./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2703344771 <...> T24] audit: type=1400 audit(1750390082.110:62): avc: denied { rlimitinh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.613790][ T24] audit: type=1400 audit(1750390082.110:63): avc: denied { siginh } for pid=217 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.209' (ED25519) to the list of known hosts. execve("./syz-executor2703344771", ["./syz-executor2703344771"], 0x7ffff23b2df0 /* 10 vars */) = 0 brk(NULL) = 0x55557a11e000 brk(0x55557a11ed40) = 0x55557a11ed40 arch_prctl(ARCH_SET_FS, 0x55557a11e3c0) = 0 set_tid_address(0x55557a11e690) = 282 set_robust_list(0x55557a11e6a0, 24) = 0 rseq(0x55557a11ece0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2703344771", 4096) = 28 getrandom("\xd9\x78\xa6\x73\x88\x97\xfe\xd1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557a11ed40 brk(0x55557a13fd40) = 0x55557a13fd40 brk(0x55557a140000) = 0x55557a140000 mprotect(0x7fcb19db8000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.odL8KV", 0700) = 0 chmod("./syzkaller.odL8KV", 0777) = 0 chdir("./syzkaller.odL8KV") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55557a11e690) = 283 ./strace-static-x86_64: Process 283 attached [pid 283] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 283] chdir("./0") = 0 [pid 283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 283] setpgid(0, 0) = 0 [pid 283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 283] write(3, "1000", 4) = 4 [pid 283] close(3) = 0 [pid 283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 283] write(1, "executing program\n", 18) = 18 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 283] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[284]}, 88) = 284 [pid 283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 284 attached [pid 284] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 284] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 284] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] <... futex resumed>) = 0 [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... futex resumed>) = 0 [pid 284] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 284] ioctl(3, VHOST_SET_VRING_ADDR [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... ioctl resumed>, 0x200000000300) = 0 [pid 283] <... futex resumed>) = 0 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] ioctl(3, VHOST_SET_MEM_TABLE [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... ioctl resumed>, 0x200000003380) = 0 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 284] eventfd2(118, EFD_SEMAPHORE [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... eventfd2 resumed>) = 4 [pid 283] <... futex resumed>) = 0 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] ioctl(3, VHOST_SET_VRING_ERR [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 283] <... futex resumed>) = 0 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] ioctl(3, VHOST_SET_VRING_ADDR [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... ioctl resumed>, 0x200000000240) = 0 [pid 283] <... futex resumed>) = 0 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] ioctl(3, VHOST_SET_VRING_KICK [ 21.493218][ T24] audit: type=1400 audit(1750390091.020:64): avc: denied { execmem } for pid=282 comm="syz-executor270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.500934][ T24] audit: type=1400 audit(1750390091.030:65): avc: denied { read write } for pid=282 comm="syz-executor270" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.509339][ T24] audit: type=1400 audit(1750390091.030:66): avc: denied { open } for pid=282 comm="syz-executor270" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... ioctl resumed>, 0x200000000000) = 0 [pid 283] <... futex resumed>) = 0 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... ioctl resumed>, 0x200000000140) = 0 [pid 283] <... futex resumed>) = 0 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] memfd_create("syzkaller", 0 [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... memfd_create resumed>) = 5 [pid 283] <... futex resumed>) = 0 [pid 284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 284] <... mmap resumed>) = 0x7fcb118d2000 [pid 284] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 284] munmap(0x7fcb118d2000, 138412032) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 284] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 284] close(5) = 0 [pid 284] close(6) = 0 [pid 284] mkdir("./file0", 0777) = 0 [ 21.525929][ T24] audit: type=1400 audit(1750390091.060:67): avc: denied { ioctl } for pid=282 comm="syz-executor270" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.555756][ T24] audit: type=1400 audit(1750390091.060:68): avc: denied { read write } for pid=283 comm="syz-executor270" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 21.580961][ T24] audit: type=1400 audit(1750390091.060:69): avc: denied { open } for pid=283 comm="syz-executor270" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 21.605732][ T24] audit: type=1400 audit(1750390091.070:70): avc: denied { ioctl } for pid=283 comm="syz-executor270" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 21.631848][ T24] audit: type=1400 audit(1750390091.110:71): avc: denied { mounton } for pid=283 comm="syz-executor270" path="/root/syzkaller.odL8KV/0/file0" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.669959][ T284] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 284] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 284] chdir("./file0") = 0 [pid 284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 284] ioctl(6, LOOP_CLR_FD) = 0 [pid 284] close(6) = 0 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 284] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 283] <... futex resumed>) = 0 [pid 284] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... openat resumed>) = 6 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 284] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 283] <... futex resumed>) = 0 [pid 284] write(6, "#! ./file1\n", 11 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... write resumed>) = 11 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [pid 284] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 283] <... futex resumed>) = 0 [pid 284] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... mmap resumed>) = 0x200000000000 [pid 284] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 283] <... futex resumed>) = 0 [ 21.689754][ T24] audit: type=1400 audit(1750390091.220:72): avc: denied { mount } for pid=283 comm="syz-executor270" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 21.718595][ T24] audit: type=1400 audit(1750390091.240:73): avc: denied { write } for pid=283 comm="syz-executor270" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 284] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... futex resumed>) = 0 [pid 283] <... futex resumed>) = 1 [pid 283] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 283] <... futex resumed>) = ? [pid 284] +++ killed by SIGBUS +++ [pid 283] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=283, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 21.745014][ T286] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-284: bg 0: block 234: padding at end of block bitmap is not set umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 290 ./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 290] chdir("./1") = 0 [pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 290] setpgid(0, 0) = 0 [pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 290] write(3, "1000", 4) = 4 [pid 290] close(3) = 0 [pid 290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] write(1, "executing program\n", 18executing program ) = 18 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 290] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 291 attached => {parent_tid=[291]}, 88) = 291 [pid 291] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 291] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 291] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] <... futex resumed>) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 291] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 291] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 291] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 291] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] memfd_create("syzkaller", 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 291] <... memfd_create resumed>) = 5 [pid 291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 291] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 291] munmap(0x7fcb118d2000, 138412032) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 291] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 291] close(5) = 0 [pid 291] close(6) = 0 [pid 291] mkdir("./file0", 0777) = 0 [pid 291] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 291] chdir("./file0") = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 291] ioctl(6, LOOP_CLR_FD) = 0 [pid 291] close(6) = 0 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 1 [pid 291] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] write(6, "#! ./file1\n", 11) = 11 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 291] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 291] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 0 [pid 291] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 290] <... futex resumed>) = ? [pid 291] +++ killed by SIGBUS +++ [pid 290] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=290, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 21.908476][ T291] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 21.938833][ T292] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-291: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 296] chdir("./2") = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] write(1, "executing program\n", 18executing program ) = 18 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 296] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 297 attached => {parent_tid=[297]}, 88) = 297 [pid 297] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 296] rt_sigprocmask(SIG_SETMASK, [], [pid 297] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 3 [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 1 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] ioctl(3, VHOST_SET_OWNER [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... ioctl resumed>, 0) = 0 [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 297] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] <... futex resumed>) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_ADDR [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... ioctl resumed>, 0x200000000300) = 0 [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 1 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] ioctl(3, VHOST_SET_MEM_TABLE [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... ioctl resumed>, 0x200000003380) = 0 [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 1 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] eventfd2(118, EFD_SEMAPHORE [pid 296] <... futex resumed>) = 0 [pid 297] <... eventfd2 resumed>) = 4 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] ioctl(3, VHOST_SET_VRING_ERR [pid 296] <... futex resumed>) = 0 [pid 297] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] ioctl(3, VHOST_SET_VRING_ADDR [pid 296] <... futex resumed>) = 0 [pid 297] <... ioctl resumed>, 0x200000000240) = 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] ioctl(3, VHOST_SET_VRING_KICK [pid 296] <... futex resumed>) = 0 [pid 297] <... ioctl resumed>, 0x200000000000) = 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 296] <... futex resumed>) = 0 [pid 297] <... ioctl resumed>, 0x200000000140) = 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] memfd_create("syzkaller", 0) = 5 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 297] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 297] munmap(0x7fcb118d2000, 138412032) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 297] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 297] close(5) = 0 [pid 297] close(6) = 0 [pid 297] mkdir("./file0", 0777) = 0 [pid 297] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 297] chdir("./file0") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 297] ioctl(6, LOOP_CLR_FD) = 0 [pid 297] close(6) = 0 [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 1 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 6 [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] write(6, "#! ./file1\n", 11 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... write resumed>) = 11 [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 1 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... mmap resumed>) = 0x200000000000 [pid 297] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [pid 297] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 296] <... futex resumed>) = ? [pid 297] +++ killed by SIGBUS +++ [pid 296] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=296, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 22.089638][ T297] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.121214][ T298] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-297: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 302] chdir("./3") = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] write(1, "executing program\n", 18executing program ) = 18 [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 302] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 303 attached => {parent_tid=[303]}, 88) = 303 [pid 303] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_OWNER [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... ioctl resumed>, 0) = 0 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 303] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 1 [pid 303] memfd_create("syzkaller", 0) = 5 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 303] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 303] <... write resumed>) = 1048576 [pid 303] munmap(0x7fcb118d2000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 303] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 303] close(5) = 0 [pid 303] close(6) = 0 [pid 303] mkdir("./file0", 0777) = 0 [pid 303] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 303] chdir("./file0") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 303] ioctl(6, LOOP_CLR_FD) = 0 [pid 303] close(6) = 0 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 302] <... futex resumed>) = 0 [pid 303] <... openat resumed>) = 6 [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] <... futex resumed>) = 0 [pid 303] write(6, "#! ./file1\n", 11 [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... write resumed>) = 11 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 303] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] <... futex resumed>) = 0 [pid 303] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... mmap resumed>) = 0x200000000000 [pid 303] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.263777][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 302] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 302] <... futex resumed>) = ? [pid 303] +++ killed by SIGBUS +++ [pid 302] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=302, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 22.302204][ T304] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-303: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 309] chdir("./4") = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 309] write(1, "executing program\n", 18) = 18 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 309] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 310 attached => {parent_tid=[310]}, 88) = 310 [pid 310] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 1 [pid 310] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 1 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] <... futex resumed>) = 0 [pid 310] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... futex resumed>) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_KICK [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... ioctl resumed>, 0x200000000000) = 0 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 310] <... futex resumed>) = 0 [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 309] <... futex resumed>) = 0 [pid 310] <... ioctl resumed>, 0x200000000140) = 0 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] <... futex resumed>) = 0 [pid 310] memfd_create("syzkaller", 0 [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... memfd_create resumed>) = 5 [pid 309] <... futex resumed>) = 0 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 310] <... mmap resumed>) = 0x7fcb118d2000 [pid 310] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 310] munmap(0x7fcb118d2000, 138412032) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 310] close(5) = 0 [pid 310] close(6) = 0 [pid 310] mkdir("./file0", 0777) = 0 [pid 310] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 310] chdir("./file0") = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_CLR_FD) = 0 [pid 310] close(6) = 0 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 310] <... futex resumed>) = 1 [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] write(6, "#! ./file1\n", 11 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... write resumed>) = 11 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... mmap resumed>) = 0x200000000000 [pid 310] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... futex resumed>) = 1 [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 309] <... futex resumed>) = ? [pid 310] +++ killed by SIGBUS +++ [pid 309] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=309, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 22.419593][ T310] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.451384][ T311] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-310: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 315] chdir("./5") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] write(1, "executing program\n", 18) = 18 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 315] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[316]}, 88) = 316 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] memfd_create("syzkaller", 0) = 5 [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 316] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 316] munmap(0x7fcb118d2000, 138412032) = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 316] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 316] close(5) = 0 [pid 316] close(6) = 0 [pid 316] mkdir("./file0", 0777) = 0 [pid 316] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 316] chdir("./file0") = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 316] ioctl(6, LOOP_CLR_FD) = 0 [pid 316] close(6) = 0 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] write(6, "#! ./file1\n", 11) = 11 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 316] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.559536][ T316] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 315] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 315] <... futex resumed>) = ? [pid 316] +++ killed by SIGBUS +++ [pid 315] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=315, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 22.602829][ T317] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-316: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 321 ./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 321] chdir("./6") = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 321] setpgid(0, 0) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4) = 4 [pid 321] close(3) = 0 [pid 321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 321] write(1, "executing program\n", 18executing program ) = 18 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 321] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 322 attached => {parent_tid=[322]}, 88) = 322 [pid 322] set_robust_list(0x7fcb19cf29a0, 24 [pid 321] rt_sigprocmask(SIG_SETMASK, [], [pid 322] <... set_robust_list resumed>) = 0 [pid 321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 322] rt_sigprocmask(SIG_SETMASK, [], [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 322] <... futex resumed>) = 1 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] ioctl(3, VHOST_SET_OWNER [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... ioctl resumed>, 0) = 0 [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 322] <... futex resumed>) = 1 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR [pid 321] <... futex resumed>) = 0 [pid 322] <... ioctl resumed>, 0x200000000300) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] ioctl(3, VHOST_SET_MEM_TABLE [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... ioctl resumed>, 0x200000003380) = 0 [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 322] <... futex resumed>) = 1 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] eventfd2(118, EFD_SEMAPHORE [pid 321] <... futex resumed>) = 0 [pid 322] <... eventfd2 resumed>) = 4 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] ioctl(3, VHOST_SET_VRING_ERR [pid 321] <... futex resumed>) = 0 [pid 322] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR [pid 321] <... futex resumed>) = 0 [pid 322] <... ioctl resumed>, 0x200000000240) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] ioctl(3, VHOST_SET_VRING_KICK [pid 321] <... futex resumed>) = 0 [pid 322] <... ioctl resumed>, 0x200000000000) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 321] <... futex resumed>) = 0 [pid 322] <... ioctl resumed>, 0x200000000140) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] memfd_create("syzkaller", 0 [pid 321] <... futex resumed>) = 0 [pid 322] <... memfd_create resumed>) = 5 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 322] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 322] munmap(0x7fcb118d2000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 322] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 322] close(5) = 0 [pid 322] close(6) = 0 [pid 322] mkdir("./file0", 0777) = 0 [pid 322] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 322] chdir("./file0") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 322] ioctl(6, LOOP_CLR_FD) = 0 [pid 322] close(6) = 0 [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... openat