./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor423776463 <...> Warning: Permanently added '10.128.0.232' (ED25519) to the list of known hosts. execve("./syz-executor423776463", ["./syz-executor423776463"], 0x7ffd93c22520 /* 10 vars */) = 0 brk(NULL) = 0x55555a804000 brk(0x55555a804d00) = 0x55555a804d00 arch_prctl(ARCH_SET_FS, 0x55555a804380) = 0 set_tid_address(0x55555a804650) = 379 set_robust_list(0x55555a804660, 24) = 0 rseq(0x55555a804ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor423776463", 4096) = 27 getrandom("\x8d\x69\x8d\x2c\x8d\x68\xaa\x72", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555a804d00 brk(0x55555a825d00) = 0x55555a825d00 brk(0x55555a826000) = 0x55555a826000 mprotect(0x7f85420d0000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.QkQlDw", 0700) = 0 chmod("./syzkaller.QkQlDw", 0777) = 0 chdir("./syzkaller.QkQlDw") = 0 mkdir("./0", 0777) = 0 [ 44.909026][ T23] audit: type=1400 audit(1745553274.190:66): avc: denied { execmem } for pid=379 comm="syz-executor423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x55555a804660, 24) = 0 [pid 380] chdir("./0") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] write(1, "executing program\n", 18executing program ) = 18 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] memfd_create("syzkaller", 0) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7f8539c1d000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [ 44.949370][ T23] audit: type=1400 audit(1745553274.240:67): avc: denied { read write } for pid=379 comm="syz-executor423" name="loop0" dev="devtmpfs" ino=9413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 44.974647][ T23] audit: type=1400 audit(1745553274.240:68): avc: denied { open } for pid=379 comm="syz-executor423" path="/dev/loop0" dev="devtmpfs" ino=9413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 45.009631][ T23] audit: type=1400 audit(1745553274.240:69): avc: denied { ioctl } for pid=379 comm="syz-executor423" path="/dev/loop0" dev="devtmpfs" ino=9413 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 45.035361][ T23] audit: type=1400 audit(1745553274.270:70): avc: denied { read write } for pid=380 comm="syz-executor423" name="vhost-vsock" dev="devtmpfs" ino=9601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [ 45.059310][ T23] audit: type=1400 audit(1745553274.270:71): avc: denied { open } for pid=380 comm="syz-executor423" path="/dev/vhost-vsock" dev="devtmpfs" ino=9601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 45.067284][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 380] close(6) = 0 [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] write(6, "#! ./file1\n", 11) = 11 [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [ 45.109646][ T23] audit: type=1400 audit(1745553274.270:72): avc: denied { ioctl } for pid=380 comm="syz-executor423" path="/dev/vhost-vsock" dev="devtmpfs" ino=9601 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 45.133541][ T380] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set [pid 380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 45.135487][ T23] audit: type=1400 audit(1745553274.290:73): avc: denied { mounton } for pid=380 comm="syz-executor423" path="/root/syzkaller.QkQlDw/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 45.174069][ T23] audit: type=1400 audit(1745553274.390:74): avc: denied { mount } for pid=380 comm="syz-executor423" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 45.196360][ T23] audit: type=1400 audit(1745553274.420:75): avc: denied { write } for pid=380 comm="syz-executor423" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 387 ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x55555a804660, 24) = 0 [pid 387] chdir("./1") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] write(1, "executing program\n", 18executing program ) = 18 [pid 387] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 387] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 387] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 387] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 387] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 387] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 387] memfd_create("syzkaller", 0) = 5 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 387] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 387] munmap(0x7f8539c1d000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 387] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 387] close(5) = 0 [pid 387] close(6) = 0 [pid 387] mkdir("./file0", 0777) = 0 [pid 387] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 387] chdir("./file0") = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 387] ioctl(6, LOOP_CLR_FD) = 0 [pid 387] close(6) = 0 [pid 387] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 387] write(6, "#! ./file1\n", 11) = 11 [pid 387] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 45.381035][ T387] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 387] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 387] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=387, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 45.422903][ T388] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-387: bg 0: block 234: padding at end of block bitmap is not set [ 45.438414][ T388] vhost-387 (388) used greatest stack depth: 21648 bytes left umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 392 ./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x55555a804660, 24) = 0 [pid 392] chdir("./2") = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 392] write(1, "executing program\n", 18) = 18 [pid 392] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 392] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 392] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 392] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 392] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 392] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 392] memfd_create("syzkaller", 0) = 5 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 392] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 392] munmap(0x7f8539c1d000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 392] close(5) = 0 [pid 392] close(6) = 0 [pid 392] mkdir("./file0", 0777) = 0 [pid 392] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 392] chdir("./file0") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_CLR_FD) = 0 [pid 392] close(6) = 0 [pid 392] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 392] write(6, "#! ./file1\n", 11) = 11 [pid 392] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 392] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 392] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=392, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 45.600912][ T392] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.626330][ T392] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x55555a804660, 24) = 0 [pid 398] chdir("./3") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] <... clone resumed>, child_tidptr=0x55555a804650) = 398 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 398] write(1, "executing program\n", 18) = 18 [pid 398] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 398] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 398] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 398] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 398] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 398] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 398] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 398] memfd_create("syzkaller", 0) = 5 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 398] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 398] munmap(0x7f8539c1d000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 398] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 398] close(5) = 0 [pid 398] close(6) = 0 [pid 398] mkdir("./file0", 0777) = 0 [pid 398] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 398] chdir("./file0") = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 398] ioctl(6, LOOP_CLR_FD) = 0 [pid 398] close(6) = 0 [pid 398] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 398] write(6, "#! ./file1\n", 11) = 11 [pid 398] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 398] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 398] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=398, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 45.752375][ T398] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.783979][ T399] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-398: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 403 ./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x55555a804660, 24) = 0 [pid 403] chdir("./4") = 0 [pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 403] setpgid(0, 0) = 0 [pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 403] write(3, "1000", 4) = 4 [pid 403] close(3) = 0 [pid 403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 403] write(1, "executing program\n", 18executing program ) = 18 [pid 403] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 403] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 403] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 403] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 403] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 403] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 403] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 403] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 403] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 403] memfd_create("syzkaller", 0) = 5 [pid 403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 403] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 403] munmap(0x7f8539c1d000, 138412032) = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 403] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 403] close(5) = 0 [pid 403] close(6) = 0 [pid 403] mkdir("./file0", 0777) = 0 [pid 403] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 403] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 403] chdir("./file0") = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 403] ioctl(6, LOOP_CLR_FD) = 0 [pid 403] close(6) = 0 [pid 403] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 403] write(6, "#! ./file1\n", 11) = 11 [pid 403] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 403] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 403] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=403, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 45.960973][ T403] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.989916][ T403] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x55555a804660, 24) = 0 [pid 408] chdir("./5") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] write(1, "executing program\n", 18executing program ) = 18 [pid 408] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 408] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 408] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 408] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 408] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 408] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 408] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 408] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 408] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 408] memfd_create("syzkaller", 0) = 5 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 408] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 408] munmap(0x7f8539c1d000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 408] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 408] close(5) = 0 [pid 408] close(6) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 408] chdir("./file0") = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 408] ioctl(6, LOOP_CLR_FD) = 0 [pid 408] close(6) = 0 [pid 408] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 408] write(6, "#! ./file1\n", 11) = 11 [pid 408] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 408] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 408] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=408, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 46.131306][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.160486][ T408] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 413 ./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x55555a804660, 24) = 0 [pid 413] chdir("./6") = 0 [pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 413] setpgid(0, 0) = 0 [pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 413] write(3, "1000", 4) = 4 [pid 413] close(3) = 0 [pid 413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 413] write(1, "executing program\n", 18executing program ) = 18 [pid 413] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 413] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 413] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 413] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 413] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 413] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 413] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 413] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 413] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 413] memfd_create("syzkaller", 0) = 5 [pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 413] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 413] munmap(0x7f8539c1d000, 138412032) = 0 [pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 413] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 413] close(5) = 0 [pid 413] close(6) = 0 [pid 413] mkdir("./file0", 0777) = 0 [pid 413] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 413] chdir("./file0") = 0 [pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 413] ioctl(6, LOOP_CLR_FD) = 0 [pid 413] close(6) = 0 [pid 413] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 413] write(6, "#! ./file1\n", 11) = 11 [pid 413] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 413] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 413] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=413, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 46.320952][ T413] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.350009][ T414] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-413: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 418 ./strace-static-x86_64: Process 418 attached [pid 418] set_robust_list(0x55555a804660, 24) = 0 [pid 418] chdir("./7") = 0 [pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 418] setpgid(0, 0) = 0 [pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 418] write(3, "1000", 4) = 4 [pid 418] close(3) = 0 [pid 418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 418] write(1, "executing program\n", 18executing program ) = 18 [pid 418] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 418] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 418] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 418] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 418] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 418] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 418] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 418] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 418] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 418] memfd_create("syzkaller", 0) = 5 [pid 418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 418] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 418] munmap(0x7f8539c1d000, 138412032) = 0 [pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 418] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 418] close(5) = 0 [pid 418] close(6) = 0 [pid 418] mkdir("./file0", 0777) = 0 [pid 418] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 418] chdir("./file0") = 0 [pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 418] ioctl(6, LOOP_CLR_FD) = 0 [pid 418] close(6) = 0 [pid 418] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 418] write(6, "#! ./file1\n", 11) = 11 [pid 418] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 418] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 418] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=418, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 46.472340][ T418] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.501727][ T419] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-418: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x55555a804660, 24) = 0 [pid 423] chdir("./8") = 0 [pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 423] setpgid(0, 0) = 0 [pid 379] <... clone resumed>, child_tidptr=0x55555a804650) = 423 [pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 423] write(3, "1000", 4) = 4 [pid 423] close(3) = 0 [pid 423] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 423] write(1, "executing program\n", 18) = 18 [pid 423] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 423] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 423] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 423] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 423] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 423] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 423] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 423] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 423] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 423] memfd_create("syzkaller", 0) = 5 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 423] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 423] munmap(0x7f8539c1d000, 138412032) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 423] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 