731] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-730: bg 0: block 234: padding at end of block bitmap is not set umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 735 ./strace-static-x86_64: Process 735 attached [pid 735] set_robust_list(0x555558d93760, 24) = 0 [pid 735] chdir("./90") = 0 [pid 735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 735] setpgid(0, 0) = 0 [pid 735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 735] write(3, "1000", 4) = 4 [pid 735] close(3) = 0 [pid 735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 735] write(1, "executing program\n", 18) = 18 [pid 735] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 735] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 735] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 735] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 735] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 735] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 735] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 735] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 735] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 735] memfd_create("syzkaller", 0) = 5 [pid 735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 735] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 735] munmap(0x7effeaced000, 138412032) = 0 [pid 735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 735] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 735] close(5) = 0 [pid 735] close(6) = 0 [pid 735] mkdir("./file0", 0777) = 0 [pid 735] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 735] chdir("./file0") = 0 [pid 735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 735] ioctl(6, LOOP_CLR_FD) = 0 [pid 735] close(6) = 0 [pid 735] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 735] write(6, "#! ./file1\n", 11) = 11 [pid 735] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 44.291646][ T735] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 735] exit_group(0) = ? [pid 735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=735, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 44.331759][ T735] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 740 ./strace-static-x86_64: Process 740 attached [pid 740] set_robust_list(0x555558d93760, 24) = 0 [pid 740] chdir("./91") = 0 [pid 740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 740] setpgid(0, 0) = 0 [pid 740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 740] write(3, "1000", 4) = 4 [pid 740] close(3) = 0 [pid 740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 740] write(1, "executing program\n", 18executing program ) = 18 [pid 740] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 740] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 740] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 740] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 740] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 740] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 740] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 740] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 740] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 740] memfd_create("syzkaller", 0) = 5 [pid 740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 740] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 740] munmap(0x7effeaced000, 138412032) = 0 [pid 740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 740] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 740] close(5) = 0 [pid 740] close(6) = 0 [pid 740] mkdir("./file0", 0777) = 0 [pid 740] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 740] chdir("./file0") = 0 [pid 740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 740] ioctl(6, LOOP_CLR_FD) = 0 [pid 740] close(6) = 0 [pid 740] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 740] write(6, "#! ./file1\n", 11) = 11 [pid 740] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 740] exit_group(0) = ? [pid 740] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=740, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 44.451661][ T740] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.473140][ T740] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 745 attached , child_tidptr=0x555558d93750) = 745 [pid 745] set_robust_list(0x555558d93760, 24) = 0 [pid 745] chdir("./92") = 0 [pid 745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 745] setpgid(0, 0) = 0 [pid 745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 745] write(3, "1000", 4) = 4 [pid 745] close(3) = 0 [pid 745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 745] write(1, "executing program\n", 18executing program ) = 18 [pid 745] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 745] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 745] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 745] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 745] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 745] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 745] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 745] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 745] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 745] memfd_create("syzkaller", 0) = 5 [pid 745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 745] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 745] munmap(0x7effeaced000, 138412032) = 0 [pid 745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 745] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 745] close(5) = 0 [pid 745] close(6) = 0 [pid 745] mkdir("./file0", 0777) = 0 [pid 745] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 745] chdir("./file0") = 0 [pid 745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 745] ioctl(6, LOOP_CLR_FD) = 0 [pid 745] close(6) = 0 [pid 745] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 745] write(6, "#! ./file1\n", 11) = 11 [pid 745] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 44.581850][ T745] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 745] exit_group(0) = ? [pid 745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=745, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 44.622004][ T746] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-745: bg 0: block 234: padding at end of block bitmap is not set umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 750 ./strace-static-x86_64: Process 750 attached [pid 750] set_robust_list(0x555558d93760, 24) = 0 [pid 750] chdir("./93") = 0 [pid 750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 750] setpgid(0, 0) = 0 [pid 750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 750] write(3, "1000", 4) = 4 [pid 750] close(3) = 0 [pid 750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 750] write(1, "executing program\n", 18) = 18 [pid 750] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 750] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 750] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 750] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 750] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 750] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 750] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 750] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 750] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 750] memfd_create("syzkaller", 0) = 5 [pid 750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 750] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 750] munmap(0x7effeaced000, 138412032) = 0 [pid 750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 750] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 750] close(5) = 0 [pid 750] close(6) = 0 [pid 750] mkdir("./file0", 0777) = 0 [pid 750] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 750] chdir("./file0") = 0 [pid 750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 750] ioctl(6, LOOP_CLR_FD) = 0 [pid 750] close(6) = 0 [pid 750] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 750] write(6, "#! ./file1\n", 11) = 11 [pid 750] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 750] exit_group(0) = ? [pid 750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=750, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 44.771882][ T750] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.801207][ T750] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 755 ./strace-static-x86_64: Process 755 attached [pid 755] set_robust_list(0x555558d93760, 24) = 0 [pid 755] chdir("./94") = 0 [pid 755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 755] setpgid(0, 0) = 0 [pid 755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 755] write(3, "1000", 4) = 4 [pid 755] close(3) = 0 [pid 755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 755] write(1, "executing program\n", 18) = 18 [pid 755] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 755] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 755] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 755] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 755] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 755] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 755] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 755] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 755] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 755] memfd_create("syzkaller", 0) = 5 [pid 755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 755] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 755] munmap(0x7effeaced000, 138412032) = 0 [pid 755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 755] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 755] close(5) = 0 [pid 755] close(6) = 0 [pid 755] mkdir("./file0", 0777) = 0 [pid 755] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 755] chdir("./file0") = 0 [pid 755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 755] ioctl(6, LOOP_CLR_FD) = 0 [pid 755] close(6) = 0 [pid 755] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 755] write(6, "#! ./file1\n", 11) = 11 [pid 755] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 45.011623][ T755] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 755] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 755] exit_group(0) = ? [pid 755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=755, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 45.052156][ T756] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-755: bg 0: block 234: padding at end of block bitmap is not set umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 760 ./strace-static-x86_64: Process 760 attached [pid 760] set_robust_list(0x555558d93760, 24) = 0 [pid 760] chdir("./95") = 0 [pid 760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 760] setpgid(0, 0) = 0 [pid 760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 760] write(3, "1000", 4) = 4 [pid 760] close(3) = 0 [pid 760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 760] write(1, "executing program\n", 18executing program ) = 18 [pid 760] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 760] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 760] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 760] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 760] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 760] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 760] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 760] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 760] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 760] memfd_create("syzkaller", 0) = 5 [pid 760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 760] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 760] munmap(0x7effeaced000, 138412032) = 0 [pid 760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 760] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 760] close(5) = 0 [pid 760] close(6) = 0 [pid 760] mkdir("./file0", 0777) = 0 [pid 760] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 760] chdir("./file0") = 0 [pid 760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 760] ioctl(6, LOOP_CLR_FD) = 0 [pid 760] close(6) = 0 [pid 760] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 760] write(6, "#! ./file1\n", 11) = 11 [pid 760] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 760] exit_group(0) = ? [pid 760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=760, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 45.181705][ T760] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.210325][ T760] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 765 attached , child_tidptr=0x555558d93750) = 765 [pid 765] set_robust_list(0x555558d93760, 24) = 0 [pid 765] chdir("./96") = 0 [pid 765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 765] setpgid(0, 0) = 0 [pid 765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 765] write(3, "1000", 4) = 4 [pid 765] close(3) = 0 [pid 765] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 765] write(1, "executing program\n", 18) = 18 [pid 765] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 765] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 765] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 765] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 765] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 765] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 765] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 765] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 765] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 765] memfd_create("syzkaller", 0) = 5 [pid 765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 765] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 765] munmap(0x7effeaced000, 138412032) = 0 [pid 765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 765] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 765] close(5) = 0 [pid 765] close(6) = 0 [pid 765] mkdir("./file0", 0777) = 0 [pid 765] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 765] chdir("./file0") = 0 [pid 765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 765] ioctl(6, LOOP_CLR_FD) = 0 [pid 765] close(6) = 0 [pid 765] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 765] write(6, "#! ./file1\n", 11) = 11 [pid 765] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 