resumed>) = 6 [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] write(6, "#! ./file1\n", 11 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... write resumed>) = 11 [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... mmap resumed>) = 0x200000000000 [pid 322] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 321] <... futex resumed>) = ? [pid 322] +++ killed by SIGBUS +++ [pid 321] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=321, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 22.769616][ T322] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 22.801227][ T323] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-322: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 327 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 327] chdir("./7") = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 327] write(1, "executing program\n", 18) = 18 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 327] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[328]}, 88) = 328 [pid 327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 328] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 0 [pid 328] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... futex resumed>) = 0 [pid 328] eventfd2(118, EFD_SEMAPHORE [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... eventfd2 resumed>) = 4 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 328] <... futex resumed>) = 0 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 328] ioctl(3, VHOST_SET_VRING_ERR [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... futex resumed>) = 0 [pid 328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] ioctl(3, VHOST_SET_VRING_ADDR [pid 327] <... futex resumed>) = 0 [pid 328] <... ioctl resumed>, 0x200000000240) = 0 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... futex resumed>) = 0 [pid 328] ioctl(3, VHOST_SET_VRING_KICK [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... ioctl resumed>, 0x200000000000) = 0 [pid 327] <... futex resumed>) = 0 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 328] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... ioctl resumed>, 0x200000000140) = 0 [pid 327] <... futex resumed>) = 0 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 328] memfd_create("syzkaller", 0 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 328] <... memfd_create resumed>) = 5 [pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 328] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 328] munmap(0x7fcb118d2000, 138412032) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 328] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 328] close(5) = 0 [pid 328] close(6) = 0 [pid 328] mkdir("./file0", 0777) = 0 [pid 328] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 328] chdir("./file0") = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 328] ioctl(6, LOOP_CLR_FD) = 0 [pid 328] close(6) = 0 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 327] <... futex resumed>) = 1 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] <... futex resumed>) = 0 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] write(6, "#! ./file1\n", 11) = 11 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 0 [pid 328] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 328] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 327] <... futex resumed>) = ? [pid 328] +++ killed by SIGBUS +++ [pid 327] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=327, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 23.029564][ T328] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.061222][ T329] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-328: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 333] chdir("./8") = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 333] write(1, "executing program\n", 18) = 18 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 333] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[334]}, 88) = 334 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] memfd_create("syzkaller", 0) = 5 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 334] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 334] munmap(0x7fcb118d2000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 334] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 334] close(5) = 0 [pid 334] close(6) = 0 [pid 334] mkdir("./file0", 0777) = 0 [pid 334] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 334] chdir("./file0") = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 334] ioctl(6, LOOP_CLR_FD) = 0 [pid 334] close(6) = 0 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] write(6, "#! ./file1\n", 11) = 11 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 334] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 333] <... futex resumed>) = ? [pid 334] +++ killed by SIGBUS +++ [pid 333] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=333, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 23.189749][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.215669][ T334] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55557a11e690) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 339] chdir("./9") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18) = 18 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 339] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[340]}, 88) = 340 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 340] <... futex resumed>) = 1 [pid 340] memfd_create("syzkaller", 0) = 5 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 340] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 340] munmap(0x7fcb118d2000, 138412032) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 340] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 340] close(5) = 0 [pid 340] close(6) = 0 [pid 340] mkdir("./file0", 0777) = 0 [pid 340] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 340] chdir("./file0") = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 340] ioctl(6, LOOP_CLR_FD) = 0 [pid 340] close(6) = 0 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 340] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = 0 [pid 340] write(6, "#! ./file1\n", 11 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... write resumed>) = 11 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 340] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = 0 [pid 340] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... mmap resumed>) = 0x200000000000 [pid 340] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 23.441703][ T340] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 340] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 339] <... futex resumed>) = 1 [pid 339] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 339] <... futex resumed>) = ? [pid 340] +++ killed by SIGBUS +++ [pid 339] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=339, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 23.487832][ T341] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-340: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 345] chdir("./10") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] write(1, "executing program\n", 18executing program ) = 18 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 345] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 345] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 346] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] <... clone3 resumed> => {parent_tid=[346]}, 88) = 346 [pid 345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] <... futex resumed>) = 0 [pid 346] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] <... futex resumed>) = 0 [pid 346] ioctl(3, VHOST_SET_OWNER [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... ioctl resumed>, 0) = 0 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] ioctl(3, VHOST_SET_VRING_KICK [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... ioctl resumed>, 0x200000000000) = 0 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 346] <... futex resumed>) = 1 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 346] memfd_create("syzkaller", 0) = 5 [pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 346] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 346] munmap(0x7fcb118d2000, 138412032) = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 346] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 346] close(5) = 0 [pid 346] close(6) = 0 [pid 346] mkdir("./file0", 0777) = 0 [pid 346] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 346] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 346] chdir("./file0") = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 346] ioctl(6, LOOP_CLR_FD) = 0 [pid 346] close(6) = 0 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 1 [pid 346] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 1 [pid 346] write(6, "#! ./file1\n", 11) = 11 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 1 [pid 346] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 346] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 1 [pid 346] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 345] <... futex resumed>) = ? [pid 346] +++ killed by SIGBUS +++ [pid 345] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=345, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 23.629600][ T346] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.660491][ T347] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-346: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 351 ./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 351] chdir("./11") = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [pid 351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 351] write(1, "executing program\n", 18) = 18 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 351] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[352]}, 88) = 352 [pid 351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 352] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 352] ioctl(3, VHOST_SET_OWNER [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... ioctl resumed>, 0) = 0 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 352] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 352] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 352] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 352] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 352] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 352] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 352] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... ioctl resumed>, 0x200000000140) = 0 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 352] memfd_create("syzkaller", 0) = 5 [pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 352] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 352] munmap(0x7fcb118d2000, 138412032) = 0 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 352] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 352] close(5) = 0 [pid 352] close(6) = 0 [pid 352] mkdir("./file0", 0777) = 0 [pid 352] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 352] chdir("./file0") = 0 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 352] ioctl(6, LOOP_CLR_FD) = 0 [pid 352] close(6) = 0 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 1 [pid 352] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 1 [pid 352] write(6, "#! ./file1\n", 11) = 11 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 1 [pid 352] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 352] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = 0 [pid 351] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... futex resumed>) = 1 [pid 352] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 351] <... futex resumed>) = ? [pid 352] +++ killed by SIGBUS +++ [pid 351] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=351, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 23.828264][ T352] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.851290][ T352] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 357 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 357] chdir("./12") = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 357] write(1, "executing program\n", 18) = 18 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 357] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[358]}, 88) = 358 [pid 357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 358] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] ioctl(3, VHOST_SET_VRING_KICK [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... ioctl resumed>, 0x200000000000) = 0 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 358] memfd_create("syzkaller", 0) = 5 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 358] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 358] munmap(0x7fcb118d2000, 138412032) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 358] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 358] close(5) = 0 [pid 358] close(6) = 0 [pid 358] mkdir("./file0", 0777) = 0 [pid 358] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 358] chdir("./file0") = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 358] ioctl(6, LOOP_CLR_FD) = 0 [pid 358] close(6) = 0 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] write(6, "#! ./file1\n", 11) = 11 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 358] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 357] <... futex resumed>) = ? [pid 358] +++ killed by SIGBUS +++ [pid 357] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=357, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 24.018151][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.042047][ T358] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs"executing program ) = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 363] chdir("./13") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 363] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[364]}, 88) = 364 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 364] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] memfd_create("syzkaller", 0) = 5 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 364] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 364] munmap(0x7fcb118d2000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 364] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 364] close(5) = 0 [pid 364] close(6) = 0 [pid 364] mkdir("./file0", 0777) = 0 [pid 364] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 364] chdir("./file0") = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 364] ioctl(6, LOOP_CLR_FD) = 0 [pid 364] close(6) = 0 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] write(6, "#! ./file1\n", 11) = 11 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 364] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 0 [pid 364] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 363] <... futex resumed>) = ? [pid 364] +++ killed by SIGBUS +++ [pid 363] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=363, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 24.319539][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.353841][ T365] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-364: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 369 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 369] chdir("./14") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 369] write(1, "executing program\n", 18executing program ) = 18 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 369] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] <... clone3 resumed> => {parent_tid=[370]}, 88) = 370 [pid 369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 369] <... futex resumed>) = 1 [pid 370] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] ioctl(3, VHOST_SET_OWNER [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... ioctl resumed>, 0) = 0 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 370] memfd_create("syzkaller", 0) = 5 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 370] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 370] munmap(0x7fcb118d2000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 370] close(5) = 0 [pid 370] close(6) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 370] ioctl(6, LOOP_CLR_FD) = 0 [pid 370] close(6) = 0 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] write(6, "#! ./file1\n", 11) = 11 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 370] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 369] <... futex resumed>) = ? [pid 370] +++ killed by SIGBUS +++ [pid 369] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=369, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 24.501239][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.524402][ T370] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 375] chdir("./15") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 375] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 376 attached => {parent_tid=[376]}, 88) = 376 [pid 375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 376] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 376] memfd_create("syzkaller", 0) = 5 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 376] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 376] munmap(0x7fcb118d2000, 138412032) = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 376] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 376] close(5) = 0 [pid 376] close(6) = 0 [pid 376] mkdir("./file0", 0777) = 0 [pid 376] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 376] chdir("./file0") = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 376] ioctl(6, LOOP_CLR_FD) = 0 [pid 376] close(6) = 0 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] write(6, "#! ./file1\n", 11) = 11 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 376] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... futex resumed>) = 0 [ 24.722505][ T376] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 375] <... futex resumed>) = ? [pid 376] +++ killed by SIGBUS +++ [pid 375] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=375, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 24.762448][ T377] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-376: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55557a11e690) = 381 ./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 381] chdir("./16") = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] write(1, "executing program\n", 18) = 18 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 381] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 382 attached => {parent_tid=[382]}, 88) = 382 [pid 381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 382] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 382] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 382] memfd_create("syzkaller", 0) = 5 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 382] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 382] munmap(0x7fcb118d2000, 138412032) = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 382] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 382] close(5) = 0 [pid 382] close(6) = 0 [pid 382] mkdir("./file0", 0777) = 0 [pid 382] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 382] chdir("./file0") = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 382] ioctl(6, LOOP_CLR_FD) = 0 [pid 382] close(6) = 0 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] write(6, "#! ./file1\n", 11) = 11 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 382] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 381] <... futex resumed>) = ? [pid 382] +++ killed by SIGBUS +++ [pid 381] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=381, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 24.907479][ T382] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.939295][ T383] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-382: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 387 attached , child_tidptr=0x55557a11e690) = 387 [pid 387] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 387] chdir("./17") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] write(1, "executing program\n", 18executing program ) = 18 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 387] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 388 attached => {parent_tid=[388]}, 88) = 388 [pid 388] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] <... futex resumed>) = 0 [pid 388] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] <... futex resumed>) = 0 [pid 388] ioctl(3, VHOST_SET_OWNER [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... ioctl resumed>, 0) = 0 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] <... futex resumed>) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] <... futex resumed>) = 0 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] <... futex resumed>) = 0 [pid 388] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] <... futex resumed>) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ERR [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] <... futex resumed>) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] <... futex resumed>) = 0 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] <... futex resumed>) = 0 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 388] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 388] memfd_create("syzkaller", 0) = 5 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 388] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 388] munmap(0x7fcb118d2000, 138412032) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 388] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 388] close(5) = 0 [pid 388] close(6) = 0 [pid 388] mkdir("./file0", 0777) = 0 [pid 388] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 388] chdir("./file0") = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 388] ioctl(6, LOOP_CLR_FD) = 0 [pid 388] close(6) = 0 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] write(6, "#! ./file1\n", 11) = 11 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 388] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.099837][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 387] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 387] <... futex resumed>) = ? [pid 388] +++ killed by SIGBUS +++ [pid 387] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=387, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 25.142250][ T389] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-388: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 393 ./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 393] chdir("./18") = 0 [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 393] setpgid(0, 0) = 0 [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3) = 0 [pid 393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 393] write(1, "executing program\n", 18executing program ) = 18 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 393] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 394 attached => {parent_tid=[394]}, 88) = 394 [pid 394] set_robust_list(0x7fcb19cf29a0, 24 [pid 393] rt_sigprocmask(SIG_SETMASK, [], [pid 394] <... set_robust_list resumed>) = 0 [pid 393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 394] rt_sigprocmask(SIG_SETMASK, [], [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 393] <... futex resumed>) = 0 [pid 394] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... openat resumed>) = 3 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 393] <... futex resumed>) = 0 [pid 394] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 393] <... futex resumed>) = 0 [pid 394] ioctl(3, VHOST_SET_OWNER [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... ioctl resumed>, 0) = 0 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 394] <... futex resumed>) = 1 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] ioctl(3, VHOST_SET_VRING_ADDR [pid 393] <... futex resumed>) = 0 [pid 394] <... ioctl resumed>, 0x200000000300) = 0 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] ioctl(3, VHOST_SET_MEM_TABLE [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... ioctl resumed>, 0x200000003380) = 0 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 394] <... futex resumed>) = 1 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] eventfd2(118, EFD_SEMAPHORE [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... eventfd2 resumed>) = 4 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 394] <... futex resumed>) = 1 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] <... futex resumed>) = 1 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 393] <... futex resumed>) = 0 [pid 394] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... ioctl resumed>, 0x200000000140) = 0 [pid 393] <... futex resumed>) = 0 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 0 [pid 393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] memfd_create("syzkaller", 0 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... memfd_create resumed>) = 5 [pid 393] <... futex resumed>) = 0 [pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 394] <... mmap resumed>) = 0x7fcb118d2000 [pid 394] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 394] munmap(0x7fcb118d2000, 138412032) = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 394] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 394] close(5) = 0 [pid 394] close(6) = 0 [pid 394] mkdir("./file0", 0777) = 0 [pid 394] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 394] chdir("./file0") = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 394] ioctl(6, LOOP_CLR_FD) = 0 [pid 394] close(6) = 0 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] write(6, "#! ./file1\n", 11) = 11 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... mmap resumed>) = 0x200000000000 [pid 394] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = 1 [pid 394] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 393] <... futex resumed>) = ? [pid 394] +++ killed by SIGBUS +++ [pid 393] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=393, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 25.269710][ T394] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.298048][ T395] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-394: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 399 ./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 399] chdir("./19") = 0 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 399] setpgid(0, 0) = 0 [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 399] write(3, "1000", 4) = 4 [pid 399] close(3) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 399] write(1, "executing program\n", 18executing program ) = 18 [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 399] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 400 attached => {parent_tid=[400]}, 88) = 400 [pid 400] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... openat resumed>) = 3 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = 1 [pid 400] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = 1 [pid 400] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = 1 [pid 400] memfd_create("syzkaller", 0 [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 400] <... memfd_create resumed>) = 5 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 400] munmap(0x7fcb118d2000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 400] close(5) = 0 [pid 400] close(6) = 0 [pid 400] mkdir("./file0", 0777) = 0 [pid 400] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_CLR_FD) = 0 [pid 400] close(6) = 0 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... futex resumed>) = 1 [pid 400] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... futex resumed>) = 1 [pid 400] write(6, "#! ./file1\n", 11) = 11 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... futex resumed>) = 1 [pid 400] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 400] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... futex resumed>) = 1 [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 399] <... futex resumed>) = ? [pid 400] +++ killed by SIGBUS +++ [pid 399] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=399, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 25.469206][ T400] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.500513][ T401] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-400: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 405] chdir("./20") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 405] write(1, "executing program\n", 18executing program ) = 18 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 405] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 406 attached => {parent_tid=[406]}, 88) = 406 [pid 406] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 406] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... openat resumed>) = 3 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 406] ioctl(3, VHOST_SET_OWNER [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... ioctl resumed>, 0) = 0 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] ioctl(3, VHOST_SET_VRING_ADDR [pid 405] <... futex resumed>) = 0 [pid 406] <... ioctl resumed>, 0x200000000300) = 0 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 0 [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] <... futex resumed>) = 0 [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 406] eventfd2(118, EFD_SEMAPHORE [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... eventfd2 resumed>) = 4 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] <... futex resumed>) = 0 [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 405] <... futex resumed>) = 0 [pid 406] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = 0 [pid 405] <... futex resumed>) = 1 [pid 406] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] ioctl(3, VHOST_SET_VRING_KICK [pid 405] <... futex resumed>) = 0 [pid 406] <... ioctl resumed>, 0x200000000000) = 0 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 0 [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = 0 [pid 405] <... futex resumed>) = 1 [pid 406] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = 0 [pid 405] <... futex resumed>) = 1 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 406] memfd_create("syzkaller", 0) = 5 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 406] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 406] munmap(0x7fcb118d2000, 138412032) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 406] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 406] close(5) = 0 [pid 406] close(6) = 0 [pid 406] mkdir("./file0", 0777) = 0 [pid 406] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 406] chdir("./file0") = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 406] ioctl(6, LOOP_CLR_FD) = 0 [pid 406] close(6) = 0 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] write(6, "#! ./file1\n", 11) = 11 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 406] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 405] <... futex resumed>) = ? [pid 406] +++ killed by SIGBUS +++ [pid 405] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=405, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 25.659133][ T406] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.690013][ T407] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-406: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 411 attached , child_tidptr=0x55557a11e690) = 411 [pid 411] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 411] chdir("./21") = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 411] write(3, "1000", 4) = 4 [pid 411] close(3) = 0 [pid 411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 411] write(1, "executing program\n", 18executing program ) = 18 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 411] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 412 attached => {parent_tid=[412]}, 88) = 412 [pid 412] set_robust_list(0x7fcb19cf29a0, 24 [pid 411] rt_sigprocmask(SIG_SETMASK, [], [pid 412] <... set_robust_list resumed>) = 0 [pid 411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 412] rt_sigprocmask(SIG_SETMASK, [], [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 412] <... futex resumed>) = 1 [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] ioctl(3, VHOST_SET_OWNER [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... ioctl resumed>, 0) = 0 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 412] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = 0 [pid 411] <... futex resumed>) = 1 [pid 412] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 412] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 0 [pid 412] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 412] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 411] <... futex resumed>) = 0 [pid 412] eventfd2(118, EFD_SEMAPHORE [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... eventfd2 resumed>) = 4 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 412] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 411] <... futex resumed>) = 0 [pid 412] ioctl(3, VHOST_SET_VRING_ERR [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 412] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 411] <... futex resumed>) = 0 [pid 412] ioctl(3, VHOST_SET_VRING_ADDR [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... ioctl resumed>, 0x200000000240) = 0 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 412] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 411] <... futex resumed>) = 0 [pid 412] ioctl(3, VHOST_SET_VRING_KICK [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... ioctl resumed>, 0x200000000000) = 0 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 412] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 411] <... futex resumed>) = 0 [pid 412] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... ioctl resumed>, 0x200000000140) = 0 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... futex resumed>) = 0 [pid 412] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 412] memfd_create("syzkaller", 0) = 5 [pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 412] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 412] munmap(0x7fcb118d2000, 138412032) = 0 [pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 412] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 412] close(5) = 0 [pid 412] close(6) = 0 [pid 412] mkdir("./file0", 0777) = 0 [pid 412] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 412] chdir("./file0") = 0 [pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 412] ioctl(6, LOOP_CLR_FD) = 0 [pid 412] close(6) = 0 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 1 [pid 412] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 1 [pid 412] write(6, "#! ./file1\n", 11) = 11 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 1 [pid 412] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 412] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 1 [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 411] <... futex resumed>) = ? [pid 412] +++ killed by SIGBUS +++ [pid 411] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=411, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 25.858835][ T412] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.884402][ T412] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 417 attached , child_tidptr=0x55557a11e690) = 417 [pid 417] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 417] chdir("./22") = 0 [pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 417] setpgid(0, 0) = 0 [pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 417] write(3, "1000", 4) = 4 [pid 417] close(3) = 0 [pid 417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 417] write(1, "executing program\n", 18executing program ) = 18 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 417] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 418 attached => {parent_tid=[418]}, 88) = 418 [pid 418] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] ioctl(3, VHOST_SET_OWNER [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] <... ioctl resumed>, 0) = 0 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 0 [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 1 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] ioctl(3, VHOST_SET_MEM_TABLE [pid 417] <... futex resumed>) = 1 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] <... ioctl resumed>, 0x200000003380) = 0 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 0 [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 1 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 1 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 1 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 1 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 1 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] memfd_create("syzkaller", 0) = 5 [pid 418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 418] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 417] <... futex resumed>) = 1 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 418] <... write resumed>) = 1048576 [pid 418] munmap(0x7fcb118d2000, 138412032) = 0 [pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 418] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 418] close(5) = 0 [pid 418] close(6) = 0 [pid 418] mkdir("./file0", 0777) = 0 [pid 418] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 418] chdir("./file0") = 0 [pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 418] ioctl(6, LOOP_CLR_FD) = 0 [pid 418] close(6) = 0 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 0 [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 417] <... futex resumed>) = 1 [pid 418] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] <... openat resumed>) = 6 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] write(6, "#! ./file1\n", 11) = 11 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] <... futex resumed>) = 0 [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 418] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 0 [pid 417] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] <... futex resumed>) = 0 [pid 418] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 417] <... futex resumed>) = ? [pid 418] +++ killed by SIGBUS +++ [pid 417] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=417, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 26.089461][ T418] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.122168][ T419] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-418: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 423 ./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 423] chdir("./23") = 0 [pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 423] setpgid(0, 0) = 0 [pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 423] write(3, "1000", 4) = 4 executing program [pid 423] close(3) = 0 [pid 423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 423] write(1, "executing program\n", 18) = 18 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 423] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[424]}, 88) = 424 [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 424] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 424] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 424] memfd_create("syzkaller", 0) = 5 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 424] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 424] munmap(0x7fcb118d2000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 424] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 424] close(5) = 0 [pid 424] close(6) = 0 [pid 424] mkdir("./file0", 0777) = 0 [pid 424] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 424] chdir("./file0") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 424] ioctl(6, LOOP_CLR_FD) = 0 [pid 424] close(6) = 0 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] write(6, "#! ./file1\n", 11) = 11 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 424] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 423] <... futex resumed>) = ? [pid 424] +++ killed by SIGBUS +++ [pid 423] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=423, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 26.248104][ T424] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.274310][ T424] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 429 ./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 429] chdir("./24") = 0 [pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 429] setpgid(0, 0) = 0 [pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 429] write(3, "1000", 4) = 4 [pid 429] close(3) = 0 [pid 429] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 429] write(1, "executing program\n", 18) = 18 [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 429] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[430]}, 88) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 430] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 430] <... futex resumed>) = 0 [pid 430] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 429] <... futex resumed>) = 1 [pid 430] ioctl(3, VHOST_SET_OWNER [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... ioctl resumed>, 0) = 0 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 430] <... futex resumed>) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 430] <... futex resumed>) = 0 [pid 430] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 429] <... futex resumed>) = 1 [pid 430] eventfd2(118, EFD_SEMAPHORE [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... eventfd2 resumed>) = 4 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 429] <... futex resumed>) = 0 [pid 430] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 429] <... futex resumed>) = 1 [pid 430] ioctl(3, VHOST_SET_VRING_ERR [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... ioctl resumed>, 0x200000000240) = 0 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 429] <... futex resumed>) = 1 [pid 430] ioctl(3, VHOST_SET_VRING_KICK [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... ioctl resumed>, 0x200000000000) = 0 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 429] <... futex resumed>) = 0 [pid 430] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 430] memfd_create("syzkaller", 0) = 5 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 430] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 430] munmap(0x7fcb118d2000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 430] close(5) = 0 [pid 430] close(6) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 430] chdir("./file0") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_CLR_FD) = 0 [pid 430] close(6) = 0 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] write(6, "#! ./file1\n", 11) = 11 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 430] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 429] <... futex resumed>) = ? [pid 430] +++ killed by SIGBUS +++ [pid 429] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=429, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 26.459644][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.488068][ T430] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 435] chdir("./25") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] write(1, "executing program\n", 18executing program ) = 18 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 435] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... clone3 resumed> => {parent_tid=[436]}, 88) = 436 [pid 435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] <... futex resumed>) = 0 [pid 436] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] <... futex resumed>) = 0 [pid 436] ioctl(3, VHOST_SET_OWNER [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... ioctl resumed>, 0) = 0 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... futex resumed>) = 1 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] ioctl(3, VHOST_SET_MEM_TABLE [pid 435] <... futex resumed>) = 1 [pid 436] <... ioctl resumed>, 0x200000003380) = 0 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... futex resumed>) = 1 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... futex resumed>) = 1 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... futex resumed>) = 1 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... futex resumed>) = 1 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... futex resumed>) = 1 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] memfd_create("syzkaller", 0) = 5 [pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 436] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 435] <... futex resumed>) = 1 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 436] <... write resumed>) = 1048576 [pid 436] munmap(0x7fcb118d2000, 138412032) = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 436] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 436] close(5) = 0 [pid 436] close(6) = 