423] close(5) = 0 [pid 423] close(6) = 0 [pid 423] mkdir("./file0", 0777) = 0 [pid 423] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 423] chdir("./file0") = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 423] ioctl(6, LOOP_CLR_FD) = 0 [pid 423] close(6) = 0 [pid 423] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 423] write(6, "#! ./file1\n", 11) = 11 [pid 423] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 423] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 423] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=423, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 46.621060][ T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.652697][ T425] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-423: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 429 ./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x55555a804660, 24) = 0 [pid 429] chdir("./9") = 0 [pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 429] setpgid(0, 0) = 0 [pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 429] write(3, "1000", 4) = 4 [pid 429] close(3) = 0 [pid 429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 429] write(1, "executing program\n", 18executing program ) = 18 [pid 429] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 429] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 429] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 429] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 429] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 429] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 429] memfd_create("syzkaller", 0) = 5 [pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 429] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 429] munmap(0x7f8539c1d000, 138412032) = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 429] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 429] close(5) = 0 [pid 429] close(6) = 0 [pid 429] mkdir("./file0", 0777) = 0 [pid 429] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 429] chdir("./file0") = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 429] ioctl(6, LOOP_CLR_FD) = 0 [pid 429] close(6) = 0 [pid 429] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 429] write(6, "#! ./file1\n", 11) = 11 [pid 429] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 429] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 429] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=429, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 46.811116][ T429] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.842707][ T430] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-429: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 434 attached , child_tidptr=0x55555a804650) = 434 [pid 434] set_robust_list(0x55555a804660, 24) = 0 [pid 434] chdir("./10") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] write(1, "executing program\n", 18executing program ) = 18 [pid 434] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 434] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 434] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 434] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 434] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 434] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 434] memfd_create("syzkaller", 0) = 5 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 434] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 434] munmap(0x7f8539c1d000, 138412032) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 434] close(5) = 0 [pid 434] close(6) = 0 [pid 434] mkdir("./file0", 0777) = 0 [pid 434] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 434] chdir("./file0") = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_CLR_FD) = 0 [pid 434] close(6) = 0 [pid 434] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 434] write(6, "#! ./file1\n", 11) = 11 [pid 434] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 434] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=434, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 46.960979][ T434] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.990776][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-434: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x55555a804660, 24) = 0 [pid 439] chdir("./11") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] write(1, "executing program\n", 18executing program ) = 18 [pid 439] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 439] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 439] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 439] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 439] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 439] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 439] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 439] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 439] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 439] memfd_create("syzkaller", 0) = 5 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 439] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 439] munmap(0x7f8539c1d000, 138412032) = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 439] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 439] close(5) = 0 [pid 439] close(6) = 0 [pid 439] mkdir("./file0", 0777) = 0 [pid 439] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 439] chdir("./file0") = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 439] ioctl(6, LOOP_CLR_FD) = 0 [pid 439] close(6) = 0 [pid 439] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 439] write(6, "#! ./file1\n", 11) = 11 [pid 439] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 47.191049][ T439] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 439] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 439] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=439, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 47.232289][ T440] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-439: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 444 attached , child_tidptr=0x55555a804650) = 444 [pid 444] set_robust_list(0x55555a804660, 24) = 0 [pid 444] chdir("./12") = 0 [pid 444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 444] setpgid(0, 0) = 0 [pid 444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 444] write(3, "1000", 4) = 4 [pid 444] close(3) = 0 [pid 444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 444] write(1, "executing program\n", 18executing program ) = 18 [pid 444] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 444] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 444] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 444] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 444] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 444] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 444] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 444] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 444] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 444] memfd_create("syzkaller", 0) = 5 [pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 444] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 444] munmap(0x7f8539c1d000, 138412032) = 0 [pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 444] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 444] close(5) = 0 [pid 444] close(6) = 0 [pid 444] mkdir("./file0", 0777) = 0 [pid 444] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 444] chdir("./file0") = 0 [pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 444] ioctl(6, LOOP_CLR_FD) = 0 [pid 444] close(6) = 0 [pid 444] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 444] write(6, "#! ./file1\n", 11) = 11 [pid 444] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 444] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 444] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=444, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 47.406879][ T444] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 47.436904][ T445] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-444: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 449 ./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x55555a804660, 24) = 0 [pid 449] chdir("./13") = 0 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 449] setpgid(0, 0) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 449] write(3, "1000", 4) = 4 [pid 449] close(3) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 449] write(1, "executing program\n", 18executing program ) = 18 [pid 449] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 449] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 449] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 449] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 449] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 449] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 449] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 449] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 449] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 449] memfd_create("syzkaller", 0) = 5 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 449] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 449] munmap(0x7f8539c1d000, 138412032) = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 449] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 449] close(5) = 0 [pid 449] close(6) = 0 [pid 449] mkdir("./file0", 0777) = 0 [pid 449] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 449] chdir("./file0") = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 449] ioctl(6, LOOP_CLR_FD) = 0 [pid 449] close(6) = 0 [pid 449] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 449] write(6, "#! ./file1\n", 11) = 11 [pid 449] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 47.571334][ T449] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 449] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 449] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=449, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 47.610969][ T449] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 455 ./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x55555a804660, 24) = 0 [pid 455] chdir("./14") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 455] write(1, "executing program\n", 18executing program ) = 18 [pid 455] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 455] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 455] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 455] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 455] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 455] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 455] memfd_create("syzkaller", 0) = 5 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 455] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 455] munmap(0x7f8539c1d000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 455] close(5) = 0 [pid 455] close(6) = 0 [pid 455] mkdir("./file0", 0777) = 0 [pid 455] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 455] chdir("./file0") = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_CLR_FD) = 0 [pid 455] close(6) = 0 [pid 455] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 455] write(6, "#! ./file1\n", 11) = 11 [pid 455] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 455] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=455, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 47.801636][ T455] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 47.832860][ T456] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-455: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 460 ./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x55555a804660, 24) = 0 [pid 460] chdir("./15") = 0 [pid 460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 460] setpgid(0, 0) = 0 [pid 460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 460] write(3, "1000", 4) = 4 [pid 460] close(3) = 0 [pid 460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 460] write(1, "executing program\n", 18executing program ) = 18 [pid 460] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 460] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 460] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 460] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 460] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 460] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 460] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 460] memfd_create("syzkaller", 0) = 5 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 460] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 460] munmap(0x7f8539c1d000, 138412032) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 460] close(5) = 0 [pid 460] close(6) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 460] chdir("./file0") = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_CLR_FD) = 0 [pid 460] close(6) = 0 [pid 460] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 460] write(6, "#! ./file1\n", 11) = 11 [pid 460] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [ 48.021910][ T460] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 48.052083][ T461] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-460: bg 0: block 234: padding at end of block bitmap is not set [pid 460] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=460, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 48.067742][ T461] vhost-460 (461) used greatest stack depth: 21576 bytes left umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x55555a804660, 24) = 0 [pid 465] chdir("./16") = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 465] write(1, "executing program\n", 18executing program ) = 18 [pid 465] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 465] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 465] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 465] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 465] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 465] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 465] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 465] memfd_create("syzkaller", 0) = 5 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 465] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 465] munmap(0x7f8539c1d000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 465] close(5) = 0 [pid 465] close(6) = 0 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] close(6) = 0 [pid 465] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 465] write(6, "#! ./file1\n", 11) = 11 [pid 465] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 465] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 465] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 48.261005][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 48.292135][ T466] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-465: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 470 ./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x55555a804660, 24) = 0 [pid 470] chdir("./17") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 470] write(1, "executing program\n", 18) = 18 [pid 470] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 470] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 470] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 470] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 470] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 470] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 470] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 470] memfd_create("syzkaller", 0) = 5 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 470] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 470] munmap(0x7f8539c1d000, 138412032) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 470] close(5) = 0 [pid 470] close(6) = 0 [pid 470] mkdir("./file0", 0777) = 0 [pid 470] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 470] chdir("./file0") = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_CLR_FD) = 0 [pid 470] close(6) = 0 [pid 470] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 470] write(6, "#! ./file1\n", 11) = 11 [pid 470] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 470] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=470, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 48.431218][ T470] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 48.461594][ T471] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-470: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 475 ./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x55555a804660, 24) = 0 [pid 475] chdir("./18") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 475] write(1, "executing program\n", 18executing program ) = 18 [pid 475] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 475] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 475] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 475] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 475] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 475] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 475] memfd_create("syzkaller", 0) = 5 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 475] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 475] munmap(0x7f8539c1d000, 138412032) = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 475] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 475] close(5) = 0 [pid 475] close(6) = 0 [pid 475] mkdir("./file0", 0777) = 0 [pid 475] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 475] chdir("./file0") = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 475] ioctl(6, LOOP_CLR_FD) = 0 [pid 475] close(6) = 0 [pid 475] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 475] write(6, "#! ./file1\n", 11) = 11 [pid 475] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 475] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=475, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 48.651061][ T475] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 48.682409][ T476] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-475: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 481 ./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x55555a804660, 24) = 0 [pid 481] chdir("./19") = 0 [pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 481] setpgid(0, 0) = 0 [pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 481] write(3, "1000", 4) = 4 [pid 481] close(3) = 0 [pid 481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 481] write(1, "executing program\n", 18executing program ) = 18 [pid 481] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 481] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 481] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 481] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 481] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 481] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 481] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 481] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 481] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 481] memfd_create("syzkaller", 0) = 5 [pid 481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 481] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 481] munmap(0x7f8539c1d000, 138412032) = 0 [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 481] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 481] close(5) = 0 [pid 481] close(6) = 0 [pid 481] mkdir("./file0", 0777) = 0 [pid 481] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 481] chdir("./file0") = 0 [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 481] ioctl(6, LOOP_CLR_FD) = 0 [pid 481] close(6) = 0 [pid 481] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 481] write(6, "#! ./file1\n", 11) = 11 [pid 481] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 481] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 481] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=481, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 48.861150][ T481] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 48.893119][ T482] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-481: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 486 ./strace-static-x86_64: Process 486 attached [pid 486] set_robust_list(0x55555a804660, 24) = 0 [pid 486] chdir("./20") = 0 [pid 486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 486] setpgid(0, 0) = 0 [pid 486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 486] write(3, "1000", 4) = 4 [pid 486] close(3) = 0 [pid 486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 486] write(1, "executing program\n", 18executing program ) = 18 [pid 486] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 486] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 486] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 486] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 486] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 486] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 486] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 486] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 486] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 486] memfd_create("syzkaller", 0) = 5 [pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 486] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 486] munmap(0x7f8539c1d000, 138412032) = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 486] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 486] close(5) = 0 [pid 486] close(6) = 0 [pid 486] mkdir("./file0", 0777) = 0 [pid 486] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 486] chdir("./file0") = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 486] ioctl(6, LOOP_CLR_FD) = 0 [pid 486] close(6) = 0 [pid 486] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 486] write(6, "#! ./file1\n", 11) = 11 [pid 486] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 486] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 486] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=486, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 49.011169][ T486] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 49.039022][ T486] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 491 ./strace-static-x86_64: Process 491 attached [pid 491] set_robust_list(0x55555a804660, 24) = 0 [pid 491] chdir("./21") = 0 [pid 491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 491] setpgid(0, 0) = 0 [pid 491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 491] write(3, "1000", 4) = 4 [pid 491] close(3) = 0 [pid 491] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 491] write(1, "executing program\n", 18) = 18 [pid 491] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 491] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 491] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 491] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 491] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 491] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 491] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 491] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 491] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 491] memfd_create("syzkaller", 0) = 5 [pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 491] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 491] munmap(0x7f8539c1d000, 138412032) = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 491] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 491] close(5) = 0 [pid 491] close(6) = 0 [pid 491] mkdir("./file0", 0777) = 0 [pid 491] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 491] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 491] chdir("./file0") = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 491] ioctl(6, LOOP_CLR_FD) = 0 [pid 491] close(6) = 0 [pid 491] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 491] write(6, "#! ./file1\n", 11) = 11 [pid 491] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 491] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 491] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=491, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 49.191206][ T491] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 49.214354][ T491] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 496 ./strace-static-x86_64: Process 496 attached [pid 496] set_robust_list(0x55555a804660, 24) = 0 [pid 496] chdir("./22") = 0 [pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 496] setpgid(0, 0) = 0 [pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 496] write(3, "1000", 4) = 4 [pid 496] close(3) = 0 [pid 496] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 496] write(1, "executing program\n", 18) = 18 [pid 496] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 496] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 496] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 496] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 496] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 496] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 496] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 496] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 496] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 496] memfd_create("syzkaller", 0) = 5 [pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 496] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 496] munmap(0x7f8539c1d000, 138412032) = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 496] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 496] close(5) = 0 [pid 496] close(6) = 0 [pid 496] mkdir("./file0", 0777) = 0 [pid 496] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 496] chdir("./file0") = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 496] ioctl(6, LOOP_CLR_FD) = 0 [pid 496] close(6) = 0 [pid 496] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 496] write(6, "#! ./file1\n", 11) = 11 [pid 496] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 496] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 496] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=496, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 49.401090][ T496] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 49.427544][ T497] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-496: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 501 ./strace-static-x86_64: Process 501 attached [pid 501] set_robust_list(0x55555a804660, 24) = 0 [pid 501] chdir("./23") = 0 [pid 501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 501] setpgid(0, 0) = 0 [pid 501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 501] write(3, "1000", 4) = 4 [pid 501] close(3) = 0 [pid 501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 501] write(1, "executing program\n", 18executing program ) = 18 [pid 501] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 501] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 501] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 501] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 501] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 501] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 501] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 501] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 501] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 501] memfd_create("syzkaller", 0) = 5 [pid 501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 501] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 501] munmap(0x7f8539c1d000, 138412032) = 0 [pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 501] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 501] close(5) = 0 [pid 501] close(6) = 0 [pid 501] mkdir("./file0", 0777) = 0 [pid 501] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 501] chdir("./file0") = 0 [pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 501] ioctl(6, LOOP_CLR_FD) = 0 [pid 501] close(6) = 0 [pid 501] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 501] write(6, "#! ./file1\n", 11) = 11 [pid 501] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 501] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 501] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=501, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 49.561166][ T501] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 49.592881][ T502] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-501: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 507 attached , child_tidptr=0x55555a804650) = 507 [pid 507] set_robust_list(0x55555a804660, 24) = 0 [pid 507] chdir("./24") = 0 [pid 507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 507] setpgid(0, 0) = 0 [pid 507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 507] write(3, "1000", 4) = 4 [pid 507] close(3) = 0 [pid 507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 507] write(1, "executing program\n", 18executing program ) = 18 [pid 507] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 507] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 507] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 507] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 507] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 507] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 507] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 507] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 507] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 507] memfd_create("syzkaller", 0) = 5 [pid 507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 507] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 507] munmap(0x7f8539c1d000, 138412032) = 0 [pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 507] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 507] close(5) = 0 [pid 507] close(6) = 0 [pid 507] mkdir("./file0", 0777) = 0 [pid 507] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 507] chdir("./file0") = 0 [pid 507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 507] ioctl(6, LOOP_CLR_FD) = 0 [pid 507] close(6) = 0 [pid 507] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 507] write(6, "#! ./file1\n", 11) = 11 [pid 507] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 507] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 507] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=507, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 49.714206][ T507] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 49.745054][ T508] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-507: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 512 ./strace-static-x86_64: Process 512 attached [pid 512] set_robust_list(0x55555a804660, 24) = 0 [pid 512] chdir("./25") = 0 [pid 512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 512] setpgid(0, 0) = 0 [pid 512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 512] write(3, "1000", 4) = 4 [pid 512] close(3) = 0 [pid 512] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 512] write(1, "executing program\n", 18) = 18 [pid 512] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 512] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 512] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 512] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 512] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 512] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 512] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 512] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 512] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 512] memfd_create("syzkaller", 0) = 5 [pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 512] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 512] munmap(0x7f8539c1d000, 138412032) = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 512] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 512] close(5) = 0 [pid 512] close(6) = 0 [pid 512] mkdir("./file0", 0777) = 0 [pid 512] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 512] chdir("./file0") = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 512] ioctl(6, LOOP_CLR_FD) = 0 [pid 512] close(6) = 0 [pid 512] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 512] write(6, "#! ./file1\n", 11) = 11 [pid 512] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 49.851077][ T512] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 512] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 512] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=512, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 49.891169][ T513] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-512: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 517 ./strace-static-x86_64: Process 517 attached [pid 517] set_robust_list(0x55555a804660, 24) = 0 [pid 517] chdir("./26") = 0 [pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 517] setpgid(0, 0) = 0 [pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 517] write(3, "1000", 4) = 4 [pid 517] close(3) = 0 [pid 517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 517] write(1, "executing program\n", 18executing program ) = 18 [pid 517] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 517] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 517] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 517] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 517] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 517] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 517] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 517] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 517] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 517] memfd_create("syzkaller", 0) = 5 [pid 517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 517] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 517] munmap(0x7f8539c1d000, 138412032) = 0 [pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 517] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 517] close(5) = 0 [pid 517] close(6) = 0 [pid 517] mkdir("./file0", 0777) = 0 [pid 517] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 517] chdir("./file0") = 0 [pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 517] ioctl(6, LOOP_CLR_FD) = 0 [pid 517] close(6) = 0 [pid 517] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 517] write(6, "#! ./file1\n", 11) = 11 [pid 517] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 517] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 517] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=517, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 50.021250][ T517] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 50.048847][ T517] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 522 ./strace-static-x86_64: Process 522 attached [pid 522] set_robust_list(0x55555a804660, 24) = 0 [pid 522] chdir("./27") = 0 [pid 522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 522] setpgid(0, 0) = 0 [pid 522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 522] write(3, "1000", 4) = 4 [pid 522] close(3) = 0 [pid 522] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 522] write(1, "executing program\n", 18) = 18 [pid 522] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 522] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 522] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 522] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 522] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 522] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 522] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 522] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 522] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 522] memfd_create("syzkaller", 0) = 5 [pid 522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 522] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 522] munmap(0x7f8539c1d000, 138412032) = 0 [pid 522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 522] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 522] close(5) = 0 [pid 522] close(6) = 0 [pid 522] mkdir("./file0", 0777) = 0 [pid 522] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 522] chdir("./file0") = 0 [pid 522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 522] ioctl(6, LOOP_CLR_FD) = 0 [pid 522] close(6) = 0 [pid 522] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 522] write(6, "#! ./file1\n", 11) = 11 [pid 522] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 522] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 522] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=522, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 50.151007][ T522] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 50.180987][ T523] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-522: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 527 ./strace-static-x86_64: Process 527 attached [pid 527] set_robust_list(0x55555a804660, 24) = 0 [pid 527] chdir("./28") = 0 [pid 527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 527] setpgid(0, 0) = 0 [pid 527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 527] write(3, "1000", 4) = 4 [pid 527] close(3) = 0 [pid 527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 527] write(1, "executing program\n", 18executing program ) = 18 [pid 527] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 527] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 527] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 527] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 527] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 527] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 527] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 527] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 527] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 527] memfd_create("syzkaller", 0) = 5 [pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 527] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 527] munmap(0x7f8539c1d000, 138412032) = 0 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 527] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 527] close(5) = 0 [pid 527] close(6) = 0 [pid 527] mkdir("./file0", 0777) = 0 [pid 527] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 527] chdir("./file0") = 0 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 527] ioctl(6, LOOP_CLR_FD) = 0 [pid 527] close(6) = 0 [pid 527] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 527] write(6, "#! ./file1\n", 11) = 11 [pid 527] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 50.451236][ T527] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 527] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 527] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=527, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 50.491834][ T528] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-527: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 532 attached , child_tidptr=0x55555a804650) = 532 [pid 532] set_robust_list(0x55555a804660, 24) = 0 [pid 532] chdir("./29") = 0 [pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 532] setpgid(0, 0) = 0 [pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 532] write(3, "1000", 4) = 4 [pid 532] close(3) = 0 [pid 532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 532] write(1, "executing program\n", 18executing program ) = 18 [pid 532] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 532] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 532] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 532] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 532] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 532] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 532] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 532] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 532] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 532] memfd_create("syzkaller", 0) = 5 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 532] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 532] munmap(0x7f8539c1d000, 138412032) = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 532] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 532] close(5) = 0 [pid 532] close(6) = 0 [pid 532] mkdir("./file0", 0777) = 0 [pid 532] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 532] chdir("./file0") = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 532] ioctl(6, LOOP_CLR_FD) = 0 [pid 532] close(6) = 0 [pid 532] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 532] write(6, "#! ./file1\n", 11) = 11 [pid 532] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 532] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 532] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=532, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 50.666227][ T532] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 50.697747][ T534] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-532: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 538 ./strace-static-x86_64: Process 538 attached [pid 538] set_robust_list(0x55555a804660, 24) = 0 [pid 538] chdir("./30") = 0 [pid 538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 538] setpgid(0, 0) = 0 [pid 538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 538] write(3, "1000", 4) = 4 [pid 538] close(3) = 0 [pid 538] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 538] write(1, "executing program\n", 18) = 18 [pid 538] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 538] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 538] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 538] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 538] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 538] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 538] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 538] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 538] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 538] memfd_create("syzkaller", 0) = 5 [pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 538] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 538] munmap(0x7f8539c1d000, 138412032) = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 538] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 538] close(5) = 0 [pid 538] close(6) = 0 [pid 538] mkdir("./file0", 0777) = 0 [pid 538] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 538] chdir("./file0") = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 538] ioctl(6, LOOP_CLR_FD) = 0 [pid 538] close(6) = 0 [pid 538] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 538] write(6, "#! ./file1\n", 11) = 11 [pid 538] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 538] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 538] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=538, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 50.851011][ T538] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 50.881641][ T539] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-538: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 543 ./strace-static-x86_64: Process 543 attached [pid 543] set_robust_list(0x55555a804660, 24) = 0 [pid 543] chdir("./31") = 0 [pid 543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 543] setpgid(0, 0) = 0 [pid 543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 543] write(3, "1000", 4) = 4 [pid 543] close(3) = 0 [pid 543] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 543] write(1, "executing program\n", 18) = 18 [pid 543] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 543] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 543] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 543] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 543] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 543] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 543] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 543] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 543] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 543] memfd_create("syzkaller", 0) = 5 [pid 543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 543] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 543] munmap(0x7f8539c1d000, 138412032) = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 543] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 543] close(5) = 0 [pid 543] close(6) = 0 [pid 543] mkdir("./file0", 0777) = 0 [pid 543] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 543] chdir("./file0") = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 543] ioctl(6, LOOP_CLR_FD) = 0 [pid 543] close(6) = 0 [pid 543] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 543] write(6, "#! ./file1\n", 11) = 11 [pid 543] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 543] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 543] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=543, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 51.021045][ T543] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 51.052271][ T544] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-543: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 548 ./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x55555a804660, 24) = 0 [pid 548] chdir("./32") = 0 [pid 548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 548] setpgid(0, 0) = 0 [pid 548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 548] write(3, "1000", 4) = 4 [pid 548] close(3) = 0 [pid 548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 548] write(1, "executing program\n", 18executing program ) = 18 [pid 548] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 548] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 548] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 548] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 548] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 548] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 548] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 548] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 548] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 548] memfd_create("syzkaller", 0) = 5 [pid 548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 548] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 548] munmap(0x7f8539c1d000, 138412032) = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 548] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 548] close(5) = 0 [pid 548] close(6) = 0 [pid 548] mkdir("./file0", 0777) = 0 [pid 548] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 548] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 548] chdir("./file0") = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 548] ioctl(6, LOOP_CLR_FD) = 0 [pid 548] close(6) = 0 [pid 548] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 548] write(6, "#! ./file1\n", 11) = 11 [pid 548] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 548] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 548] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=548, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 51.211189][ T548] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 51.242436][ T549] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-548: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 553 ./strace-static-x86_64: Process 553 attached [pid 553] set_robust_list(0x55555a804660, 24) = 0 [pid 553] chdir("./33") = 0 [pid 553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 553] setpgid(0, 0) = 0 [pid 553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 553] write(3, "1000", 4) = 4 [pid 553] close(3) = 0 [pid 553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 553] write(1, "executing program\n", 18executing program ) = 18 [pid 553] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 553] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 553] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 553] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 553] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 553] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 553] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 553] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 553] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 553] memfd_create("syzkaller", 0) = 5 [pid 553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 553] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 553] munmap(0x7f8539c1d000, 138412032) = 0 [pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 553] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 553] close(5) = 0 [pid 553] close(6) = 0 [pid 553] mkdir("./file0", 0777) = 0 [pid 553] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 553] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 553] chdir("./file0") = 0 [pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 553] ioctl(6, LOOP_CLR_FD) = 0 [pid 553] close(6) = 0 [pid 553] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 553] write(6, "#! ./file1\n", 11) = 11 [pid 553] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 51.421199][ T553] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 553] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 553] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=553, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 51.462526][ T554] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-553: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 558 ./strace-static-x86_64: Process 558 attached [pid 558] set_robust_list(0x55555a804660, 24) = 0 [pid 558] chdir("./34") = 0 [pid 558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 558] setpgid(0, 0) = 0 [pid 558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 558] write(3, "1000", 4) = 4 [pid 558] close(3) = 0 [pid 558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 558] write(1, "executing program\n", 18executing program ) = 18 [pid 558] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 558] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 558] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 558] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 558] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 558] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 558] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 558] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 558] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 558] memfd_create("syzkaller", 0) = 5 [pid 558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 558] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 558] munmap(0x7f8539c1d000, 138412032) = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 558] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 558] close(5) = 0 [pid 558] close(6) = 0 [pid 558] mkdir("./file0", 0777) = 0 [pid 558] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 558] chdir("./file0") = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 558] ioctl(6, LOOP_CLR_FD) = 0 [pid 558] close(6) = 0 [pid 558] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 558] write(6, "#! ./file1\n", 11) = 11 [pid 558] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 558] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 558] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=558, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 51.611035][ T558] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 51.642903][ T559] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-558: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 564 attached , child_tidptr=0x55555a804650) = 564 [pid 564] set_robust_list(0x55555a804660, 24) = 0 [pid 564] chdir("./35") = 0 [pid 564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 564] setpgid(0, 0) = 0 [pid 564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 564] write(3, "1000", 4) = 4 [pid 564] close(3) = 0 [pid 564] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 564] write(1, "executing program\n", 18) = 18 [pid 564] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 564] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 564] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 564] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 564] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 564] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 564] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 564] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 564] memfd_create("syzkaller", 0) = 5 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 564] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 564] munmap(0x7f8539c1d000, 138412032) = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 564] close(5) = 0 [pid 564] close(6) = 0 [pid 564] mkdir("./file0", 0777) = 0 [pid 564] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 564] chdir("./file0") = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_CLR_FD) = 0 [pid 564] close(6) = 0 [pid 564] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 564] write(6, "#! ./file1\n", 11) = 11 [pid 564] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 564] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 564] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=564, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 51.821246][ T564] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 51.852901][ T565] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-564: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 