765] exit_group(0) = ? [pid 765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=765, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 45.311807][ T765] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.339942][ T766] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-765: bg 0: block 234: padding at end of block bitmap is not set umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 770 ./strace-static-x86_64: Process 770 attached [pid 770] set_robust_list(0x555558d93760, 24) = 0 [pid 770] chdir("./97") = 0 [pid 770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 770] setpgid(0, 0) = 0 [pid 770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 770] write(3, "1000", 4) = 4 [pid 770] close(3) = 0 [pid 770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 770] write(1, "executing program\n", 18) = 18 [pid 770] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 770] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 770] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 770] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 770] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 770] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 770] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 770] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 770] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 770] memfd_create("syzkaller", 0) = 5 [pid 770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 executing program [pid 770] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 770] munmap(0x7effeaced000, 138412032) = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 770] close(5) = 0 [pid 770] close(6) = 0 [pid 770] mkdir("./file0", 0777) = 0 [pid 770] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 770] chdir("./file0") = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_CLR_FD) = 0 [pid 770] close(6) = 0 [pid 770] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 770] write(6, "#! ./file1\n", 11) = 11 [pid 770] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 45.591696][ T770] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.618660][ T770] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [ 45.635604][ T770] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 45.635618][ T771] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-770: lblock 0 mapped to illegal pblock 62218 (length 1) [ 45.635808][ T771] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-770: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 45.651826][ T770] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 45.665953][ T771] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-770: lblock 0 mapped to illegal pblock 62218 (length 1) [ 45.680497][ T770] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 45.695534][ T771] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-770: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 770] exit_group(0) = ? [pid 770] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=770, si_uid=0, si_status=0, si_utime=1, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 45.710842][ T770] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 45.725279][ T771] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-770: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 775 ./strace-static-x86_64: Process 775 attached [pid 775] set_robust_list(0x555558d93760, 24) = 0 [pid 775] chdir("./98") = 0 [pid 775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 775] setpgid(0, 0) = 0 [pid 775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 775] write(3, "1000", 4) = 4 [pid 775] close(3) = 0 [pid 775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 775] write(1, "executing program\n", 18) = 18 [pid 775] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 775] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 775] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 775] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 775] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 775] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 775] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 775] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 775] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 775] memfd_create("syzkaller", 0) = 5 [pid 775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 775] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 775] munmap(0x7effeaced000, 138412032) = 0 [pid 775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 775] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 775] close(5) = 0 [pid 775] close(6) = 0 [pid 775] mkdir("./file0", 0777) = 0 [pid 775] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 775] chdir("./file0") = 0 [pid 775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 775] ioctl(6, LOOP_CLR_FD) = 0 [pid 775] close(6) = 0 [pid 775] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 775] write(6, "#! ./file1\n", 11) = 11 [pid 775] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 775] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 775] exit_group(0) = ? [pid 775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=775, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 45.891987][ T775] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.921764][ T776] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-775: bg 0: block 234: padding at end of block bitmap is not set umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 780 ./strace-static-x86_64: Process 780 attached [pid 780] set_robust_list(0x555558d93760, 24) = 0 [pid 780] chdir("./99") = 0 [pid 780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 780] setpgid(0, 0) = 0 [pid 780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 780] write(3, "1000", 4) = 4 [pid 780] close(3) = 0 [pid 780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 780] write(1, "executing program\n", 18) = 18 executing program [pid 780] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 780] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 780] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 780] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 780] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 780] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 780] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 780] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 780] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 780] memfd_create("syzkaller", 0) = 5 [pid 780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 780] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 780] munmap(0x7effeaced000, 138412032) = 0 [pid 780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 780] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 780] close(5) = 0 [pid 780] close(6) = 0 [pid 780] mkdir("./file0", 0777) = 0 [pid 780] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 780] chdir("./file0") = 0 [pid 780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 780] ioctl(6, LOOP_CLR_FD) = 0 [pid 780] close(6) = 0 [pid 780] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 780] write(6, "#! ./file1\n", 