0 [pid 436] mkdir("./file0", 0777) = 0 [pid 436] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 436] chdir("./file0") = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 436] ioctl(6, LOOP_CLR_FD) = 0 [pid 436] close(6) = 0 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] write(6, "#! ./file1\n", 11) = 11 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 436] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 0 [pid 436] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 435] <... futex resumed>) = ? [pid 436] +++ killed by SIGBUS +++ [pid 435] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=435, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 26.624590][ T436] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.657300][ T437] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-436: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 441] chdir("./26") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 441] write(1, "executing program\n", 18executing program ) = 18 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 441] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[442]}, 88) = 442 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 442] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] memfd_create("syzkaller", 0) = 5 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 442] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 442] munmap(0x7fcb118d2000, 138412032) = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 442] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 442] close(5) = 0 [pid 442] close(6) = 0 [pid 442] mkdir("./file0", 0777) = 0 [pid 442] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 442] chdir("./file0") = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 442] ioctl(6, LOOP_CLR_FD) = 0 [pid 442] close(6) = 0 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] write(6, "#! ./file1\n", 11) = 11 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 442] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 441] <... futex resumed>) = ? [pid 442] +++ killed by SIGBUS +++ [pid 441] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=441, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 26.842107][ T442] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.869877][ T442] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 447 ./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 447] chdir("./27") = 0 [pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 447] setpgid(0, 0) = 0 [pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 447] write(3, "1000", 4) = 4 [pid 447] close(3) = 0 [pid 447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 447] write(1, "executing program\n", 18) = 18 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 447] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[448]}, 88) = 448 [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 448 attached [pid 448] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 448] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] ioctl(3, VHOST_SET_MEM_TABLEexecuting program , 0x200000003380) = 0 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] memfd_create("syzkaller", 0) = 5 [pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 448] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 448] munmap(0x7fcb118d2000, 138412032) = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 448] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 448] close(5) = 0 [pid 448] close(6) = 0 [pid 448] mkdir("./file0", 0777) = 0 [pid 448] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 448] chdir("./file0") = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 448] ioctl(6, LOOP_CLR_FD) = 0 [pid 448] close(6) = 0 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] write(6, "#! ./file1\n", 11) = 11 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 448] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 447] <... futex resumed>) = ? [pid 448] +++ killed by SIGBUS +++ [pid 447] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=447, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 27.019834][ T448] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.049431][ T449] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-448: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 453 ./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 453] chdir("./28") = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 453] setpgid(0, 0) = 0 [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 453] write(3, "1000", 4) = 4 [pid 453] close(3) = 0 [pid 453] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 453] write(1, "executing program\n", 18) = 18 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 453] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[454]}, 88) = 454 [pid 453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 454 attached [pid 454] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 454] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 454] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 454] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... futex resumed>) = 0 [pid 453] <... futex resumed>) = 1 [pid 454] ioctl(3, VHOST_SET_VRING_KICK [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... ioctl resumed>, 0x200000000000) = 0 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... ioctl resumed>, 0x200000000140) = 0 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 454] memfd_create("syzkaller", 0) = 5 [pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 454] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 454] munmap(0x7fcb118d2000, 138412032) = 0 [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 454] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 454] close(5) = 0 [pid 454] close(6) = 0 [pid 454] mkdir("./file0", 0777) = 0 [pid 454] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 454] chdir("./file0") = 0 [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 454] ioctl(6, LOOP_CLR_FD) = 0 [pid 454] close(6) = 0 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 454] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 454] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] <... futex resumed>) = 1 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] write(6, "#! ./file1\n", 11) = 11 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 454] <... futex resumed>) = 1 [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... mmap resumed>) = 0x200000000000 [pid 454] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 454] <... futex resumed>) = 0 [pid 454] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 453] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 0 [pid 454] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 453] <... futex resumed>) = ? [pid 454] +++ killed by SIGBUS +++ [pid 453] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=453, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 27.209560][ T454] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.241740][ T455] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-454: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 459 ./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 459] chdir("./29") = 0 [pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 459] setpgid(0, 0) = 0 [pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 459] write(3, "1000", 4) = 4 [pid 459] close(3) = 0 [pid 459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 459] write(1, "executing program\n", 18executing program ) = 18 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 459] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 460 attached => {parent_tid=[460]}, 88) = 460 [pid 460] set_robust_list(0x7fcb19cf29a0, 24 [pid 459] rt_sigprocmask(SIG_SETMASK, [], [pid 460] <... set_robust_list resumed>) = 0 [pid 459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 460] rt_sigprocmask(SIG_SETMASK, [], [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 459] <... futex resumed>) = 0 [pid 460] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... openat resumed>) = 3 [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 460] <... futex resumed>) = 1 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] ioctl(3, VHOST_SET_OWNER [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... ioctl resumed>, 0) = 0 [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 460] <... futex resumed>) = 1 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR [pid 459] <... futex resumed>) = 0 [pid 460] <... ioctl resumed>, 0x200000000300) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 460] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] ioctl(3, VHOST_SET_MEM_TABLE [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... ioctl resumed>, 0x200000003380) = 0 [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 460] <... futex resumed>) = 1 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] eventfd2(118, EFD_SEMAPHORE [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... eventfd2 resumed>) = 4 [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 460] <... futex resumed>) = 1 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] ioctl(3, VHOST_SET_VRING_ERR [pid 459] <... futex resumed>) = 0 [pid 460] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 460] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] ioctl(3, VHOST_SET_VRING_ADDR [pid 459] <... futex resumed>) = 0 [pid 460] <... ioctl resumed>, 0x200000000240) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 460] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] ioctl(3, VHOST_SET_VRING_KICK [pid 459] <... futex resumed>) = 0 [pid 460] <... ioctl resumed>, 0x200000000000) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 460] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 459] <... futex resumed>) = 0 [pid 460] <... ioctl resumed>, 0x200000000140) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 460] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] memfd_create("syzkaller", 0 [pid 459] <... futex resumed>) = 0 [pid 460] <... memfd_create resumed>) = 5 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 460] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 460] munmap(0x7fcb118d2000, 138412032) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 460] close(5) = 0 [pid 460] close(6) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 460] chdir("./file0") = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_CLR_FD) = 0 [pid 460] close(6) = 0 [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 460] <... futex resumed>) = 1 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] write(6, "#! ./file1\n", 11 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... write resumed>) = 11 [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... mmap resumed>) = 0x200000000000 [pid 460] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 459] <... futex resumed>) = ? [pid 460] +++ killed by SIGBUS +++ [pid 459] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 27.409756][ T460] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.441229][ T461] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-460: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 465] chdir("./30"executing program ) = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 465] write(1, "executing program\n", 18) = 18 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 465] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[466]}, 88) = 466 ./strace-static-x86_64: Process 466 attached [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 466] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 466] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 466] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] eventfd2(118, EFD_SEMAPHORE [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... eventfd2 resumed>) = 4 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 466] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 466] <... futex resumed>) = 0 [pid 466] ioctl(3, VHOST_SET_VRING_ADDR [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... ioctl resumed>, 0x200000000240) = 0 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] <... futex resumed>) = 0 [pid 465] <... futex resumed>) = 0 [pid 466] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 466] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 465] <... futex resumed>) = 0 [pid 466] <... ioctl resumed>, 0x200000000140) = 0 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 466] memfd_create("syzkaller", 0) = 5 [pid 466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 466] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 466] munmap(0x7fcb118d2000, 138412032) = 0 [pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 466] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 466] close(5) = 0 [pid 466] close(6) = 0 [pid 466] mkdir("./file0", 0777) = 0 [pid 466] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 466] chdir("./file0") = 0 [pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 466] ioctl(6, LOOP_CLR_FD) = 0 [pid 466] close(6) = 0 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... openat resumed>) = 6 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 0 [pid 466] <... futex resumed>) = 1 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] write(6, "#! ./file1\n", 11 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... write resumed>) = 11 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... mmap resumed>) = 0x200000000000 [pid 466] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 465] <... futex resumed>) = ? [pid 466] +++ killed by SIGBUS +++ [pid 465] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 27.569703][ T466] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.603324][ T467] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-466: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 471 ./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 471] chdir("./31") = 0 [pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 471] setpgid(0, 0) = 0 [pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 471] write(3, "1000", 4) = 4 [pid 471] close(3) = 0 [pid 471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 471] write(1, "executing program\n", 18executing program ) = 18 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 471] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 472 attached => {parent_tid=[472]}, 88) = 472 [pid 472] set_robust_list(0x7fcb19cf29a0, 24 [pid 471] rt_sigprocmask(SIG_SETMASK, [], [pid 472] <... set_robust_list resumed>) = 0 [pid 471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 472] rt_sigprocmask(SIG_SETMASK, [], [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 471] <... futex resumed>) = 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 472] <... futex resumed>) = 1 [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] ioctl(3, VHOST_SET_OWNER [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... ioctl resumed>, 0) = 0 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 472] <... futex resumed>) = 1 [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] ioctl(3, VHOST_SET_VRING_ADDR [pid 471] <... futex resumed>) = 0 [pid 472] <... ioctl resumed>, 0x200000000300) = 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] ioctl(3, VHOST_SET_MEM_TABLE [pid 471] <... futex resumed>) = 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... ioctl resumed>, 0x200000003380) = 0 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 472] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 471] <... futex resumed>) = 0 [pid 472] ioctl(3, VHOST_SET_VRING_ERR [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 472] <... futex resumed>) = 1 [pid 472] ioctl(3, VHOST_SET_VRING_ADDR [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... ioctl resumed>, 0x200000000240) = 0 [pid 471] <... futex resumed>) = 0 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = 0 [pid 471] <... futex resumed>) = 1 [pid 472] ioctl(3, VHOST_SET_VRING_KICK [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... ioctl resumed>, 0x200000000000) = 0 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 472] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 471] <... futex resumed>) = 0 [pid 472] <... ioctl resumed>, 0x200000000140) = 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] memfd_create("syzkaller", 0 [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... memfd_create resumed>) = 5 [pid 471] <... futex resumed>) = 0 [pid 472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 472] <... mmap resumed>) = 0x7fcb118d2000 [pid 472] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 472] munmap(0x7fcb118d2000, 138412032) = 0 [pid 472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 472] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 472] close(5) = 0 [pid 472] close(6) = 0 [pid 472] mkdir("./file0", 0777) = 0 [pid 472] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 472] chdir("./file0") = 0 [pid 472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 472] ioctl(6, LOOP_CLR_FD) = 0 [pid 472] close(6) = 0 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... futex resumed>) = 1 [pid 472] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... futex resumed>) = 1 [pid 472] write(6, "#! ./file1\n", 11) = 11 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... futex resumed>) = 1 [pid 472] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 472] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 471] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... futex resumed>) = 1 [pid 472] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 471] <... futex resumed>) = ? [pid 472] +++ killed by SIGBUS +++ [pid 471] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 27.779612][ T472] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.808536][ T473] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-472: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 477 ./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 477] chdir("./32") = 0 [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 477] setpgid(0, 0) = 0 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 477] write(3, "1000", 4) = 4 [pid 477] close(3) = 0 [pid 477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 477] write(1, "executing program\n", 18executing program ) = 18 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 477] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 478 attached => {parent_tid=[478]}, 88) = 478 [pid 478] set_robust_list(0x7fcb19cf29a0, 24 [pid 477] rt_sigprocmask(SIG_SETMASK, [], [pid 478] <... set_robust_list resumed>) = 0 [pid 477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 478] rt_sigprocmask(SIG_SETMASK, [], [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 478] <... futex resumed>) = 1 [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] ioctl(3, VHOST_SET_OWNER [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... ioctl resumed>, 0) = 0 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 0 [pid 478] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 478] ioctl(3, VHOST_SET_MEM_TABLE [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... ioctl resumed>, 0x200000003380) = 0 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 478] eventfd2(118, EFD_SEMAPHORE [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... eventfd2 resumed>) = 4 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] ioctl(3, VHOST_SET_VRING_ERR [pid 477] <... futex resumed>) = 0 [pid 478] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 478] <... futex resumed>) = 0 [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] ioctl(3, VHOST_SET_VRING_ADDR [pid 477] <... futex resumed>) = 0 [pid 478] <... ioctl resumed>, 0x200000000240) = 0 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = 0 [pid 478] ioctl(3, VHOST_SET_VRING_KICK [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... ioctl resumed>, 0x200000000000) = 0 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 478] memfd_create("syzkaller", 0) = 5 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 478] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 478] munmap(0x7fcb118d2000, 138412032) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 478] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 478] close(5) = 0 [pid 478] close(6) = 0 [pid 478] mkdir("./file0", 0777) = 0 [pid 478] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 478] chdir("./file0") = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 478] ioctl(6, LOOP_CLR_FD) = 0 [pid 478] close(6) = 0 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... openat resumed>) = 6 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] write(6, "#! ./file1\n", 11 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... write resumed>) = 11 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... mmap resumed>) = 0x200000000000 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 27.929631][ T478] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 477] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 477] <... futex resumed>) = ? [pid 478] +++ killed by SIGBUS +++ [pid 477] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=477, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 27.967909][ T479] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-478: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 483 attached , child_tidptr=0x55557a11e690) = 483 [pid 483] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 483] chdir("./33") = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 483] write(1, "executing program\n", 18executing program ) = 18 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 483] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 484 attached => {parent_tid=[484]}, 88) = 484 [pid 484] set_robust_list(0x7fcb19cf29a0, 24 [pid 483] rt_sigprocmask(SIG_SETMASK, [], [pid 484] <... set_robust_list resumed>) = 0 [pid 483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 484] rt_sigprocmask(SIG_SETMASK, [], [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 484] <... futex resumed>) = 1 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] ioctl(3, VHOST_SET_OWNER [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... ioctl resumed>, 0) = 0 [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 484] <... futex resumed>) = 1 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] ioctl(3, VHOST_SET_VRING_ADDR [pid 483] <... futex resumed>) = 0 [pid 484] <... ioctl resumed>, 0x200000000300) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 484] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] ioctl(3, VHOST_SET_MEM_TABLE [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... ioctl resumed>, 0x200000003380) = 0 [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 484] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 483] <... futex resumed>) = 0 [pid 484] eventfd2(118, EFD_SEMAPHORE [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... eventfd2 resumed>) = 4 [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 484] <... futex resumed>) = 1 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] ioctl(3, VHOST_SET_VRING_ERR [pid 483] <... futex resumed>) = 0 [pid 484] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 484] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] ioctl(3, VHOST_SET_VRING_ADDR [pid 483] <... futex resumed>) = 0 [pid 484] <... ioctl resumed>, 0x200000000240) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 484] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] ioctl(3, VHOST_SET_VRING_KICK [pid 483] <... futex resumed>) = 0 [pid 484] <... ioctl resumed>, 0x200000000000) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 484] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 483] <... futex resumed>) = 0 [pid 484] <... ioctl resumed>, 0x200000000140) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 484] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 484] memfd_create("syzkaller", 0) = 5 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 484] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 484] munmap(0x7fcb118d2000, 138412032) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 484] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 484] close(5) = 0 [pid 484] close(6) = 0 [pid 484] mkdir("./file0", 0777) = 0 [pid 484] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 484] chdir("./file0") = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 484] ioctl(6, LOOP_CLR_FD) = 0 [pid 484] close(6) = 0 [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... openat resumed>) = 6 [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] write(6, "#! ./file1\n", 11 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... write resumed>) = 11 [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 484] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 483] <... futex resumed>) = ? [pid 484] +++ killed by SIGBUS +++ [pid 483] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=483, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 28.089802][ T484] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.125197][ T485] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-484: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 489] chdir("./34") = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 489] setpgid(0, 0) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 489] write(3, "1000", 4) = 4 [pid 489] close(3) = 0 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 489] write(1, "executing program\n", 18executing program ) = 18 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 489] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 490 attached => {parent_tid=[490]}, 88) = 490 [pid 490] set_robust_list(0x7fcb19cf29a0, 24 [pid 489] rt_sigprocmask(SIG_SETMASK, [], [pid 490] <... set_robust_list resumed>) = 0 [pid 489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 490] rt_sigprocmask(SIG_SETMASK, [], [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 490] <... futex resumed>) = 1 [pid 490] ioctl(3, VHOST_SET_OWNER [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... ioctl resumed>, 0) = 0 [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 490] <... futex resumed>) = 1 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR [pid 489] <... futex resumed>) = 0 [pid 490] <... ioctl resumed>, 0x200000000300) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] ioctl(3, VHOST_SET_MEM_TABLE [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... ioctl resumed>, 0x200000003380) = 0 [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 490] <... futex resumed>) = 1 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] eventfd2(118, EFD_SEMAPHORE [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... eventfd2 resumed>) = 4 [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 490] <... futex resumed>) = 1 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] ioctl(3, VHOST_SET_VRING_ERR [pid 489] <... futex resumed>) = 0 [pid 490] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] ioctl(3, VHOST_SET_VRING_ADDR [pid 489] <... futex resumed>) = 0 [pid 490] <... ioctl resumed>, 0x200000000240) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] ioctl(3, VHOST_SET_VRING_KICK [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... ioctl resumed>, 0x200000000000) = 0 [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 490] <... futex resumed>) = 1 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 489] <... futex resumed>) = 0 [pid 490] <... ioctl resumed>, 0x200000000140) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 490] memfd_create("syzkaller", 0) = 5 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 490] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 490] munmap(0x7fcb118d2000, 138412032) = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 490] close(5) = 0 [pid 490] close(6) = 0 [pid 490] mkdir("./file0", 0777) = 0 [pid 490] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 490] chdir("./file0") = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 490] ioctl(6, LOOP_CLR_FD) = 0 [pid 490] close(6) = 0 [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 490] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... openat resumed>) = 6 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] write(6, "#! ./file1\n", 11 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... write resumed>) = 11 [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 490] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... mmap resumed>) = 0x200000000000 [pid 490] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] <... futex resumed>) = 0 [pid 489] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 489] <... futex resumed>) = ? [pid 490] +++ killed by SIGBUS +++ [pid 489] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=489, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 28.249749][ T490] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.281105][ T490] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 495 ./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 495] chdir("./35") = 0 [pid 495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 495] setpgid(0, 0) = 0 [pid 495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 495] write(3, "1000", 4) = 4 [pid 495] close(3) = 0 [pid 495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 495] write(1, "executing program\n", 18executing program ) = 18 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 495] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 496 attached => {parent_tid=[496]}, 88) = 496 [pid 496] set_robust_list(0x7fcb19cf29a0, 24 [pid 495] rt_sigprocmask(SIG_SETMASK, [], [pid 496] <... set_robust_list resumed>) = 0 [pid 495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 496] rt_sigprocmask(SIG_SETMASK, [], [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 496] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 496] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 496] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 496] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] <... futex resumed>) = 0 [pid 496] ioctl(3, VHOST_SET_VRING_KICK [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... ioctl resumed>, 0x200000000000) = 0 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 496] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] <... futex resumed>) = 0 [pid 496] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... ioctl resumed>, 0x200000000140) = 0 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 496] memfd_create("syzkaller", 0) = 5 [pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 496] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 496] munmap(0x7fcb118d2000, 138412032) = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 496] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 496] close(5) = 0 [pid 496] close(6) = 0 [pid 496] mkdir("./file0", 0777) = 0 [pid 496] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 496] chdir("./file0") = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 496] ioctl(6, LOOP_CLR_FD) = 0 [pid 496] close(6) = 0 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 495] <... futex resumed>) = 1 [pid 496] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... openat resumed>) = 6 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... futex resumed>) = 1 [pid 496] write(6, "#! ./file1\n", 11) = 11 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... futex resumed>) = 1 [pid 496] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 496] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... futex resumed>) = 1 [pid 496] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 495] <... futex resumed>) = ? [pid 496] +++ killed by SIGBUS +++ [pid 495] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=495, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 28.459844][ T496] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.490270][ T497] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-496: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 501 ./strace-static-x86_64: Process 501 attached [pid 501] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 501] chdir("./36") = 0 [pid 501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 501] setpgid(0, 0) = 0 [pid 501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 501] write(3, "1000", 4) = 4 [pid 501] close(3) = 0 [pid 501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 501] write(1, "executing program\n", 18) = 18 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 501] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[502]}, 88) = 502 [pid 501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 502 attached [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] set_robust_list(0x7fcb19cf29a0, 24 [pid 501] <... futex resumed>) = 0 [pid 502] <... set_robust_list resumed>) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 502] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 502] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 502] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 502] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 502] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 502] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 502] memfd_create("syzkaller", 0) = 5 [pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 502] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 502] munmap(0x7fcb118d2000, 138412032) = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 502] close(5) = 0 [pid 502] close(6) = 0 [pid 502] mkdir("./file0", 0777) = 0 [pid 502] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 502] chdir("./file0") = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_CLR_FD) = 0 [pid 502] close(6) = 0 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] write(6, "#! ./file1\n", 11) = 11 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 502] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 501] <... futex resumed>) = ? [pid 502] +++ killed by SIGBUS +++ [pid 501] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=501, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 28.657376][ T502] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.687758][ T503] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-502: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 507 ./strace-static-x86_64: Process 507 attached [pid 507] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 507] chdir("./37") = 0 [pid 507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 507] setpgid(0, 0) = 0 [pid 507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 507] write(3, "1000", 4) = 4 [pid 507] close(3) = 0 [pid 507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 507] write(1, "executing program\n", 18executing program ) = 18 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 507] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 508 attached => {parent_tid=[508]}, 88) = 508 [pid 508] set_robust_list(0x7fcb19cf29a0, 24 [pid 507] rt_sigprocmask(SIG_SETMASK, [], [pid 508] <... set_robust_list resumed>) = 0 [pid 507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 508] rt_sigprocmask(SIG_SETMASK, [], [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] ioctl(3, VHOST_SET_VRING_ERR [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... ioctl resumed>, 0x200000000140) = 0 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 508] memfd_create("syzkaller", 0) = 5 [pid 508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 508] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 508] munmap(0x7fcb118d2000, 138412032) = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 508] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 508] close(5) = 0 [pid 508] close(6) = 0 [pid 508] mkdir("./file0", 0777) = 0 [pid 508] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 508] chdir("./file0") = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 508] ioctl(6, LOOP_CLR_FD) = 0 [pid 508] close(6) = 0 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... futex resumed>) = 1 [pid 508] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... futex resumed>) = 1 [pid 508] write(6, "#! ./file1\n", 11) = 11 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... futex resumed>) = 1 [pid 508] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 508] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... futex resumed>) = 1 [ 28.869599][ T508] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 508] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 507] <... futex resumed>) = ? [pid 508] +++ killed by SIGBUS +++ [pid 507] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=507, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 28.912114][ T509] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-508: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 513 ./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 513] chdir("./38") = 0 [pid 513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 513] setpgid(0, 0) = 0 [pid 513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 513] write(3, "1000", 4) = 4 [pid 513] close(3) = 0 [pid 513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 513] write(1, "executing program\n", 18) = 18 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 513] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 514 attached => {parent_tid=[514]}, 88) = 514 [pid 514] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 514] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 0 [pid 514] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] ioctl(3, VHOST_SET_VRING_ERR [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 514] memfd_create("syzkaller", 0) = 5 [pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 514] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 514] munmap(0x7fcb118d2000, 138412032) = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 514] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 514] close(5) = 0 [pid 514] close(6) = 0 [pid 514] mkdir("./file0", 0777) = 0 [pid 514] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 514] chdir("./file0") = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 514] ioctl(6, LOOP_CLR_FD) = 0 [pid 514] close(6) = 0 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] write(6, "#! ./file1\n", 11) = 11 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 514] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 513] <... futex resumed>) = ? [pid 514] +++ killed by SIGBUS +++ [pid 513] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=513, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 29.059715][ T514] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.083579][ T514] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 519 ./strace-static-x86_64: Process 519 attached [pid 519] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 519] chdir("./39") = 0 [pid 519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 519] setpgid(0, 0) = 0 [pid 519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 519] write(3, "1000", 4) = 4 [pid 519] close(3) = 0 [pid 519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 519] write(1, "executing program\n", 18executing program ) = 18 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 519] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... clone3 resumed> => {parent_tid=[520]}, 88) = 520 [pid 519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] ioctl(3, VHOST_SET_OWNER [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... ioctl resumed>, 0) = 0 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 519] <... futex resumed>) = 1 [pid 520] ioctl(3, VHOST_SET_MEM_TABLE [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... ioctl resumed>, 0x200000003380) = 0 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 519] <... futex resumed>) = 1 [pid 520] ioctl(3, VHOST_SET_VRING_KICK [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... ioctl resumed>, 0x200000000000) = 0 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] <... futex resumed>) = 0 [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 519] <... futex resumed>) = 0 [pid 520] <... ioctl resumed>, 0x200000000140) = 0 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... futex resumed>) = 0 [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 519] <... futex resumed>) = 1 [pid 520] memfd_create("syzkaller", 0 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 520] <... memfd_create resumed>) = 5 [pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 520] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 520] munmap(0x7fcb118d2000, 138412032) = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 520] close(5) = 0 [pid 520] close(6) = 0 [pid 520] mkdir("./file0", 0777) = 0 [pid 520] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 520] chdir("./file0") = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_CLR_FD) = 0 [pid 520] close(6) = 0 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 519] <... futex resumed>) = 0 [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 519] <... futex resumed>) = 0 [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] write(6, "#! ./file1\n", 11) = 11 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 519] <... futex resumed>) = 0 [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 520] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... futex resumed>) = 0 [pid 519] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 519] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... futex resumed>) = 0 [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 519] <... futex resumed>) = ? [pid 520] +++ killed by SIGBUS +++ [pid 519] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=519, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 29.379602][ T520] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.415517][ T521] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-520: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 525 ./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 525] chdir("./40") = 0 [pid 525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 525] setpgid(0, 0) = 0 [pid 525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 525] write(3, "1000", 4) = 4 [pid 525] close(3) = 0 [pid 525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 525] write(1, "executing program\n", 18executing program ) = 18 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 525] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 525] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 525] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 526 attached => {parent_tid=[526]}, 88) = 526 [pid 526] set_robust_list(0x7fcb19cf29a0, 24 [pid 525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... set_robust_list resumed>) = 0 [pid 526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 526] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... futex resumed>) = 1 [pid 526] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... futex resumed>) = 1 [pid 526] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 526] memfd_create("syzkaller", 0) = 5 [pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 526] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 526] munmap(0x7fcb118d2000, 138412032) = 0 [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 526] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 526] close(5) = 0 [pid 526] close(6) = 0 [pid 526] mkdir("./file0", 0777) = 0 [pid 526] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 526] chdir("./file0") = 0 [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 526] ioctl(6, LOOP_CLR_FD) = 0 [pid 526] close(6) = 0 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... futex resumed>) = 1 [pid 526] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... futex resumed>) = 1 [pid 526] write(6, "#! ./file1\n", 11) = 11 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... futex resumed>) = 1 [pid 526] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 526] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... futex resumed>) = 1 [pid 526] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 525] <... futex resumed>) = ? [pid 526] +++ killed by SIGBUS +++ [pid 525] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=525, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 29.559219][ T526] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.590846][ T527] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-526: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 531 ./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 531] chdir("./41") = 0 [pid 531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 531] setpgid(0, 0) = 0 [pid 531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 