569 ./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x55555a804660, 24) = 0 [pid 569] chdir("./36") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 569] write(1, "executing program\n", 18) = 18 [pid 569] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 569] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 569] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 569] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 569] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 569] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 569] memfd_create("syzkaller", 0) = 5 [pid 569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 569] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 569] munmap(0x7f8539c1d000, 138412032) = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 569] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 569] close(5) = 0 [pid 569] close(6) = 0 [pid 569] mkdir("./file0", 0777) = 0 [pid 569] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 569] chdir("./file0") = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 569] ioctl(6, LOOP_CLR_FD) = 0 [pid 569] close(6) = 0 [pid 569] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 569] write(6, "#! ./file1\n", 11) = 11 [pid 569] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 569] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 569] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=569, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 52.041231][ T569] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 52.072128][ T570] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-569: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 574 ./strace-static-x86_64: Process 574 attached [pid 574] set_robust_list(0x55555a804660, 24) = 0 [pid 574] chdir("./37") = 0 [pid 574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 574] setpgid(0, 0) = 0 [pid 574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 574] write(3, "1000", 4) = 4 [pid 574] close(3) = 0 [pid 574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 574] write(1, "executing program\n", 18executing program ) = 18 [pid 574] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 574] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 574] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 574] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 574] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 574] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 574] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 574] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 574] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 574] memfd_create("syzkaller", 0) = 5 [pid 574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 574] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 574] munmap(0x7f8539c1d000, 138412032) = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 574] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 574] close(5) = 0 [pid 574] close(6) = 0 [pid 574] mkdir("./file0", 0777) = 0 [pid 574] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 574] chdir("./file0") = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 574] ioctl(6, LOOP_CLR_FD) = 0 [pid 574] close(6) = 0 [pid 574] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 574] write(6, "#! ./file1\n", 11) = 11 [pid 574] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 574] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 574] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=574, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 52.211253][ T574] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 52.234654][ T574] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 579 ./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x55555a804660, 24) = 0 [pid 579] chdir("./38") = 0 [pid 579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 579] setpgid(0, 0) = 0 [pid 579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 579] write(3, "1000", 4) = 4 [pid 579] close(3) = 0 [pid 579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 579] write(1, "executing program\n", 18executing program ) = 18 [pid 579] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 579] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 579] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 579] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 579] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 579] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 579] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 579] memfd_create("syzkaller", 0) = 5 [pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 579] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 579] munmap(0x7f8539c1d000, 138412032) = 0 [pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 579] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 579] close(5) = 0 [pid 579] close(6) = 0 [pid 579] mkdir("./file0", 0777) = 0 [pid 579] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 579] chdir("./file0") = 0 [pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 579] ioctl(6, LOOP_CLR_FD) = 0 [pid 579] close(6) = 0 [pid 579] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 579] write(6, "#! ./file1\n", 11) = 11 [pid 579] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 579] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 579] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=579, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 52.349997][ T579] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 52.381928][ T580] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-579: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 584 ./strace-static-x86_64: Process 584 attached [pid 584] set_robust_list(0x55555a804660, 24) = 0 [pid 584] chdir("./39") = 0 [pid 584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 584] setpgid(0, 0) = 0 [pid 584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 584] write(3, "1000", 4) = 4 [pid 584] close(3) = 0 [pid 584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 584] write(1, "executing program\n", 18executing program ) = 18 [pid 584] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 584] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 584] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 584] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 584] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 584] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 584] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 584] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 584] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 584] memfd_create("syzkaller", 0) = 5 [pid 584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 584] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 584] munmap(0x7f8539c1d000, 138412032) = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 584] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 584] close(5) = 0 [pid 584] close(6) = 0 [pid 584] mkdir("./file0", 0777) = 0 [pid 584] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 584] chdir("./file0") = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 584] ioctl(6, LOOP_CLR_FD) = 0 [pid 584] close(6) = 0 [pid 584] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 584] write(6, "#! ./file1\n", 11) = 11 [pid 584] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 52.671194][ T584] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 584] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 584] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=584, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 52.713196][ T585] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-584: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 590 attached , child_tidptr=0x55555a804650) = 590 [pid 590] set_robust_list(0x55555a804660, 24) = 0 [pid 590] chdir("./40") = 0 [pid 590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 590] setpgid(0, 0) = 0 [pid 590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 590] write(3, "1000", 4) = 4 [pid 590] close(3) = 0 [pid 590] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 590] write(1, "executing program\n", 18) = 18 [pid 590] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 590] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 590] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 590] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 590] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 590] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 590] memfd_create("syzkaller", 0) = 5 [pid 590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 590] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 590] munmap(0x7f8539c1d000, 138412032) = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 590] close(5) = 0 [pid 590] close(6) = 0 [pid 590] mkdir("./file0", 0777) = 0 [pid 590] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 590] chdir("./file0") = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_CLR_FD) = 0 [pid 590] close(6) = 0 [pid 590] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 590] write(6, "#! ./file1\n", 11) = 11 [pid 590] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [ 52.900675][ T590] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 52.923568][ T590] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set [ 52.940179][ T591] EXT4-fs error (device loop0): ext4_map_blocks:731: inode #18: block 62218: comm vhost-590: lblock 0 mapped to illegal pblock 62218 (length 1) [ 52.956092][ T591] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #18: block 62218: comm vhost-590: lblock 0 mapped to illegal pblock 62218 (length 1) [ 52.971024][ T591] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #18: block 62218: comm vhost-590: lblock 0 mapped to illegal pblock 62218 (length 1) [ 52.985751][ T591] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #18: block 62218: comm vhost-590: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 590] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=590, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 53.000588][ T591] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #18: block 62218: comm vhost-590: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 595 ./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x55555a804660, 24) = 0 [pid 595] chdir("./41") = 0 [pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 595] setpgid(0, 0) = 0 [pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 595] write(3, "1000", 4) = 4 [pid 595] close(3) = 0 [pid 595] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 595] write(1, "executing program\n", 18) = 18 [pid 595] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 595] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 595] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 595] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 595] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 595] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 595] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 595] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 595] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 595] memfd_create("syzkaller", 0) = 5 [pid 595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 595] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 595] munmap(0x7f8539c1d000, 138412032) = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 595] close(5) = 0 [pid 595] close(6) = 0 [pid 595] mkdir("./file0", 0777) = 0 [pid 595] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 595] chdir("./file0") = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_CLR_FD) = 0 [pid 595] close(6) = 0 [pid 595] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 595] write(6, "#! ./file1\n", 11) = 11 [pid 595] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 595] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=595, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 53.151142][ T595] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 53.178047][ T595] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 600 ./strace-static-x86_64: Process 600 attached [pid 600] set_robust_list(0x55555a804660, 24) = 0 [pid 600] chdir("./42") = 0 [pid 600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 600] setpgid(0, 0) = 0 [pid 600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 600] write(3, "1000", 4) = 4 [pid 600] close(3) = 0 [pid 600] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 600] write(1, "executing program\n", 18) = 18 [pid 600] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 600] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 600] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 600] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 600] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 600] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 600] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 600] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 600] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 600] memfd_create("syzkaller", 0) = 5 [pid 600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 600] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 600] munmap(0x7f8539c1d000, 138412032) = 0 [pid 600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 600] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 600] close(5) = 0 [pid 600] close(6) = 0 [pid 600] mkdir("./file0", 0777) = 0 [pid 600] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 600] chdir("./file0") = 0 [pid 600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 600] ioctl(6, LOOP_CLR_FD) = 0 [pid 600] close(6) = 0 [pid 600] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 600] write(6, "#! ./file1\n", 11) = 11 [pid 600] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 600] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=600, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 53.381033][ T600] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 53.412177][ T601] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-600: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 605 attached , child_tidptr=0x55555a804650) = 605 [pid 605] set_robust_list(0x55555a804660, 24) = 0 [pid 605] chdir("./43") = 0 [pid 605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 605] setpgid(0, 0) = 0 [pid 605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 605] write(3, "1000", 4) = 4 [pid 605] close(3) = 0 [pid 605] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 605] write(1, "executing program\n", 18) = 18 [pid 605] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 605] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 605] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 605] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 605] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 605] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 605] memfd_create("syzkaller", 0) = 5 [pid 605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 605] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 605] munmap(0x7f8539c1d000, 138412032) = 0 [pid 605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 605] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 605] close(5) = 0 [pid 605] close(6) = 0 [pid 605] mkdir("./file0", 0777) = 0 [pid 605] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 605] chdir("./file0") = 0 [pid 605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 605] ioctl(6, LOOP_CLR_FD) = 0 [pid 605] close(6) = 0 [pid 605] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 605] write(6, "#! ./file1\n", 11) = 11 [pid 605] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 605] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=605, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 53.567601][ T605] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 53.598659][ T606] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-605: bg 0: block 234: padding at end of block bitmap is not set rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 611 ./strace-static-x86_64: Process 611 attached [pid 611] set_robust_list(0x55555a804660, 24) = 0 [pid 611] chdir("./44") = 0 [pid 611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 611] setpgid(0, 0) = 0 [pid 611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 611] write(3, "1000", 4) = 4 [pid 611] close(3) = 0 [pid 611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 611] write(1, "executing program\n", 18executing program ) = 18 [pid 611] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 611] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 611] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 611] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 611] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 611] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 611] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 611] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 611] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 611] memfd_create("syzkaller", 0) = 5 [pid 611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 611] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 611] munmap(0x7f8539c1d000, 138412032) = 0 [pid 611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 611] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 611] close(5) = 0 [pid 611] close(6) = 0 [pid 611] mkdir("./file0", 0777) = 0 [pid 611] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 611] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 611] chdir("./file0") = 0 [pid 611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 611] ioctl(6, LOOP_CLR_FD) = 0 [pid 611] close(6) = 0 [pid 611] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 611] write(6, "#! ./file1\n", 11) = 11 [pid 611] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 611] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 611] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=611, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 53.684799][ T611] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 53.716635][ T612] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-611: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 616 ./strace-static-x86_64: Process 616 attached [pid 616] set_robust_list(0x55555a804660, 24) = 0 [pid 616] chdir("./45") = 0 [pid 616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 616] setpgid(0, 0) = 0 [pid 616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 616] write(3, "1000", 4) = 4 [pid 616] close(3) = 0 [pid 616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 616] write(1, "executing program\n", 18executing program ) = 18 [pid 616] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 616] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 616] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 616] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 616] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 616] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 616] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 616] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 616] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 616] memfd_create("syzkaller", 0) = 5 [pid 616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 616] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 616] munmap(0x7f8539c1d000, 138412032) = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 616] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 616] close(5) = 0 [pid 616] close(6) = 0 [pid 616] mkdir("./file0", 0777) = 0 [pid 616] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 616] chdir("./file0") = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 616] ioctl(6, LOOP_CLR_FD) = 0 [pid 616] close(6) = 0 [pid 616] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 616] write(6, "#! ./file1\n", 11) = 11 [pid 616] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 616] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 616] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=616, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 53.891120][ T616] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 53.923543][ T617] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-616: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 621 ./strace-static-x86_64: Process 621 attached [pid 621] set_robust_list(0x55555a804660, 24) = 0 [pid 621] chdir("./46") = 0 [pid 621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 621] setpgid(0, 0) = 0 [pid 621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 621] write(3, "1000", 4) = 4 [pid 621] close(3) = 0 [pid 621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 621] write(1, "executing program\n", 18executing program ) = 18 [pid 621] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 621] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 621] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 621] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 621] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 621] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 621] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 621] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 621] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 621] memfd_create("syzkaller", 0) = 5 [pid 621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 621] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 621] munmap(0x7f8539c1d000, 138412032) = 0 [pid 621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 621] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 621] close(5) = 0 [pid 621] close(6) = 0 [pid 621] mkdir("./file0", 0777) = 0 [pid 621] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 621] chdir("./file0") = 0 [pid 621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 621] ioctl(6, LOOP_CLR_FD) = 0 [pid 621] close(6) = 0 [pid 621] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 621] write(6, "#! ./file1\n", 11) = 11 [pid 621] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 621] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 621] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=621, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 54.051119][ T621] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 54.082735][ T622] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-621: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 626 ./strace-static-x86_64: Process 626 attached [pid 626] set_robust_list(0x55555a804660, 24) = 0 [pid 626] chdir("./47") = 0 [pid 626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 626] setpgid(0, 0) = 0 [pid 626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 626] write(3, "1000", 4) = 4 [pid 626] close(3) = 0 [pid 626] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 626] write(1, "executing program\n", 18) = 18 [pid 626] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 626] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 626] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 626] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 626] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 626] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 626] memfd_create("syzkaller", 0) = 5 [pid 626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 626] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 626] munmap(0x7f8539c1d000, 138412032) = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 626] close(5) = 0 [pid 626] close(6) = 0 [pid 626] mkdir("./file0", 0777) = 0 [pid 626] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 626] chdir("./file0") = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_CLR_FD) = 0 [pid 626] close(6) = 0 [pid 626] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 626] write(6, "#! ./file1\n", 11) = 11 [pid 626] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 626] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=626, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 54.211067][ T626] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 54.242838][ T627] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-626: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 631 ./strace-static-x86_64: Process 631 attached [pid 631] set_robust_list(0x55555a804660, 24) = 0 [pid 631] chdir("./48") = 0 [pid 631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 631] setpgid(0, 0) = 0 [pid 631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 631] write(3, "1000", 4) = 4 [pid 631] close(3) = 0 [pid 631] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 631] write(1, "executing program\n", 18) = 18 [pid 631] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 631] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 631] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 631] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 631] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 631] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 631] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 631] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 631] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 631] memfd_create("syzkaller", 0) = 5 [pid 631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 631] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 631] munmap(0x7f8539c1d000, 138412032) = 0 [pid 631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 631] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 631] close(5) = 0 [pid 631] close(6) = 0 [pid 631] mkdir("./file0", 0777) = 0 [pid 631] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 631] chdir("./file0") = 0 [pid 631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 631] ioctl(6, LOOP_CLR_FD) = 0 [pid 631] close(6) = 0 [pid 631] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 631] write(6, "#! ./file1\n", 11) = 11 [pid 631] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 631] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 631] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=631, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 54.369448][ T631] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 54.400880][ T632] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-631: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 636 ./strace-static-x86_64: Process 636 attached [pid 636] set_robust_list(0x55555a804660, 24) = 0 [pid 636] chdir("./49") = 0 [pid 636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 636] setpgid(0, 0) = 0 [pid 636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 636] write(3, "1000", 4) = 4 [pid 636] close(3) = 0 [pid 636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 636] write(1, "executing program\n", 18executing program ) = 18 [pid 636] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 636] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 636] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 636] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 636] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 636] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 636] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 636] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 636] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 636] memfd_create("syzkaller", 0) = 5 [pid 636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 636] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 636] munmap(0x7f8539c1d000, 138412032) = 0 [pid 636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 636] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 636] close(5) = 0 [pid 636] close(6) = 0 [pid 636] mkdir("./file0", 0777) = 0 [pid 636] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 636] chdir("./file0") = 0 [pid 636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 636] ioctl(6, LOOP_CLR_FD) = 0 [pid 636] close(6) = 0 [pid 636] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 636] write(6, "#! ./file1\n", 11) = 11 [pid 636] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 636] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 636] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=636, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 54.567948][ T636] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 54.599446][ T637] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-636: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 642 ./strace-static-x86_64: Process 642 attached [pid 642] set_robust_list(0x55555a804660, 24) = 0 [pid 642] chdir("./50") = 0 [pid 642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 642] setpgid(0, 0) = 0 [pid 642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 642] write(3, "1000", 4) = 4 [pid 642] close(3) = 0 [pid 642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 642] write(1, "executing program\n", 18executing program ) = 18 [pid 642] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 642] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 642] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 642] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 642] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 642] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 642] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 642] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 642] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 642] memfd_create("syzkaller", 0) = 5 [pid 642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 642] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 642] munmap(0x7f8539c1d000, 138412032) = 0 [pid 642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 642] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 642] close(5) = 0 [pid 642] close(6) = 0 [pid 642] mkdir("./file0", 0777) = 0 [pid 642] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 642] chdir("./file0") = 0 [pid 642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 642] ioctl(6, LOOP_CLR_FD) = 0 [pid 642] close(6) = 0 [pid 642] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 642] write(6, "#! ./file1\n", 11) = 11 [pid 642] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 54.771086][ T642] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 642] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 642] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=642, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 54.812436][ T643] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-642: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 647 attached , child_tidptr=0x55555a804650) = 647 [pid 647] set_robust_list(0x55555a804660, 24) = 0 [pid 647] chdir("./51") = 0 [pid 647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 647] setpgid(0, 0) = 0 [pid 647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 647] write(3, "1000", 4) = 4 [pid 647] close(3) = 0 [pid 647] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 647] write(1, "executing program\n", 18) = 18 [pid 647] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 647] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 647] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 647] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 647] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 647] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 647] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 647] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 647] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 647] memfd_create("syzkaller", 0) = 5 [pid 647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 647] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 647] munmap(0x7f8539c1d000, 138412032) = 0 [pid 647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 647] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 647] close(5) = 0 [pid 647] close(6) = 0 [pid 647] mkdir("./file0", 0777) = 0 [pid 647] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 647] chdir("./file0") = 0 [pid 647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 647] ioctl(6, LOOP_CLR_FD) = 0 [pid 647] close(6) = 0 [pid 647] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 647] write(6, "#! ./file1\n", 11) = 11 [pid 647] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 647] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 647] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=647, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 54.950993][ T647] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 54.982864][ T648] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-647: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 652 ./strace-static-x86_64: Process 652 attached [pid 652] set_robust_list(0x55555a804660, 24) = 0 [pid 652] chdir("./52") = 0 [pid 652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 652] setpgid(0, 0) = 0 [pid 652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 652] write(3, "1000", 4) = 4 [pid 652] close(3) = 0 [pid 652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 652] write(1, "executing program\n", 18executing program ) = 18 [pid 652] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 652] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 652] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 652] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 652] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 652] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 652] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 652] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 652] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 652] memfd_create("syzkaller", 0) = 5 [pid 652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 652] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 652] munmap(0x7f8539c1d000, 138412032) = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 652] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 652] close(5) = 0 [pid 652] close(6) = 0 [pid 652] mkdir("./file0", 0777) = 0 [pid 652] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 652] chdir("./file0") = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 652] ioctl(6, LOOP_CLR_FD) = 0 [pid 652] close(6) = 0 [pid 652] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 652] write(6, "#! ./file1\n", 11) = 11 [pid 652] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 652] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 652] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=652, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 55.161067][ T652] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 55.185983][ T652] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 657 ./strace-static-x86_64: Process 657 attached [pid 657] set_robust_list(0x55555a804660, 24) = 0 [pid 657] chdir("./53") = 0 [pid 657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 657] setpgid(0, 0) = 0 [pid 657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 657] write(3, "1000", 4) = 4 [pid 657] close(3) = 0 [pid 657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 657] write(1, "executing program\n", 18executing program ) = 18 [pid 657] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 657] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 657] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 657] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 657] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 657] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 657] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 657] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 657] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 657] memfd_create("syzkaller", 0) = 5 [pid 657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 657] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 657] munmap(0x7f8539c1d000, 138412032) = 0 [pid 657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 657] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 657] close(5) = 0 [pid 657] close(6) = 0 [pid 657] mkdir("./file0", 0777) = 0 [pid 657] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 657] chdir("./file0") = 0 [pid 657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 657] ioctl(6, LOOP_CLR_FD) = 0 [pid 657] close(6) = 0 [pid 657] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 657] write(6, "#! ./file1\n", 11) = 11 [pid 657] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 657] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 657] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=657, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 55.341032][ T657] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 55.372235][ T658] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-657: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 662 ./strace-static-x86_64: Process 662 attached [pid 662] set_robust_list(0x55555a804660, 24) = 0 [pid 662] chdir("./54") = 0 [pid 662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 662] setpgid(0, 0) = 0 [pid 662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 662] write(3, "1000", 4) = 4 [pid 662] close(3) = 0 [pid 662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 662] write(1, "executing program\n", 18executing program ) = 18 [pid 662] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 662] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 662] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 662] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 662] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 662] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 662] memfd_create("syzkaller", 0) = 5 [pid 662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 662] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 662] munmap(0x7f8539c1d000, 138412032) = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 662] close(5) = 0 [pid 662] close(6) = 0 [pid 662] mkdir("./file0", 0777) = 0 [pid 662] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 662] chdir("./file0") = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_CLR_FD) = 0 [pid 662] close(6) = 0 [pid 662] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 662] write(6, "#! ./file1\n", 11) = 11 [pid 662] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 662] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 662] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=662, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 55.541279][ T662] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 55.567609][ T662] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 667 ./strace-static-x86_64: Process 667 attached [pid 667] set_robust_list(0x55555a804660, 24) = 0 [pid 667] chdir("./55") = 0 [pid 667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 667] setpgid(0, 0) = 0 [pid 667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 667] write(3, "1000", 4) = 4 [pid 667] close(3) = 0 [pid 667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 667] write(1, "executing program\n", 18executing program ) = 18 [pid 667] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 667] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 667] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 667] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 667] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 667] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 667] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 667] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 667] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 667] memfd_create("syzkaller", 0) = 5 [pid 667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 667] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 667] munmap(0x7f8539c1d000, 138412032) = 0 [pid 667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 667] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 667] close(5) = 0 [pid 667] close(6) = 0 [pid 667] mkdir("./file0", 0777) = 0 [pid 667] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 667] chdir("./file0") = 0 [pid 667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 667] ioctl(6, LOOP_CLR_FD) = 0 [pid 667] close(6) = 0 [pid 667] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 667] write(6, "#! ./file1\n", 11) = 11 [pid 667] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 55.731090][ T667] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 667] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 667] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=667, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 55.772445][ T669] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-667: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 673 ./strace-static-x86_64: Process 673 attached [pid 673] set_robust_list(0x55555a804660, 24) = 0 [pid 673] chdir("./56") = 0 [pid 673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 673] setpgid(0, 0) = 0 [pid 673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 673] write(3, "1000", 4) = 4 [pid 673] close(3) = 0 [pid 673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 673] write(1, "executing program\n", 18executing program ) = 18 [pid 673] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 673] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 673] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 673] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 673] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 673] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 673] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 673] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 673] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 673] memfd_create("syzkaller", 0) = 5 [pid 673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 673] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 673] munmap(0x7f8539c1d000, 138412032) = 0 [pid 673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 673] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 673] close(5) = 0 [pid 673] close(6) = 0 [pid 673] mkdir("./file0", 0777) = 0 [pid 673] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 673] chdir("./file0") = 0 [pid 673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 673] ioctl(6, LOOP_CLR_FD) = 0 [pid 673] close(6) = 0 [pid 673] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 673] write(6, "#! ./file1\n", 11) = 11 [pid 673] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 673] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 673] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=673, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 55.901100][ T673] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 55.933900][ T674] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-673: bg 0: block 234: padding at end of block bitmap is not set umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 678 attached , child_tidptr=0x55555a804650) = 678 [pid 678] set_robust_list(0x55555a804660, 24) = 0 [pid 678] chdir("./57") = 0 [pid 678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 678] setpgid(0, 0) = 0 [pid 678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 678] write(3, "1000", 4) = 4 [pid 678] close(3) = 0 [pid 678] symlink("/dev/binderfs", "./binderfs") = 0 [pid 678] write(1, "executing program\n", 18executing program ) = 18 [pid 678] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 678] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 678] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 678] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 678] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 678] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 678] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 678] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 678] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 678] memfd_create("syzkaller", 0) = 5 [pid 678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 678] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 678] munmap(0x7f8539c1d000, 138412032) = 0 [pid 678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 678] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 678] close(5) = 0 [pid 678] close(6) = 0 [pid 678] mkdir("./file0", 0777) = 0 [pid 678] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 678] chdir("./file0") = 0 [pid 678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 678] ioctl(6, LOOP_CLR_FD) = 0 [pid 678] close(6) = 0 [pid 678] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 678] write(6, "#! ./file1\n", 11) = 11 [pid 678] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 56.231035][ T678] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 678] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 678] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=678, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 56.273191][ T679] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-678: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 683 ./strace-static-x86_64: Process 683 attached [pid 683] set_robust_list(0x55555a804660, 24) = 0 [pid 683] chdir("./58") = 0 [pid 683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 683] setpgid(0, 0) = 0 [pid 683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 683] write(3, "1000", 4) = 4 [pid 683] close(3) = 0 [pid 683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 683] write(1, "executing program\n", 18executing program ) = 18 [pid 683] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 683] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 683] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 683] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 683] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 683] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 683] memfd_create("syzkaller", 0) = 5 [pid 683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 683] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 683] munmap(0x7f8539c1d000, 138412032) = 0 [pid 683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 683] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 683] close(5) = 0 [pid 683] close(6) = 0 [pid 683] mkdir("./file0", 0777) = 0 [pid 683] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 683] chdir("./file0") = 0 [pid 683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 683] ioctl(6, LOOP_CLR_FD) = 0 [pid 683] close(6) = 0 [pid 683] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 683] write(6, "#! ./file1\n", 11) = 11 [pid 683] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 683] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 683] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=683, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 56.451178][ T683] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 56.481689][ T683] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 688 attached [pid 688] set_robust_list(0x55555a804660, 24) = 0 [pid 688] chdir("./59") = 0 [pid 688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 688] setpgid(0, 0) = 0 [pid 688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 688] write(3, "1000", 4) = 4 [pid 688] close(3) = 0 [pid 688] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 688] write(1, "executing program\n", 18) = 18 [pid 379] <... clone resumed>, child_tidptr=0x55555a804650) = 688 [pid 688] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 688] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 688] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 688] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 688] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 688] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 688] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 688] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 688] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 688] memfd_create("syzkaller", 0) = 5 [pid 688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 688] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 688] munmap(0x7f8539c1d000, 138412032) = 0 [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 688] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 688] close(5) = 0 [pid 688] close(6) = 0 [pid 688] mkdir("./file0", 0777) = 0 [pid 688] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 688] chdir("./file0") = 0 [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 688] ioctl(6, LOOP_CLR_FD) = 0 [pid 688] close(6) = 0 [pid 688] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 688] write(6, "#! ./file1\n", 11) = 11 [pid 688] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 56.781236][ T688] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 688] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 688] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=688, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 56.823902][ T689] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-688: bg 0: block 234: padding at end of block bitmap is not set umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 694 ./strace-static-x86_64: Process 694 attached [pid 694] set_robust_list(0x55555a804660, 24) = 0 [pid 694] chdir("./60") = 0 [pid 694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 694] setpgid(0, 0) = 0 [pid 694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 694] write(3, "1000", 4) = 4 [pid 694] close(3) = 0 [pid 694] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 694] write(1, "executing program\n", 18) = 18 [pid 694] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 694] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 694] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 694] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 694] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 694] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 694] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 694] memfd_create("syzkaller", 0) = 5 [pid 694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 694] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 694] munmap(0x7f8539c1d000, 138412032) = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 694] close(5) = 0 [pid 694] close(6) = 0 [pid 694] mkdir("./file0", 0777) = 0 [pid 694] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 694] chdir("./file0") = 0 [pid 694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 694] ioctl(6, LOOP_CLR_FD) = 0 [pid 694] close(6) = 0 [pid 694] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 694] write(6, "#! ./file1\n", 11) = 11 [pid 694] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 694] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 694] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=694, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 56.941393][ T694] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 56.971504][ T695] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-694: bg 0: block 234: padding at end of block bitmap is not set umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 699 ./strace-static-x86_64: Process 699 attached [pid 699] set_robust_list(0x55555a804660, 24) = 0 [pid 699] chdir("./61") = 0 [pid 699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 699] setpgid(0, 0) = 0 [pid 699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 699] write(3, "1000", 4) = 4 [pid 699] close(3) = 0 [pid 699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 699] write(1, "executing program\n", 18executing program ) = 18 [pid 699] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 699] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 699] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 699] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 699] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 699] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 699] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 699] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 699] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 699] memfd_create("syzkaller", 0) = 5 [pid 699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 699] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 699] munmap(0x7f8539c1d000, 138412032) = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 699] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 699] close(5) = 0 [pid 699] close(6) = 0 [pid 699] mkdir("./file0", 0777) = 0 [pid 699] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 699] chdir("./file0") = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 699] ioctl(6, LOOP_CLR_FD) = 0 [pid 699] close(6) = 0 [pid 699] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 699] write(6, "#! ./file1\n", 11) = 11 [pid 699] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 699] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 699] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=699, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 57.171070][ T699] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 57.203109][ T700] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-699: bg 0: block 234: padding at end of block bitmap is not set umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 704 attached , child_tidptr=0x55555a804650) = 704 [pid 704] set_robust_list(0x55555a804660, 24) = 0 [pid 704] chdir("./62") = 