11) = 11 [pid 780] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 780] exit_group(0) = ? [pid 780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=780, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 46.059517][ T780] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.088384][ T781] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-780: bg 0: block 234: padding at end of block bitmap is not set umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 785 ./strace-static-x86_64: Process 785 attached [pid 785] set_robust_list(0x555558d93760, 24) = 0 [pid 785] chdir("./100") = 0 [pid 785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 785] setpgid(0, 0) = 0 [pid 785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 785] write(3, "1000", 4) = 4 [pid 785] close(3) = 0 [pid 785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 785] write(1, "executing program\n", 18executing program ) = 18 [pid 785] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 785] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 785] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 785] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 785] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 785] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 785] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 785] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 785] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 785] memfd_create("syzkaller", 0) = 5 [pid 785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 785] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 785] munmap(0x7effeaced000, 138412032) = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 785] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 785] close(5) = 0 [pid 785] close(6) = 0 [pid 785] mkdir("./file0", 0777) = 0 [pid 785] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 785] chdir("./file0") = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 785] ioctl(6, LOOP_CLR_FD) = 0 [pid 785] close(6) = 0 [pid 785] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 785] write(6, "#! ./file1\n", 11) = 11 [pid 785] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 785] exit_group(0) = ? [pid 785] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=785, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 46.261664][ T785] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.289579][ T786] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-785: bg 0: block 234: padding at end of block bitmap is not set umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555558d93750) = 790 ./strace-static-x86_64: Process 790 attached [pid 790] set_robust_list(0x555558d93760, 24) = 0 [pid 790] chdir("./101") = 0 [pid 790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 790] setpgid(0, 0) = 0 [pid 790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 790] write(3, "1000", 4) = 4 [pid 790] close(3) = 0 [pid 790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 790] write(1, "executing program\n", 18) = 18 [pid 790] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 790] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 790] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 790] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 790] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 790] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 790] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 790] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 790] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 790] memfd_create("syzkaller", 0) = 5 [pid 790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 790] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 790] munmap(0x7effeaced000, 138412032) = 0 [pid 790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 790] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 790] close(5) = 0 [pid 790] close(6) = 0 [pid 790] mkdir("./file0", 0777) = 0 [pid 790] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 790] chdir("./file0") = 0 [pid 790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 790] ioctl(6, LOOP_CLR_FD) = 0 [pid 790] close(6) = 0 [pid 790] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 790] write(6, "#! ./file1\n", 11) = 11 [pid 790] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 790] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 790] exit_group(0) = ? [pid 790] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=790, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 46.373003][ T790] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.396316][ T790] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 795 ./strace-static-x86_64: Process 795 attached [pid 795] set_robust_list(0x555558d93760, 24) = 0 [pid 795] chdir("./102") = 0 [pid 795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 795] setpgid(0, 0) = 0 [pid 795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 795] write(3, "1000", 4) = 4 [pid 795] close(3) = 0 [pid 795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 795] write(1, "executing program\n", 18executing program ) = 18 [pid 795] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 795] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 795] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 795] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 795] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 795] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 795] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 795] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 795] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 795] memfd_create("syzkaller", 0) = 5 [pid 795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 795] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 795] munmap(0x7effeaced000, 138412032) = 0 [pid 795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 795] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 795] close(5) = 0 [pid 795] close(6) = 0 [pid 795] mkdir("./file0", 0777) = 0 [pid 795] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 795] chdir("./file0") = 0 [pid 795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 795] ioctl(6, LOOP_CLR_FD) = 0 [pid 795] close(6) = 0 [pid 795] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 795] write(6, "#! ./file1\n", 11) = 11 [pid 795] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 795] exit_group(0) = ? [pid 795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=795, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 46.531684][ T795] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.556343][ T795] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 800 ./strace-static-x86_64: Process 800 attached [pid 800] set_robust_list(0x555558d93760, 24) = 0 [pid 800] chdir("./103") = 0 [pid 800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 800] setpgid(0, 0) = 0 [pid 800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 800] write(3, "1000", 4) = 4 [pid 800] close(3) = 0 [pid 800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 800] write(1, "executing program\n", 18executing