531] write(3, "1000", 4) = 4 [pid 531] close(3) = 0 [pid 531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 531] write(1, "executing program\n", 18executing program ) = 18 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 531] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 531] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 531] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 532 attached => {parent_tid=[532]}, 88) = 532 [pid 532] set_robust_list(0x7fcb19cf29a0, 24 [pid 531] rt_sigprocmask(SIG_SETMASK, [], [pid 532] <... set_robust_list resumed>) = 0 [pid 531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 532] rt_sigprocmask(SIG_SETMASK, [], [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 532] <... futex resumed>) = 1 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] ioctl(3, VHOST_SET_OWNER [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... ioctl resumed>, 0) = 0 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 532] <... futex resumed>) = 1 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] ioctl(3, VHOST_SET_VRING_ADDR [pid 531] <... futex resumed>) = 0 [pid 532] <... ioctl resumed>, 0x200000000300) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 532] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] ioctl(3, VHOST_SET_MEM_TABLE [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... ioctl resumed>, 0x200000003380) = 0 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] eventfd2(118, EFD_SEMAPHORE [pid 531] <... futex resumed>) = 0 [pid 532] <... eventfd2 resumed>) = 4 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 532] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] ioctl(3, VHOST_SET_VRING_ERR [pid 531] <... futex resumed>) = 0 [pid 532] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 0 [pid 532] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] <... futex resumed>) = 0 [pid 532] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 531] <... futex resumed>) = 0 [pid 532] ioctl(3, VHOST_SET_VRING_KICK [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... ioctl resumed>, 0x200000000000) = 0 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] <... futex resumed>) = 0 [pid 532] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 532] memfd_create("syzkaller", 0) = 5 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 532] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 532] munmap(0x7fcb118d2000, 138412032) = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 532] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 532] close(5) = 0 [pid 532] close(6) = 0 [pid 532] mkdir("./file0", 0777) = 0 [pid 532] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 532] chdir("./file0") = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 532] ioctl(6, LOOP_CLR_FD) = 0 [pid 532] close(6) = 0 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] write(6, "#! ./file1\n", 11) = 11 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 532] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 531] <... futex resumed>) = ? [pid 532] +++ killed by SIGBUS +++ [pid 531] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=531, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 29.729922][ T532] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.760918][ T533] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-532: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 537 ./strace-static-x86_64: Process 537 attached [pid 537] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 537] chdir("./42") = 0 [pid 537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 537] setpgid(0, 0) = 0 [pid 537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 537] write(3, "1000", 4) = 4 [pid 537] close(3) = 0 [pid 537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 537] write(1, "executing program\n", 18executing program ) = 18 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 537] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 538 attached => {parent_tid=[538]}, 88) = 538 [pid 538] set_robust_list(0x7fcb19cf29a0, 24 [pid 537] rt_sigprocmask(SIG_SETMASK, [], [pid 538] <... set_robust_list resumed>) = 0 [pid 537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] rt_sigprocmask(SIG_SETMASK, [], [pid 537] <... futex resumed>) = 0 [pid 538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 537] <... futex resumed>) = 0 [pid 538] ioctl(3, VHOST_SET_OWNER [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... ioctl resumed>, 0) = 0 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 538] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 537] <... futex resumed>) = 1 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 537] <... futex resumed>) = 0 [pid 538] eventfd2(118, EFD_SEMAPHORE [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... eventfd2 resumed>) = 4 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 537] <... futex resumed>) = 0 [pid 538] ioctl(3, VHOST_SET_VRING_ERR [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 538] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 537] <... futex resumed>) = 0 [pid 538] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... ioctl resumed>, 0x200000000140) = 0 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 538] memfd_create("syzkaller", 0) = 5 [pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 538] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 538] munmap(0x7fcb118d2000, 138412032) = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 538] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 538] close(5) = 0 [pid 538] close(6) = 0 [pid 538] mkdir("./file0", 0777) = 0 [pid 538] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 538] chdir("./file0") = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 538] ioctl(6, LOOP_CLR_FD) = 0 [pid 538] close(6) = 0 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... openat resumed>) = 6 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] write(6, "#! ./file1\n", 11) = 11 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... mmap resumed>) = 0x200000000000 [pid 538] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 538] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 537] <... futex resumed>) = ? [pid 538] +++ killed by SIGBUS +++ [pid 537] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=537, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 29.899760][ T538] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.930284][ T539] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-538: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 543 ./strace-static-x86_64: Process 543 attached [pid 543] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 543] chdir("./43") = 0 [pid 543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 543] setpgid(0, 0) = 0 [pid 543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 543] write(3, "1000", 4) = 4 [pid 543] close(3) = 0 [pid 543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 543] write(1, "executing program\n", 18) = 18 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 543] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 544 attached => {parent_tid=[544]}, 88) = 544 [pid 544] set_robust_list(0x7fcb19cf29a0, 24 [pid 543] rt_sigprocmask(SIG_SETMASK, [], [pid 544] <... set_robust_list resumed>) = 0 [pid 543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 544] rt_sigprocmask(SIG_SETMASK, [], [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 543] <... futex resumed>) = 0 [pid 544] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 543] <... futex resumed>) = 0 [pid 544] ioctl(3, VHOST_SET_OWNER [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... ioctl resumed>, 0) = 0 [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] ioctl(3, VHOST_SET_VRING_ADDR [pid 543] <... futex resumed>) = 0 [pid 544] <... ioctl resumed>, 0x200000000300) = 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] ioctl(3, VHOST_SET_MEM_TABLE [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... ioctl resumed>, 0x200000003380) = 0 [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] eventfd2(118, EFD_SEMAPHORE [pid 543] <... futex resumed>) = 0 [pid 544] <... eventfd2 resumed>) = 4 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] ioctl(3, VHOST_SET_VRING_ERR [pid 543] <... futex resumed>) = 0 [pid 544] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] ioctl(3, VHOST_SET_VRING_ADDR [pid 543] <... futex resumed>) = 0 [pid 544] <... ioctl resumed>, 0x200000000240) = 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] ioctl(3, VHOST_SET_VRING_KICK [pid 543] <... futex resumed>) = 0 [pid 544] <... ioctl resumed>, 0x200000000000) = 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 543] <... futex resumed>) = 0 [pid 544] <... ioctl resumed>, 0x200000000140) = 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 544] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] memfd_create("syzkaller", 0 [pid 543] <... futex resumed>) = 0 [pid 544] <... memfd_create resumed>) = 5 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 544] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 544] munmap(0x7fcb118d2000, 138412032) = 0 [pid 544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 544] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 544] close(5) = 0 [pid 544] close(6) = 0 [pid 544] mkdir("./file0", 0777) = 0 [pid 544] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 544] chdir("./file0") = 0 [pid 544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 544] ioctl(6, LOOP_CLR_FD) = 0 [pid 544] close(6) = 0 [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... openat resumed>) = 6 [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] write(6, "#! ./file1\n", 11 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... write resumed>) = 11 [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... mmap resumed>) = 0x200000000000 [pid 544] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 543] <... futex resumed>) = 0 [pid 543] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 543] <... futex resumed>) = ? [pid 544] +++ killed by SIGBUS +++ [pid 543] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=543, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 30.041307][ T544] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.072830][ T545] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-544: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 549 ./strace-static-x86_64: Process 549 attached [pid 549] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 549] chdir("./44") = 0 [pid 549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 549] setpgid(0, 0) = 0 [pid 549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 549] write(3, "1000", 4) = 4 executing program [pid 549] close(3) = 0 [pid 549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 549] write(1, "executing program\n", 18) = 18 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 549] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 549] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[550]}, 88) = 550 ./strace-static-x86_64: Process 550 attached [pid 549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 550] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 549] <... futex resumed>) = 0 [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 549] <... futex resumed>) = 0 [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 549] <... futex resumed>) = 0 [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 549] <... futex resumed>) = 0 [pid 550] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 550] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 549] <... futex resumed>) = 0 [pid 550] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 550] ioctl(3, VHOST_SET_VRING_ERR [pid 549] <... futex resumed>) = 0 [pid 550] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 0 [pid 549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 550] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 549] <... futex resumed>) = 1 [pid 550] ioctl(3, VHOST_SET_VRING_ADDR [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... ioctl resumed>, 0x200000000240) = 0 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 549] <... futex resumed>) = 1 [pid 550] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 0 [pid 550] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 549] <... futex resumed>) = 1 [pid 550] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 550] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 550] <... futex resumed>) = 0 [pid 549] <... futex resumed>) = 1 [pid 550] memfd_create("syzkaller", 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 550] <... memfd_create resumed>) = 5 [pid 550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 550] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 550] munmap(0x7fcb118d2000, 138412032) = 0 [pid 550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 550] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 550] close(5) = 0 [pid 550] close(6) = 0 [pid 550] mkdir("./file0", 0777) = 0 [pid 550] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 550] chdir("./file0") = 0 [pid 550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 550] ioctl(6, LOOP_CLR_FD) = 0 [pid 550] close(6) = 0 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 549] <... futex resumed>) = 0 [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 1 [pid 550] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 549] <... futex resumed>) = 0 [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 1 [pid 550] write(6, "#! ./file1\n", 11) = 11 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 549] <... futex resumed>) = 0 [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 1 [pid 550] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 550] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 549] <... futex resumed>) = 0 [pid 549] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 1 [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 549] <... futex resumed>) = ? [pid 550] +++ killed by SIGBUS +++ [pid 549] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=549, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 30.208831][ T550] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.234102][ T551] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-550: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 555 ./strace-static-x86_64: Process 555 attached [pid 555] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 555] chdir("./45") = 0 [pid 555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 555] setpgid(0, 0) = 0 [pid 555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 555] write(3, "1000", 4) = 4 [pid 555] close(3) = 0 [pid 555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 555] write(1, "executing program\n", 18executing program ) = 18 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 555] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 556 attached => {parent_tid=[556]}, 88) = 556 [pid 556] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 555] rt_sigprocmask(SIG_SETMASK, [], [pid 556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 556] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 556] <... futex resumed>) = 0 [pid 556] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 556] <... futex resumed>) = 0 [pid 556] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] <... futex resumed>) = 0 [pid 555] <... futex resumed>) = 1 [pid 556] ioctl(3, VHOST_SET_OWNER [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... ioctl resumed>, 0) = 0 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... futex resumed>) = 1 [pid 556] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 556] memfd_create("syzkaller", 0) = 5 [pid 556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 556] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 556] munmap(0x7fcb118d2000, 138412032) = 0 [pid 556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 556] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 556] close(5) = 0 [pid 556] close(6) = 0 [pid 556] mkdir("./file0", 0777) = 0 [pid 556] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 556] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 556] chdir("./file0") = 0 [pid 556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 556] ioctl(6, LOOP_CLR_FD) = 0 [pid 556] close(6) = 0 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = 0 [pid 556] <... futex resumed>) = 1 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 555] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... openat resumed>) = 6 [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 556] write(6, "#! ./file1\n", 11 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] <... write resumed>) = 11 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 556] <... futex resumed>) = 0 [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 555] <... futex resumed>) = 0 [pid 556] <... mmap resumed>) = 0x200000000000 [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 556] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 555] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 555] <... futex resumed>) = 0 [ 30.399636][ T556] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 555] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 555] <... futex resumed>) = ? [pid 556] +++ killed by SIGBUS +++ [pid 555] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=555, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 30.442214][ T557] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-556: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 561 ./strace-static-x86_64: Process 561 attached [pid 561] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 561] chdir("./46"executing program ) = 0 [pid 561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 561] setpgid(0, 0) = 0 [pid 561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 561] write(3, "1000", 4) = 4 [pid 561] close(3) = 0 [pid 561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 561] write(1, "executing program\n", 18) = 18 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 561] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 561] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 561] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 561] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[562]}, 88) = 562 ./strace-static-x86_64: Process 562 attached [pid 561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 562] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 562] <... futex resumed>) = 1 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 562] memfd_create("syzkaller", 0) = 5 [pid 562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 562] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 562] munmap(0x7fcb118d2000, 138412032) = 0 [pid 562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 562] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 562] close(5) = 0 [pid 562] close(6) = 0 [pid 562] mkdir("./file0", 0777) = 0 [pid 562] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 562] chdir("./file0") = 0 [pid 562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 562] ioctl(6, LOOP_CLR_FD) = 0 [pid 562] close(6) = 0 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [pid 562] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [pid 562] write(6, "#! ./file1\n", 11) = 11 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [pid 562] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 562] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [pid 562] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 561] <... futex resumed>) = ? [pid 562] +++ killed by SIGBUS +++ [pid 561] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=561, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 30.579754][ T562] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.611281][ T563] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-562: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 567 ./strace-static-x86_64: Process 567 attached [pid 567] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 567] chdir("./47") = 0 [pid 567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 567] setpgid(0, 0) = 0 [pid 567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 567] write(3, "1000", 4) = 4 [pid 567] close(3) = 0 [pid 567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 567] write(1, "executing program\n", 18executing program ) = 18 [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 567] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 567] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 567] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 567] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 568 attached => {parent_tid=[568]}, 88) = 568 [pid 568] set_robust_list(0x7fcb19cf29a0, 24 [pid 567] rt_sigprocmask(SIG_SETMASK, [], [pid 568] <... set_robust_list resumed>) = 0 [pid 567] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 568] rt_sigprocmask(SIG_SETMASK, [], [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 568] <... futex resumed>) = 1 [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] ioctl(3, VHOST_SET_OWNER [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... ioctl resumed>, 0) = 0 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 568] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... futex resumed>) = 0 [pid 567] <... futex resumed>) = 1 [pid 568] ioctl(3, VHOST_SET_VRING_ADDR [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... ioctl resumed>, 0x200000000300) = 0 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 568] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 567] <... futex resumed>) = 0 [pid 568] eventfd2(118, EFD_SEMAPHORE [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... eventfd2 resumed>) = 4 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] ioctl(3, VHOST_SET_VRING_ERR [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 568] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 568] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... ioctl resumed>, 0x200000000140) = 0 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 568] memfd_create("syzkaller", 0) = 5 [pid 568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 568] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 568] munmap(0x7fcb118d2000, 138412032) = 0 [pid 568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 568] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 