0 [pid 704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 704] setpgid(0, 0) = 0 [pid 704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 704] write(3, "1000", 4) = 4 [pid 704] close(3) = 0 [pid 704] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 704] write(1, "executing program\n", 18) = 18 [pid 704] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 704] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 704] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 704] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 704] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 704] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 704] memfd_create("syzkaller", 0) = 5 [pid 704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 704] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 704] munmap(0x7f8539c1d000, 138412032) = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 704] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 704] close(5) = 0 [pid 704] close(6) = 0 [pid 704] mkdir("./file0", 0777) = 0 [pid 704] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 704] chdir("./file0") = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 704] ioctl(6, LOOP_CLR_FD) = 0 [pid 704] close(6) = 0 [pid 704] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 704] write(6, "#! ./file1\n", 11) = 11 [pid 704] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 57.401050][ T704] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 704] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 704] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=704, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 57.442354][ T705] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-704: bg 0: block 234: padding at end of block bitmap is not set umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 709 ./strace-static-x86_64: Process 709 attached [pid 709] set_robust_list(0x55555a804660, 24) = 0 [pid 709] chdir("./63") = 0 [pid 709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 709] setpgid(0, 0) = 0 [pid 709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 709] write(3, "1000", 4) = 4 [pid 709] close(3) = 0 [pid 709] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 709] write(1, "executing program\n", 18) = 18 [pid 709] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 709] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 709] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 709] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 709] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 709] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 709] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 709] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 709] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 709] memfd_create("syzkaller", 0) = 5 [pid 709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 709] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 709] munmap(0x7f8539c1d000, 138412032) = 0 [pid 709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 709] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 709] close(5) = 0 [pid 709] close(6) = 0 [pid 709] mkdir("./file0", 0777) = 0 [pid 709] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 709] chdir("./file0") = 0 [pid 709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 709] ioctl(6, LOOP_CLR_FD) = 0 [pid 709] close(6) = 0 [pid 709] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 709] write(6, "#! ./file1\n", 11) = 11 [pid 709] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 709] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 709] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=709, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 57.581307][ T709] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 57.611369][ T710] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-709: bg 0: block 234: padding at end of block bitmap is not set umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 715 ./strace-static-x86_64: Process 715 attached [pid 715] set_robust_list(0x55555a804660, 24) = 0 [pid 715] chdir("./64") = 0 [pid 715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 715] setpgid(0, 0) = 0 [pid 715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 715] write(3, "1000", 4) = 4 [pid 715] close(3) = 0 [pid 715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 715] write(1, "executing program\n", 18executing program ) = 18 [pid 715] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 715] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 715] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 715] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 715] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 715] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 715] memfd_create("syzkaller", 0) = 5 [pid 715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 715] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 715] munmap(0x7f8539c1d000, 138412032) = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 715] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 715] close(5) = 0 [pid 715] close(6) = 0 [pid 715] mkdir("./file0", 0777) = 0 [pid 715] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 715] chdir("./file0") = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 715] ioctl(6, LOOP_CLR_FD) = 0 [pid 715] close(6) = 0 [pid 715] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 715] write(6, "#! ./file1\n", 11) = 11 [pid 715] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 715] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=715, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 [ 57.737516][ T715] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 720 ./strace-static-x86_64: Process 720 attached [pid 720] set_robust_list(0x55555a804660, 24) = 0 [pid 720] chdir("./65") = 0 [pid 720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 720] setpgid(0, 0) = 0 [pid 720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 720] write(3, "1000", 4) = 4 [pid 720] close(3) = 0 [pid 720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 720] write(1, "executing program\n", 18executing program ) = 18 [pid 720] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 720] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 720] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 720] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 720] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 720] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 720] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 720] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 720] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 720] memfd_create("syzkaller", 0) = 5 [pid 720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 720] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 720] munmap(0x7f8539c1d000, 138412032) = 0 [pid 720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 720] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 720] close(5) = 0 [pid 720] close(6) = 0 [pid 720] mkdir("./file0", 0777) = 0 [pid 720] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 720] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 720] chdir("./file0") = 0 [pid 720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 720] ioctl(6, LOOP_CLR_FD) = 0 [pid 720] close(6) = 0 [pid 720] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 720] write(6, "#! ./file1\n", 11) = 11 [pid 720] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 720] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=720, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 57.843157][ T720] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55555a804650) = 725 ./strace-static-x86_64: Process 725 attached [pid 725] set_robust_list(0x55555a804660, 24) = 0 [pid 725] chdir("./66") = 0 [pid 725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 725] setpgid(0, 0) = 0 [pid 725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 725] write(3, "1000", 4) = 4 [pid 725] close(3) = 0 [pid 725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 725] write(1, "executing program\n", 18) = 18 [pid 725] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 725] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 725] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 725] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 725] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 725] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 725] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 725] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 725] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 725] memfd_create("syzkaller", 0) = 5 [pid 725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 725] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 725] munmap(0x7f8539c1d000, 138412032) = 0 [pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 725] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 725] close(5) = 0 [pid 725] close(6) = 0 [pid 725] mkdir("./file0", 0777) = 0 [pid 725] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 725] chdir("./file0") = 0 [pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 725] ioctl(6, LOOP_CLR_FD) = 0 [pid 725] close(6) = 0 [pid 725] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 725] write(6, "#! ./file1\n", 11) = 11 [pid 725] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 725] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000404} --- [pid 725] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=725, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 [ 58.010093][ T725] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor423: bg 0: block 234: padding at end of block bitmap is not set umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555a80d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555a80d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x55555a8056f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a804650) = 730 ./strace-static-x86_64: Process 730 attached [pid 730] set_robust_list(0x55555a804660, 24) = 0 [pid 730] chdir("./67") = 0 [pid 730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 730] setpgid(0, 0) = 0 [pid 730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 730] write(3, "1000", 4executing program ) = 4 [pid 730] close(3) = 0 [pid 730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 730] write(1, "executing program\n", 18) = 18 [pid 730] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 730] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 730] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 730] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 730] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 730] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 730] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 730] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 730] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 730] memfd_create("syzkaller", 0) = 5 [pid 730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8539c1d000 [pid 730] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 730] munmap(0x7f8539c1d000, 138412032) = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 730] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 730] close(5) = 0 [pid 730] close(6) = 0 [pid 730] mkdir("./file0", 0777) = 0 [pid 730] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 730] chdir("./file0") = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 730] ioctl(6, LOOP_CLR_FD) = 0 [pid 730] close(6) = 0 [pid 730] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 730] write(6, "#! ./file1\n", 11) = 11 [pid 730] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 730] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_XDP, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_XDP, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 148) = -1 E2BIG (Argument list too long) [pid 730] exit_group(0) = ? [pid 730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=730, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555a8056f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 58.170772][ T731] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-730: bg 0: block 234: padding at end of block bitmap is not set [ 58.193160][ T7] ------------[ cut here ]------------ [ 58.198436][ T7] kernel BUG at fs/ext4/inode.c:2844! [ 58.203732][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 58.209555][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.290-syzkaller-00001-g986c38813dff #0 [ 58.219086][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 58.229085][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 58.234989][ T7] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 58.240788][ T7] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 58.260317][ T7] RSP: 0018:ffff8881f5db70c0 EFLAGS: 00010293 [ 58.266216][ T7] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f5d68000 [ 58.274137][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 58.282119][ T7] RBP: ffff8881f5db74b0 R08: ffffffff81cae736 R09: ffffed103b23f8b0 [ 58.289932][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d91fc628 [ 58.297740][ T7] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 58.305555][ T7] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 58.314577][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.321006][ T7] CR2: 00000000153f73f8 CR3: 00000001dfc50000 CR4: 00000000003406b0 [ 58.328820][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.336625][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.344434][ T7] Call Trace: [ 58.347567][ T7] ? __die+0xbc/0x100 [ 58.351439][ T7] ? die+0x2a/0x50 [ 58.355006][ T7] ? do_trap+0x1a4/0x310 [ 58.359029][ T7] ? do_invalid_op+0x105/0x120 [ 58.363881][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 58.368824][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 58.373862][ T7] ? invalid_op+0x1e/0x30 [ 58.378027][ T7] ? ext4_writepages+0x8e6/0x3cc0 [ 58.382885][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 58.387835][ T7] ? ext4_writepages+0x3c96/0x3cc0 [ 58.392784][ T7] ? debug_smp_processor_id+0x20/0x20 [ 58.397985][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 58.402589][ T7] ? __kasan_check_read+0x11/0x20 [ 58.407478][ T7] ? mark_page_accessed+0x280/0x670 [ 58.412486][ T7] ? write_boundary_block+0x150/0x150 [ 58.417691][ T7] ? check_preemption_disabled+0x9f/0x320 [ 58.423419][ T7] ? ext4_readpage+0x2d0/0x2d0 [ 58.428022][ T7] ? __getblk_gfp+0x3d/0x770 [ 58.432447][ T7] ? ext4_get_group_desc+0x253/0x2a0 [ 58.437568][ T7] ? __ext4_get_inode_loc+0x612/0xe40 [ 58.442834][ T7] ? check_preemption_disabled+0x9f/0x320 [ 58.448347][ T7] ? update_load_avg+0x43f/0x1250 [ 58.453208][ T7] ? check_preemption_disabled+0x9f/0x320 [ 58.458750][ T7] ? ext4_readpage+0x2d0/0x2d0 [ 58.463354][ T7] do_writepages+0x12b/0x270 [ 58.467775][ T7] ? __writepage+0x110/0x110 [ 58.472300][ T7] ? __kasan_check_write+0x14/0x20 [ 58.477231][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 58.481960][ T7] ? _raw_spin_trylock_bh+0x190/0x190 [ 58.487127][ T7] __writeback_single_inode+0xdb/0xc80 [ 58.492421][ T7] writeback_sb_inodes+0x9e0/0x1800 [ 58.497453][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 58.502054][ T7] ? queue_io+0x5b0/0x5b0 [ 58.506217][ T7] ? writeback_sb_inodes+0x1800/0x1800 [ 58.511601][ T7] ? queue_io+0x3f8/0x5b0 [ 58.515851][ T7] wb_writeback+0x403/0xd70 [ 58.520283][ T7] ? wb_io_lists_depopulated+0x170/0x170 [ 58.525776][ T7] ? check_preemption_disabled+0x9f/0x320 [ 58.531400][ T7] ? debug_smp_processor_id+0x20/0x20 [ 58.536602][ T7] ? __kasan_check_write+0x14/0x20 [ 58.541551][ T7] ? check_preemption_disabled+0x9f/0x320 [ 58.547242][ T7] wb_workfn+0x3b6/0x1230 [ 58.551393][ T7] ? inode_wait_for_writeback+0x280/0x280 [ 58.556960][ T7] ? __kasan_check_read+0x11/0x20 [ 58.561892][ T7] ? switch_mm_irqs_off+0x6b5/0xab0 [ 58.566933][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 58.572133][ T7] ? finish_task_switch+0x130/0x590 [ 58.577179][ T7] ? __schedule+0xb0d/0x1320 [ 58.581593][ T7] ? __kasan_check_read+0x11/0x20 [ 58.586450][ T7] ? strscpy+0x9c/0x260 [ 58.590441][ T7] process_one_work+0x781/0xd50 [ 58.595131][ T7] worker_thread+0xa27/0x1360 [ 58.599648][ T7] kthread+0x321/0x3a0 [ 58.603546][ T7] ? worker_clr_flags+0x180/0x180 [ 58.608406][ T7] ? kthread_blkcg+0xd0/0xd0 [ 58.612833][ T7] ret_from_fork+0x1f/0x30 [ 58.617084][ T7] Modules linked in: [ 58.620922][ T7] ---[ end trace 97b336d6aff8d024 ]--- [ 58.626125][ T7] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 58.631693][ T7] Code: 82 9a ff 31 ff 89 de e8 48 82 9a ff 45 84 f6 75 2e e8 fe 7f 9a ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 ea 7f 9a ff <0f> 0b e8 e3 7f 9a ff 0f 0b e8 dc 7f 9a ff e8 c7 39 35 ff eb 99 e8 [ 58.651617][ T7] RSP: 0018:ffff8881f5db70c0 EFLAGS: 00010293 [ 58.657876][ T7] RAX: ffffffff81cb1ae6 RBX: 0000010000000000 RCX: ffff8881f5d68000 [ 58.665613][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 58.673614][ T7] RBP: ffff8881f5db74b0 R08: ffffffff81cae736 R09: ffffed103b23f8b0 [ 58.681407][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d91fc628 [ 58.689339][ T7] R13: 0000000000000001 R14: 0000010410000000 R15: dffffc0000000000 [ 58.697394][ T7] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 58.706163][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.712961][ T7] CR2: 00000000153f73f8 CR3: 00000001ece87000 CR4: 00000000003406b0 [ 58.720880][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.728748][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.736604][ T7] Kernel panic - not syncing: Fatal exception [ 58.742655][ T7] Kernel Offset: disabled [ 58.746800][ T7] Rebooting in 86400 seconds..