program ) = 18 [pid 800] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 800] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 800] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 800] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 800] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 800] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 800] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 800] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 800] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 800] memfd_create("syzkaller", 0) = 5 [pid 800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 800] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 800] munmap(0x7effeaced000, 138412032) = 0 [pid 800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 800] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 800] close(5) = 0 [pid 800] close(6) = 0 [pid 800] mkdir("./file0", 0777) = 0 [pid 800] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 800] chdir("./file0") = 0 [pid 800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 800] ioctl(6, LOOP_CLR_FD) = 0 [pid 800] close(6) = 0 [pid 800] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 800] write(6, "#! ./file1\n", 11) = 11 [pid 800] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [ 46.741957][ T800] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.770241][ T800] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 46.786139][ T800] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 46.786153][ T801] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-800: lblock 0 mapped to illegal pblock 62218 (length 1) [ 46.786474][ T801] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-800: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 46.820943][ T800] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 46.845873][ T801] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-800: lblock 0 mapped to illegal pblock 62218 (length 1) [ 46.846276][ T800] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 46.860930][ T801] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-800: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 800] exit_group(0) = ? [pid 800] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=800, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 46.876203][ T800] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 46.890776][ T801] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-800: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 805 ./strace-static-x86_64: Process 805 attached [pid 805] set_robust_list(0x555558d93760, 24) = 0 [pid 805] chdir("./104") = 0 [pid 805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 805] setpgid(0, 0) = 0 [pid 805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 805] write(3, "1000", 4) = 4 [pid 805] close(3) = 0 [pid 805] symlink("/dev/binderfs", "./binderfs") = 0 [pid 805] write(1, "executing program\n", 18executing program ) = 18 [pid 805] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 805] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 805] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 805] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 805] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 805] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 805] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 805] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 805] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 805] memfd_create("syzkaller", 0) = 5 [pid 805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 805] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 805] munmap(0x7effeaced000, 138412032) = 0 [pid 805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 805] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 805] close(5) = 0 [pid 805] close(6) = 0 [pid 805] mkdir("./file0", 0777) = 0 [pid 805] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 805] chdir("./file0") = 0 [pid 805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 805] ioctl(6, LOOP_CLR_FD) = 0 [pid 805] close(6) = 0 [pid 805] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 805] write(6, "#! ./file1\n", 11) = 11 [pid 805] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 805] exit_group(0) = ? [pid 805] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=805, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 47.021943][ T805] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 47.047120][ T806] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-805: bg 0: block 234: padding at end of block bitmap is not set umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555558d93750) = 810 ./strace-static-x86_64: Process 810 attached [pid 810] set_robust_list(0x555558d93760, 24) = 0 [pid 810] chdir("./105") = 0 [pid 810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 810] setpgid(0, 0) = 0 [pid 810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 810] write(3, "1000", 4) = 4 [pid 810] close(3) = 0 [pid 810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 810] write(1, "executing program\n", 18) = 18 [pid 810] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 810] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 810] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 810] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 810] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 810] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 810] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 810] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 810] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 810] memfd_create("syzkaller", 0) = 5 [pid 810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 810] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 810] munmap(0x7effeaced000, 138412032) = 0 [pid 810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 810] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 810] close(5) = 0 [pid 810] close(6) = 0 [pid 810] mkdir("./file0", 0777) = 0 [pid 810] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 810] chdir("./file0") = 0 [pid 810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 810] ioctl(6, LOOP_CLR_FD) = 0 [pid 810] close(6) = 0 [pid 810] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 810] write(6, "#! ./file1\n", 11) = 11 [pid 810] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [ 47.161798][ T810] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 47.188744][ T810] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [ 47.203958][ T810] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.203971][ T811] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-810: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.204233][ T811] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-810: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [ 47.219955][ T810] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.234260][ T811] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-810: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.249231][ T810] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.264158][ T811] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-810: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 810] exit_group(0) = ? [pid 810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=810, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 47.278848][ T810] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.294096][ T811] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-810: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 815 ./strace-static-x86_64: Process 815 attached [pid 815] set_robust_list(0x555558d93760, 24) = 0 [pid 815] chdir("./106") = 0 [pid 815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 815] setpgid(0, 0) = 0 [pid 815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 815] write(3, "1000", 4) = 4 [pid 815] close(3) = 0 [pid 815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 815] write(1, "executing program\n", 18) = 18 [pid 815] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 815] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 815] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 815] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 815] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 815] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 815] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 815] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 815] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 815] memfd_create("syzkaller", 0) = 5 [pid 815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 815] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 815] munmap(0x7effeaced000, 138412032) = 0 [pid 815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 815] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 815] close(5) = 0 [pid 815] close(6) = 0 [pid 815] mkdir("./file0", 0777) = 0 [pid 815] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 815] chdir("./file0") = 0 [pid 815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 815] ioctl(6, LOOP_CLR_FD) = 0 [pid 815] close(6) = 0 [pid 815] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 815] write(6, "#! ./file1\n", 11) = 11 [pid 815] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [ 47.431852][ T815] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 47.453622][ T815] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [ 47.480805][ T815] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.480821][ T816] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-815: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.481008][ T816] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-815: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [ 47.496680][ T815] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.511239][ T816] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-815: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.525854][ T815] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 815] exit_group(0) = ? [pid 815] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=815, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 47.540864][ T816] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-815: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.585113][ T816] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-815: lblock 0 mapped to illegal pblock 62218 (length 1) [ 47.599918][ T816] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-815: lblock 0 mapped to illegal pblock 62218 (length 1) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 820 attached , child_tidptr=0x555558d93750) = 820 [pid 820] set_robust_list(0x555558d93760, 24) = 0 [pid 820] chdir("./107") = 0 [pid 820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 820] setpgid(0, 0) = 0 [pid 820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 820] write(3, "1000", 4) = 4 [pid 820] close(3) = 0 [pid 820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 820] write(1, "executing program\n", 18executing program ) = 18 [pid 820] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 820] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 820] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 820] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 820] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 820] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 820] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 820] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 820] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 820] memfd_create("syzkaller", 0) = 5 [pid 820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 820] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 820] munmap(0x7effeaced000, 138412032) = 0 [pid 820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 820] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 820] close(5) = 0 [pid 820] close(6) = 0 [pid 820] mkdir("./file0", 0777) = 0 [pid 820] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 820] chdir("./file0") = 0 [pid 820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 820] ioctl(6, LOOP_CLR_FD) = 0 [pid 820] close(6) = 0 [pid 820] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 820] write(6, "#! ./file1\n", 11) = 11 [pid 820] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 820] exit_group(0) = ? [pid 820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=820, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 47.709959][ T821] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-820: bg 0: block 234: padding at end of block bitmap is not set umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 825 ./strace-static-x86_64: Process 825 attached [pid 825] set_robust_list(0x555558d93760, 24) = 0 [pid 825] chdir("./108") = 0 [pid 825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 825] setpgid(0, 0) = 0 [pid 825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 825] write(3, "1000", 4) = 4 [pid 825] close(3) = 0 [pid 825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 825] write(1, "executing program\n", 18) = 18 [pid 825] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 825] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 825] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 825] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 825] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 825] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 825] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 825] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 825] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 825] memfd_create("syzkaller", 0) = 5 [pid 825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 825] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 825] munmap(0x7effeaced000, 138412032) = 0 [pid 825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 825] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 825] close(5) = 0 [pid 825] close(6) = 0 [pid 825] mkdir("./file0", 0777) = 0 [pid 825] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 825] chdir("./file0") = 0 [pid 825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 825] ioctl(6, LOOP_CLR_FD) = 0 [pid 825] close(6) = 0 [pid 825] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 825] write(6, "#! ./file1\n", 11) = 11 [pid 825] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [ 47.994456][ T826] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-825: bg 0: block 234: padding at end of block bitmap is not set [ 48.010870][ T825] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.011020][ T826] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-825: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [ 48.026416][ T825] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.041220][ T826] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-825: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.056855][ T825] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [ 48.071329][ T826] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-825: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.086794][ T825] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.101105][ T826] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-825: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 825] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 825] exit_group(0) = ? [pid 825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=825, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 48.116547][ T825] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 830 ./strace-static-x86_64: Process 830 attached [pid 830] set_robust_list(0x555558d93760, 24) = 0 [pid 830] chdir("./109") = 0 [pid 830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 830] setpgid(0, 0) = 0 [pid 830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 830] write(3, "1000", 4) = 4 [pid 830] close(3) = 0 [pid 830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 830] write(1, "executing program\n", 18executing program ) = 18 [pid 830] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 830] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 830] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 830] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 830] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 830] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 830] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 830] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 830] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 830] memfd_create("syzkaller", 0) = 5 [pid 830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 830] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 830] munmap(0x7effeaced000, 138412032) = 0 [pid 830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 830] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 830] close(5) = 0 [pid 830] close(6) = 0 [pid 830] mkdir("./file0", 0777) = 0 [pid 830] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 830] chdir("./file0") = 0 [pid 830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 830] ioctl(6, LOOP_CLR_FD) = 0 [pid 830] close(6) = 0 [pid 830] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 830] write(6, "#! ./file1\n", 11) = 11 [pid 830] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 830] exit_group(0) = ? [pid 830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=830, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 48.269868][ T831] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-830: bg 0: block 234: padding at end of block bitmap is not set umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 835 ./strace-static-x86_64: Process 835 attached [pid 835] set_robust_list(0x555558d93760, 24) = 0 [pid 835] chdir("./110") = 0 [pid 835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 835] setpgid(0, 0) = 0 [pid 835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 835] write(3, "1000", 4) = 4 [pid 835] close(3) = 0 executing program [pid 835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 835] write(1, "executing program\n", 18) = 18 [pid 835] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 835] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 835] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 835] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 835] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 835] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 835] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 835] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 835] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 835] memfd_create("syzkaller", 0) = 5 [pid 835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 835] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 835] munmap(0x7effeaced000, 138412032) = 0 [pid 835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 835] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 835] close(5) = 0 [pid 835] close(6) = 0 [pid 835] mkdir("./file0", 0777) = 0 [pid 835] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 835] chdir("./file0") = 0 [pid 835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 835] ioctl(6, LOOP_CLR_FD) = 0 [pid 835] close(6) = 0 [pid 835] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 835] write(6, "#! ./file1\n", 11) = 11 [pid 835] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c0} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005c8} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d0} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005d8} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e0} --- [ 48.509050][ T835] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor252: bg 0: block 234: padding at end of block bitmap is not set [ 48.526641][ T835] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.526767][ T836] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-835: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005e8} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f0} --- [ 48.542532][ T835] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.557090][ T836] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-835: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.572183][ T835] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000005f8} --- [ 48.586699][ T836] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-835: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.601903][ T835] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) [ 48.616323][ T836] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-835: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000600} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000608} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000610} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000618} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000620} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000628} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000630} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000638} --- [pid 835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000640} --- [pid 835] exit_group(0) = ? [pid 835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=835, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 48.631494][ T835] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm syz-executor252: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555558d9c830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555558d9c830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 getdents64(3, 0x555558d947f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555558d93750) = 840 ./strace-static-x86_64: Process 840 attached [pid 840] set_robust_list(0x555558d93760, 24) = 0 [pid 840] chdir("./111") = 0 [pid 840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 840] setpgid(0, 0) = 0 [pid 840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 840] write(3, "1000", 4) = 4 [pid 840] close(3) = 0 [pid 840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 840] write(1, "executing program\n", 18executing program ) = 18 [pid 840] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 840] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 840] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 840] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 840] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 840] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 840] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 840] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 840] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 840] memfd_create("syzkaller", 0) = 5 [pid 840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7effeaced000 [pid 840] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 840] munmap(0x7effeaced000, 138412032) = 0 [pid 840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 840] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 840] close(5) = 0 [pid 840] close(6) = 0 [pid 840] mkdir("./file0", 0777) = 0 [pid 840] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 840] chdir("./file0") = 0 [pid 840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 840] ioctl(6, LOOP_CLR_FD) = 0 [pid 840] close(6) = 0 [pid 840] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 840] write(6, "#! ./file1\n", 11) = 11 [pid 840] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 840] exit_group(0) = ? [pid 840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=840, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555558d947f0 /* 4 entries */, 32768) = 112 [ 48.910873][ T841] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-840: bg 0: block 234: padding at end of block bitmap is not set [ 48.936976][ T304] ------------[ cut here ]------------ [ 48.942506][ T304] kernel BUG at fs/ext4/inode.c:2778! [ 48.947899][ T304] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 48.953944][ T304] CPU: 0 PID: 304 Comm: kworker/u4:3 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 48.963888][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 48.973937][ T304] Workqueue: writeback wb_workfn (flush-7:0) [ 48.979900][ T304] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 48.985598][ T304] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 49.005188][ T304] RSP: 0018:ffffc90000bb7180 EFLAGS: 00010293 [ 49.011237][ T304] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff8881218dcf00 [ 49.019193][ T304] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 49.027151][ T304] RBP: ffffc90000bb74f0 R08: dffffc0000000000 R09: ffffed1024227185 [ 49.035138][ T304] R10: ffffed1024227185 R11: 1ffff11024227184 R12: dffffc0000000000 [ 49.043095][ T304] R13: ffff8881065a1000 R14: 0000008000000000 R15: ffff888121138c20 [ 49.051055][ T304] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 49.059966][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.066551][ T304] CR2: 0000000000000002 CR3: 00000001067bf000 CR4: 00000000003506b0 [ 49.074511][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.082474][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.090445][ T304] Call Trace: [ 49.093724][ T304] ? __kasan_check_write+0x14/0x20 [ 49.098815][ T304] ? _raw_spin_lock+0x8e/0xe0 [ 49.103488][ T304] ? __kasan_check_read+0x11/0x20 [ 49.108499][ T304] ? write_boundary_block+0x140/0x140 [ 49.113849][ T304] ? ext4_readpage+0x220/0x220 [ 49.118593][ T304] ? __getblk_gfp+0x3b/0x780 [ 49.123165][ T304] ? load_balance+0x1193/0x4320 [ 49.128020][ T304] ? update_load_avg+0x4dc/0x14f0 [ 49.133029][ T304] ? ext4_readpage+0x220/0x220 [ 49.137776][ T304] do_writepages+0x12a/0x270 [ 49.142349][ T304] ? __writepage+0x130/0x130 [ 49.146928][ T304] ? __kasan_check_write+0x14/0x20 [ 49.152023][ T304] ? _raw_spin_lock+0x8e/0xe0 [ 49.156687][ T304] ? __kasan_check_write+0x14/0x20 [ 49.161783][ T304] __writeback_single_inode+0xd5/0xa20 [ 49.167231][ T304] ? wbc_attach_and_unlock_inode+0x385/0x590 [ 49.173199][ T304] writeback_sb_inodes+0x860/0x1400 [ 49.178384][ T304] ? queue_io+0x4c0/0x4c0 [ 49.182709][ T304] ? __kasan_check_read+0x11/0x20 [ 49.187718][ T304] ? queue_io+0x385/0x4c0 [ 49.192040][ T304] wb_writeback+0x3e3/0xb90 [ 49.196550][ T304] ? wb_io_lists_depopulated+0x180/0x180 [ 49.202171][ T304] ? set_worker_desc+0x155/0x1c0 [ 49.207093][ T304] ? update_load_avg+0x4dc/0x14f0 [ 49.212107][ T304] ? __kasan_check_write+0x14/0x20 [ 49.217208][ T304] wb_workfn+0x38f/0xe20 [ 49.221438][ T304] ? inode_wait_for_writeback+0x200/0x200 [ 49.227150][ T304] ? _raw_spin_unlock_irq+0x4e/0x70 [ 49.232351][ T304] ? finish_task_switch+0x12e/0x5a0 [ 49.237544][ T304] ? switch_mm_irqs_off+0x763/0x9a0 [ 49.243139][ T304] ? __switch_to_asm+0x34/0x60 [ 49.247892][ T304] ? __schedule+0xb4f/0x1310 [ 49.252467][ T304] ? __kasan_check_read+0x11/0x20 [ 49.257489][ T304] ? read_word_at_a_time+0x12/0x20 [ 49.262594][ T304] ? strscpy+0x9b/0x290 [ 49.266747][ T304] process_one_work+0x6e1/0xba0 [ 49.271589][ T304] worker_thread+0xa6a/0x13b0 [ 49.276253][ T304] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 49.281716][ T304] ? __kasan_check_read+0x11/0x20 [ 49.286728][ T304] kthread+0x346/0x3d0 [ 49.290787][ T304] ? worker_clr_flags+0x190/0x190 [ 49.295800][ T304] ? kthread_blkcg+0xd0/0xd0 [ 49.300383][ T304] ret_from_fork+0x1f/0x30 [ 49.304794][ T304] Modules linked in: [ 49.308785][ T304] ---[ end trace 1523d3e99516525e ]--- [ 49.314325][ T304] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 49.320497][ T304] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 49.340156][ T304] RSP: 0018:ffffc90000bb7180 EFLAGS: 00010293 [ 49.346258][ T304] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff8881218dcf00 [ 49.354248][ T304] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 49.362224][ T304] RBP: ffffc90000bb74f0 R08: dffffc0000000000 R09: ffffed1024227185 [ 49.370194][ T304] R10: ffffed1024227185 R11: 1ffff11024227184 R12: dffffc0000000000 [ 49.378172][ T304] R13: ffff8881065a1000 R14: 0000008000000000 R15: ffff888121138c20 [ 49.386152][ T304] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 49.395107][ T304] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.401698][ T304] CR2: 0000000000000002 CR3: 000000010d0e9000 CR4: 00000000003506b0 [ 49.409653][ T304] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.417666][ T304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.425665][ T304] Kernel panic - not syncing: Fatal exception [ 49.432188][ T304] Kernel Offset: disabled [ 49.436508][ T304] Rebooting in 86400 seconds..