568] close(5) = 0 [pid 568] close(6) = 0 [pid 568] mkdir("./file0", 0777) = 0 [pid 568] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 568] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 568] chdir("./file0") = 0 [pid 568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 568] ioctl(6, LOOP_CLR_FD) = 0 [pid 568] close(6) = 0 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... futex resumed>) = 1 [pid 568] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... futex resumed>) = 1 [pid 568] write(6, "#! ./file1\n", 11) = 11 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... futex resumed>) = 1 [pid 568] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 568] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 30.739636][ T568] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 567] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... futex resumed>) = 1 [pid 568] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 567] <... futex resumed>) = ? [pid 568] +++ killed by SIGBUS +++ [pid 567] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=567, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 30.782519][ T569] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-568: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 573 ./strace-static-x86_64: Process 573 attached [pid 573] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 573] chdir("./48") = 0 [pid 573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 573] setpgid(0, 0) = 0 [pid 573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 573] write(3, "1000", 4) = 4 [pid 573] close(3) = 0 [pid 573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 573] write(1, "executing program\n", 18executing program ) = 18 [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 573] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 573] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 574 attached => {parent_tid=[574]}, 88) = 574 [pid 574] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 574] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 574] <... futex resumed>) = 0 [pid 574] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 574] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 574] <... futex resumed>) = 0 [pid 574] ioctl(3, VHOST_SET_OWNER [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... ioctl resumed>, 0) = 0 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 574] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 574] <... futex resumed>) = 0 [pid 574] ioctl(3, VHOST_SET_VRING_ADDR [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... ioctl resumed>, 0x200000000300) = 0 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 574] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 574] <... futex resumed>) = 0 [pid 574] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 574] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 574] <... futex resumed>) = 0 [pid 574] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 574] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 574] <... futex resumed>) = 0 [pid 574] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 574] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 574] <... futex resumed>) = 0 [pid 574] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 574] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 574] <... futex resumed>) = 0 [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 573] <... futex resumed>) = 0 [pid 574] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 574] <... ioctl resumed>, 0x200000000140) = 0 [pid 573] <... futex resumed>) = 0 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 0 [pid 574] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 574] memfd_create("syzkaller", 0 [pid 573] <... futex resumed>) = 0 [pid 574] <... memfd_create resumed>) = 5 [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 574] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 574] munmap(0x7fcb118d2000, 138412032) = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 574] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 574] close(5) = 0 [pid 574] close(6) = 0 [pid 574] mkdir("./file0", 0777) = 0 [pid 574] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 574] chdir("./file0") = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 574] ioctl(6, LOOP_CLR_FD) = 0 [pid 574] close(6) = 0 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] write(6, "#! ./file1\n", 11) = 11 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 574] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 573] <... futex resumed>) = ? [pid 574] +++ killed by SIGBUS +++ [pid 573] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=573, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 30.959517][ T574] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.988943][ T575] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-574: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 579 ./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 579] chdir("./49") = 0 [pid 579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 579] setpgid(0, 0) = 0 [pid 579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 579] write(3, "1000", 4) = 4 [pid 579] close(3) = 0 [pid 579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 579] write(1, "executing program\n", 18executing program ) = 18 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 579] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 579] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 579] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 580 attached => {parent_tid=[580]}, 88) = 580 [pid 580] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 580] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 580] <... futex resumed>) = 0 [pid 580] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... futex resumed>) = 0 [pid 579] <... futex resumed>) = 1 [pid 580] ioctl(3, VHOST_SET_OWNER [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... ioctl resumed>, 0) = 0 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... futex resumed>) = 0 [pid 579] <... futex resumed>) = 1 [pid 580] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 580] <... futex resumed>) = 0 [pid 580] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... futex resumed>) = 0 [pid 579] <... futex resumed>) = 1 [pid 580] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 580] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] <... futex resumed>) = 0 [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 580] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 579] <... futex resumed>) = 0 [pid 580] ioctl(3, VHOST_SET_VRING_ADDR [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... ioctl resumed>, 0x200000000240) = 0 [pid 579] <... futex resumed>) = 0 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... futex resumed>) = 0 [pid 579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 580] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... futex resumed>) = 0 [pid 579] <... futex resumed>) = 1 [pid 580] ioctl(3, VHOST_SET_VRING_KICK [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... ioctl resumed>, 0x200000000000) = 0 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 580] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] <... futex resumed>) = 0 [pid 580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 579] <... futex resumed>) = 0 [pid 580] <... ioctl resumed>, 0x200000000140) = 0 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 579] <... futex resumed>) = 0 [pid 580] memfd_create("syzkaller", 0 [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... memfd_create resumed>) = 5 [pid 579] <... futex resumed>) = 0 [pid 580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 580] <... mmap resumed>) = 0x7fcb118d2000 [pid 580] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 580] munmap(0x7fcb118d2000, 138412032) = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 580] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 580] close(5) = 0 [pid 580] close(6) = 0 [pid 580] mkdir("./file0", 0777) = 0 [pid 580] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 580] chdir("./file0") = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 580] ioctl(6, LOOP_CLR_FD) = 0 [pid 580] close(6) = 0 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = 0 [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... futex resumed>) = 1 [pid 580] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = 0 [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... futex resumed>) = 1 [pid 580] write(6, "#! ./file1\n", 11) = 11 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = 0 [pid 580] <... futex resumed>) = 1 [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 579] <... futex resumed>) = 0 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... mmap resumed>) = 0x200000000000 [pid 580] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = 0 [pid 579] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... futex resumed>) = 1 [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 579] <... futex resumed>) = ? [pid 580] +++ killed by SIGBUS +++ [pid 579] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=579, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 31.229505][ T580] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.257889][ T581] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-580: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 executing program ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 585 ./strace-static-x86_64: Process 585 attached [pid 585] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 585] chdir("./50") = 0 [pid 585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 585] setpgid(0, 0) = 0 [pid 585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 585] write(3, "1000", 4) = 4 [pid 585] close(3) = 0 [pid 585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 585] write(1, "executing program\n", 18) = 18 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 585] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 585] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 586 attached => {parent_tid=[586]}, 88) = 586 [pid 585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 586] set_robust_list(0x7fcb19cf29a0, 24 [pid 585] <... futex resumed>) = 0 [pid 586] <... set_robust_list resumed>) = 0 [pid 586] rt_sigprocmask(SIG_SETMASK, [], [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 586] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 586] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = 0 [pid 586] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 586] ioctl(3, VHOST_SET_MEM_TABLE [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... ioctl resumed>, 0x200000003380) = 0 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 586] eventfd2(118, EFD_SEMAPHORE [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... eventfd2 resumed>) = 4 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] <... futex resumed>) = 0 [pid 586] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 586] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] <... futex resumed>) = 0 [pid 586] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 586] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 586] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... ioctl resumed>, 0x200000000140) = 0 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 586] memfd_create("syzkaller", 0) = 5 [pid 586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 586] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 586] munmap(0x7fcb118d2000, 138412032) = 0 [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 586] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 586] close(5) = 0 [pid 586] close(6) = 0 [pid 586] mkdir("./file0", 0777) = 0 [pid 586] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 586] chdir("./file0") = 0 [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 586] ioctl(6, LOOP_CLR_FD) = 0 [pid 586] close(6) = 0 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = 1 [pid 586] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = 1 [pid 586] write(6, "#! ./file1\n", 11) = 11 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = 1 [pid 586] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 586] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] <... futex resumed>) = 1 [pid 586] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 585] <... futex resumed>) = ? [pid 586] +++ killed by SIGBUS +++ [pid 585] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=585, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 31.377804][ T586] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.404898][ T586] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 591 ./strace-static-x86_64: Process 591 attached [pid 591] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 591] chdir("./51") = 0 [pid 591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 591] setpgid(0, 0) = 0 [pid 591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 591] write(3, "1000", 4) = 4 [pid 591] close(3) = 0 [pid 591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 591] write(1, "executing program\n", 18executing program ) = 18 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 591] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 591] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 592 attached => {parent_tid=[592]}, 88) = 592 [pid 592] set_robust_list(0x7fcb19cf29a0, 24 [pid 591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... set_robust_list resumed>) = 0 [pid 592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 592] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] <... futex resumed>) = 0 [pid 592] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 592] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] <... futex resumed>) = 0 [pid 592] ioctl(3, VHOST_SET_MEM_TABLE [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... ioctl resumed>, 0x200000003380) = 0 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] <... futex resumed>) = 0 [pid 592] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 592] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] <... futex resumed>) = 0 [pid 592] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 591] <... futex resumed>) = 0 [pid 592] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 592] <... ioctl resumed>, 0x200000000140) = 0 [pid 591] <... futex resumed>) = 0 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... futex resumed>) = 0 [pid 591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 592] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 592] memfd_create("syzkaller", 0) = 5 [pid 592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 592] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 592] munmap(0x7fcb118d2000, 138412032) = 0 [pid 592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 592] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 592] close(5) = 0 [pid 592] close(6) = 0 [pid 592] mkdir("./file0", 0777) = 0 [pid 592] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 592] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 592] chdir("./file0") = 0 [pid 592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 592] ioctl(6, LOOP_CLR_FD) = 0 [pid 592] close(6) = 0 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... futex resumed>) = 1 [pid 592] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... futex resumed>) = 1 [pid 592] write(6, "#! ./file1\n", 11) = 11 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... futex resumed>) = 1 [pid 592] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 592] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... futex resumed>) = 1 [pid 592] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 591] <... futex resumed>) = ? [pid 592] +++ killed by SIGBUS +++ [pid 591] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=591, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 31.579578][ T592] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.605592][ T593] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-592: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 597 ./strace-static-x86_64: Process 597 attached [pid 597] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 597] chdir("./52") = 0 [pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 597] setpgid(0, 0) = 0 [pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 597] write(3, "1000", 4) = 4 [pid 597] close(3) = 0 [pid 597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 597] write(1, "executing program\n", 18executing program ) = 18 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 597] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 598 attached => {parent_tid=[598]}, 88) = 598 [pid 598] set_robust_list(0x7fcb19cf29a0, 24 [pid 597] rt_sigprocmask(SIG_SETMASK, [], [pid 598] <... set_robust_list resumed>) = 0 [pid 597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 598] rt_sigprocmask(SIG_SETMASK, [], [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 597] <... futex resumed>) = 0 [pid 598] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... openat resumed>) = 3 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 598] <... futex resumed>) = 1 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] ioctl(3, VHOST_SET_OWNER [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... ioctl resumed>, 0) = 0 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 597] <... futex resumed>) = 0 [pid 598] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 597] <... futex resumed>) = 0 [pid 598] ioctl(3, VHOST_SET_VRING_ADDR [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... ioctl resumed>, 0x200000000300) = 0 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 598] <... futex resumed>) = 1 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] ioctl(3, VHOST_SET_MEM_TABLE [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... ioctl resumed>, 0x200000003380) = 0 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 598] <... futex resumed>) = 1 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] eventfd2(118, EFD_SEMAPHORE [pid 597] <... futex resumed>) = 0 [pid 598] <... eventfd2 resumed>) = 4 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 598] <... futex resumed>) = 0 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] ioctl(3, VHOST_SET_VRING_ERR [pid 597] <... futex resumed>) = 0 [pid 598] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 598] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 597] <... futex resumed>) = 0 [pid 598] ioctl(3, VHOST_SET_VRING_ADDR [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... ioctl resumed>, 0x200000000240) = 0 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 597] <... futex resumed>) = 0 [pid 598] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 597] <... futex resumed>) = 0 [pid 598] ioctl(3, VHOST_SET_VRING_KICK [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... ioctl resumed>, 0x200000000000) = 0 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 598] <... futex resumed>) = 1 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 598] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... ioctl resumed>, 0x200000000140) = 0 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 598] <... futex resumed>) = 1 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 598] memfd_create("syzkaller", 0 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 598] <... memfd_create resumed>) = 5 [pid 598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 598] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 598] munmap(0x7fcb118d2000, 138412032) = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 598] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 598] close(5) = 0 [pid 598] close(6) = 0 [pid 598] mkdir("./file0", 0777) = 0 [pid 598] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 598] chdir("./file0") = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 598] ioctl(6, LOOP_CLR_FD) = 0 [pid 598] close(6) = 0 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... futex resumed>) = 1 [pid 598] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... futex resumed>) = 1 [pid 598] write(6, "#! ./file1\n", 11) = 11 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... futex resumed>) = 1 [pid 598] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 598] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 598] <... futex resumed>) = 1 [pid 598] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 597] <... futex resumed>) = ? [pid 598] +++ killed by SIGBUS +++ [pid 597] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=597, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 31.819648][ T598] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.848006][ T598] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 603 ./strace-static-x86_64: Process 603 attached [pid 603] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 603] chdir("./53") = 0 [pid 603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 603] setpgid(0, 0) = 0 [pid 603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 603] write(3, "1000", 4) = 4 [pid 603] close(3) = 0 [pid 603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 603] write(1, "executing program\n", 18) = 18 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 603] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[604]}, 88) = 604 ./strace-static-x86_64: Process 604 attached [pid 603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 604] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 604] memfd_create("syzkaller", 0) = 5 [pid 604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 604] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 604] munmap(0x7fcb118d2000, 138412032) = 0 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 604] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 604] close(5) = 0 [pid 604] close(6) = 0 [pid 604] mkdir("./file0", 0777) = 0 [pid 604] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 604] chdir("./file0") = 0 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 604] ioctl(6, LOOP_CLR_FD) = 0 [pid 604] close(6) = 0 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... futex resumed>) = 1 [pid 604] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... futex resumed>) = 1 [pid 604] write(6, "#! ./file1\n", 11) = 11 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... futex resumed>) = 1 [pid 604] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 604] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... futex resumed>) = 1 [ 31.969597][ T604] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 604] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 603] <... futex resumed>) = ? [pid 604] +++ killed by SIGBUS +++ [pid 603] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=603, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 32.011068][ T604] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 609 ./strace-static-x86_64: Process 609 attached [pid 609] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 609] chdir("./54") = 0 [pid 609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 609] setpgid(0, 0) = 0 [pid 609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 609] write(3, "1000", 4) = 4 [pid 609] close(3) = 0 [pid 609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 609] write(1, "executing program\n", 18executing program ) = 18 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 609] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 610 attached => {parent_tid=[610]}, 88) = 610 [pid 610] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 610] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 610] <... futex resumed>) = 0 [pid 610] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] <... openat resumed>) = 3 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 610] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 610] <... futex resumed>) = 0 [pid 610] ioctl(3, VHOST_SET_OWNER [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] <... ioctl resumed>, 0) = 0 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 610] ioctl(3, VHOST_SET_VRING_ADDR [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] <... ioctl resumed>, 0x200000000240) = 0 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 610] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 610] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 610] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 610] memfd_create("syzkaller", 0) = 5 [pid 610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 610] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 610] munmap(0x7fcb118d2000, 138412032) = 0 [pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 610] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 610] close(5) = 0 [pid 610] close(6) = 0 [pid 610] mkdir("./file0", 0777) = 0 [pid 610] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 610] chdir("./file0") = 0 [pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 610] ioctl(6, LOOP_CLR_FD) = 0 [pid 610] close(6) = 0 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] write(6, "#! ./file1\n", 11) = 11 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 610] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] <... futex resumed>) = 1 [pid 610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 609] <... futex resumed>) = ? [pid 610] +++ killed by SIGBUS +++ [pid 609] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=609, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 32.139645][ T610] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.171359][ T611] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-610: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 615 ./strace-static-x86_64: Process 615 attached [pid 615] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 615] chdir("./55") = 0 [pid 615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 615] setpgid(0, 0) = 0 [pid 615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 615] write(3, "1000", 4) = 4 [pid 615] close(3) = 0 [pid 615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 615] write(1, "executing program\n", 18executing program ) = 18 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 615] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 615] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[616]}, 88) = 616 [pid 615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 616 attached ) = 0 [pid 616] set_robust_list(0x7fcb19cf29a0, 24 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... set_robust_list resumed>) = 0 [pid 616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 616] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 616] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 616] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 616] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 616] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 616] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... ioctl resumed>, 0x200000000140) = 0 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 616] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 616] memfd_create("syzkaller", 0) = 5 [pid 616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 616] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 616] munmap(0x7fcb118d2000, 138412032) = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 616] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 616] close(5) = 0 [pid 616] close(6) = 0 [pid 616] mkdir("./file0", 0777) = 0 [pid 616] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 616] chdir("./file0") = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 616] ioctl(6, LOOP_CLR_FD) = 0 [pid 616] close(6) = 0 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] write(6, "#! ./file1\n", 11) = 11 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 616] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... futex resumed>) = 1 [pid 616] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 615] <... futex resumed>) = ? [pid 616] +++ killed by SIGBUS +++ [pid 615] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=615, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 32.388979][ T616] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.419275][ T617] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-616: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 621 ./strace-static-x86_64: Process 621 attached [pid 621] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 621] chdir("./56") = 0 [pid 621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 621] setpgid(0, 0) = 0 [pid 621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 621] write(3, "1000", 4) = 4 [pid 621] close(3) = 0 [pid 621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 621] write(1, "executing program\n", 18executing program ) = 18 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 621] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 622 attached => {parent_tid=[622]}, 88) = 622 [pid 622] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 622] <... futex resumed>) = 0 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 622] <... futex resumed>) = 0 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 621] <... futex resumed>) = 0 [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = 0 [pid 621] <... futex resumed>) = 1 [pid 622] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = 0 [pid 621] <... futex resumed>) = 1 [pid 622] ioctl(3, VHOST_SET_MEM_TABLE [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... ioctl resumed>, 0x200000003380) = 0 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = 0 [pid 621] <... futex resumed>) = 1 [pid 622] eventfd2(118, EFD_SEMAPHORE [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... eventfd2 resumed>) = 4 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 622] <... futex resumed>) = 0 [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 622] ioctl(3, VHOST_SET_VRING_ERR [pid 621] <... futex resumed>) = 0 [pid 622] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 0 [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = 0 [pid 622] ioctl(3, VHOST_SET_VRING_ADDR [pid 621] <... futex resumed>) = 1 [pid 622] <... ioctl resumed>, 0x200000000240) = 0 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 0 [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = 0 [pid 622] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 621] <... futex resumed>) = 1 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 622] <... futex resumed>) = 0 [pid 622] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... ioctl resumed>, 0x200000000140) = 0 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 622] <... futex resumed>) = 0 [pid 622] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 622] memfd_create("syzkaller", 0) = 5 [pid 622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 622] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 622] munmap(0x7fcb118d2000, 138412032) = 0 [pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 622] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 622] close(5) = 0 [pid 622] close(6) = 0 [pid 622] mkdir("./file0", 0777) = 0 [pid 622] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 622] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 622] chdir("./file0") = 0 [pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 622] ioctl(6, LOOP_CLR_FD) = 0 [pid 622] close(6) = 0 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] write(6, "#! ./file1\n", 11) = 11 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 622] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 622] <... futex resumed>) = 1 [pid 622] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 621] <... futex resumed>) = ? [pid 622] +++ killed by SIGBUS +++ [pid 621] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=621, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 32.619294][ T622] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.650904][ T623] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-622: bg 0: block 234: padding at end of block bitmap is not set umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 627 ./strace-static-x86_64: Process 627 attached [pid 627] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 627] chdir("./57") = 0 [pid 627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 627] setpgid(0, 0) = 0 [pid 627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 627] write(3, "1000", 4) = 4 [pid 627] close(3) = 0 [pid 627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 627] write(1, "executing program\n", 18executing program ) = 18 [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 627] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 628 attached => {parent_tid=[628]}, 88) = 628 [pid 628] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... openat resumed>) = 3 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] ioctl(3, VHOST_SET_OWNER [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... ioctl resumed>, 0) = 0 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] <... futex resumed>) = 0 [pid 627] <... futex resumed>) = 1 [pid 628] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] <... futex resumed>) = 0 [pid 627] <... futex resumed>) = 1 [pid 628] memfd_create("syzkaller", 0) = 5 [pid 628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 628] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 628] <... write resumed>) = 1048576 [pid 628] munmap(0x7fcb118d2000, 138412032) = 0 [pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 628] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 628] close(5) = 0 [pid 628] close(6) = 0 [pid 628] mkdir("./file0", 0777) = 0 [pid 628] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 628] chdir("./file0") = 0 [pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 628] ioctl(6, LOOP_CLR_FD) = 0 [pid 628] close(6) = 0 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... futex resumed>) = 1 [pid 628] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] write(6, "#! ./file1\n", 11) = 11 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 628] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.859716][ T628] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 627] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 627] <... futex resumed>) = ? [pid 628] +++ killed by SIGBUS +++ [pid 627] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=627, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 32.900702][ T628] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 633 attached , child_tidptr=0x55557a11e690) = 633 [pid 633] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 633] chdir("./58") = 0 [pid 633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 633] setpgid(0, 0) = 0 [pid 633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 633] write(3, "1000", 4) = 4 [pid 633] close(3) = 0 [pid 633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 633] write(1, "executing program\n", 18executing program ) = 18 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 633] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 634 attached [pid 634] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 634] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] <... clone3 resumed> => {parent_tid=[634]}, 88) = 634 [pid 633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 634] <... futex resumed>) = 0 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] ioctl(3, VHOST_SET_OWNER [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... ioctl resumed>, 0) = 0 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 634] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 634] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 633] <... futex resumed>) = 0 [pid 634] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 633] <... futex resumed>) = 1 [pid 634] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 634] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 634] ioctl(3, VHOST_SET_VRING_ADDR [pid 633] <... futex resumed>) = 0 [pid 634] <... ioctl resumed>, 0x200000000240) = 0 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 633] <... futex resumed>) = 1 [pid 634] ioctl(3, VHOST_SET_VRING_KICK [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... ioctl resumed>, 0x200000000000) = 0 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 634] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 633] <... futex resumed>) = 0 [pid 634] <... ioctl resumed>, 0x200000000140) = 0 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 0 [pid 633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 634] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 633] <... futex resumed>) = 1 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 634] memfd_create("syzkaller", 0) = 5 [pid 634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 634] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 634] munmap(0x7fcb118d2000, 138412032) = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 634] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 634] close(5) = 0 [pid 634] close(6) = 0 [pid 634] mkdir("./file0", 0777) = 0 [pid 634] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 634] chdir("./file0") = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 634] ioctl(6, LOOP_CLR_FD) = 0 [pid 634] close(6) = 0 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] write(6, "#! ./file1\n", 11) = 11 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [pid 634] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 634] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 1 [ 33.059666][ T634] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 634] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 633] <... futex resumed>) = ? [pid 634] +++ killed by SIGBUS +++ [pid 633] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=633, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 33.101705][ T635] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-634: bg 0: block 234: padding at end of block bitmap is not set umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 639 ./strace-static-x86_64: Process 639 attached [pid 639] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 639] chdir("./59") = 0 [pid 639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 639] setpgid(0, 0) = 0 [pid 639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 639] write(3, "1000", 4) = 4 [pid 639] close(3) = 0 [pid 639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 639] write(1, "executing program\n", 18executing program ) = 18 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 639] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 639] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 640 attached [pid 640] set_robust_list(0x7fcb19cf29a0, 24 [pid 639] <... clone3 resumed> => {parent_tid=[640]}, 88) = 640 [pid 640] <... set_robust_list resumed>) = 0 [pid 639] rt_sigprocmask(SIG_SETMASK, [], [pid 640] rt_sigprocmask(SIG_SETMASK, [], [pid 639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... openat resumed>) = 3 [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 640] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 639] <... futex resumed>) = 0 [pid 640] ioctl(3, VHOST_SET_OWNER [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... ioctl resumed>, 0) = 0 [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] ioctl(3, VHOST_SET_VRING_ADDR [pid 639] <... futex resumed>) = 0 [pid 640] <... ioctl resumed>, 0x200000000300) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 640] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] ioctl(3, VHOST_SET_MEM_TABLE [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... ioctl resumed>, 0x200000003380) = 0 [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = 0 [pid 640] <... futex resumed>) = 1 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] eventfd2(118, EFD_SEMAPHORE [pid 639] <... futex resumed>) = 0 [pid 640] <... eventfd2 resumed>) = 4 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 640] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] ioctl(3, VHOST_SET_VRING_ERR [pid 639] <... futex resumed>) = 0 [pid 640] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 640] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] ioctl(3, VHOST_SET_VRING_ADDR [pid 639] <... futex resumed>) = 0 [pid 640] <... ioctl resumed>, 0x200000000240) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 640] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] ioctl(3, VHOST_SET_VRING_KICK [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... ioctl resumed>, 0x200000000000) = 0 [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = 0 [pid 640] <... futex resumed>) = 1 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... ioctl resumed>, 0x200000000140) = 0 [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = 0 [pid 640] <... futex resumed>) = 1 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 640] memfd_create("syzkaller", 0) = 5 [pid 640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 640] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 640] munmap(0x7fcb118d2000, 138412032) = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 640] close(5) = 0 [pid 640] close(6) = 0 [pid 640] mkdir("./file0", 0777) = 0 [pid 640] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 640] chdir("./file0") = 0 [pid 640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 640] ioctl(6, LOOP_CLR_FD) = 0 [pid 640] close(6) = 0 [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 1 [pid 640] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 1 [pid 640] write(6, "#! ./file1\n", 11) = 11 [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 1 [pid 640] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 640] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = 0 [pid 639] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 1 [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 639] <... futex resumed>) = ? [pid 640] +++ killed by SIGBUS +++ [pid 639] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=639, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 33.259697][ T640] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.288830][ T640] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor270: bg 0: block 234: padding at end of block bitmap is not set umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 645 ./strace-static-x86_64: Process 645 attached [pid 645] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 645] chdir("./60") = 0 [pid 645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 645] setpgid(0, 0) = 0 [pid 645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 645] write(3, "1000", 4) = 4 [pid 645] close(3) = 0 [pid 645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 645] write(1, "executing program\n", 18executing program ) = 18 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 645] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0}./strace-static-x86_64: Process 646 attached [pid 646] set_robust_list(0x7fcb19cf29a0, 24 [pid 645] <... clone3 resumed> => {parent_tid=[646]}, 88) = 646 [pid 646] <... set_robust_list resumed>) = 0 [pid 645] rt_sigprocmask(SIG_SETMASK, [], [pid 646] rt_sigprocmask(SIG_SETMASK, [], [pid 645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... openat resumed>) = 3 [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 646] <... futex resumed>) = 1 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] ioctl(3, VHOST_SET_OWNER [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... ioctl resumed>, 0) = 0 [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 645] <... futex resumed>) = 0 [pid 646] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 645] <... futex resumed>) = 0 [pid 646] ioctl(3, VHOST_SET_VRING_ADDR [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... ioctl resumed>, 0x200000000300) = 0 [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 646] <... futex resumed>) = 1 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] ioctl(3, VHOST_SET_MEM_TABLE [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... ioctl resumed>, 0x200000003380) = 0 [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 646] <... futex resumed>) = 1 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] eventfd2(118, EFD_SEMAPHORE [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... eventfd2 resumed>) = 4 [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 646] <... futex resumed>) = 1 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] ioctl(3, VHOST_SET_VRING_ERR [pid 645] <... futex resumed>) = 0 [pid 646] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] ioctl(3, VHOST_SET_VRING_ADDR [pid 645] <... futex resumed>) = 0 [pid 646] <... ioctl resumed>, 0x200000000240) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] ioctl(3, VHOST_SET_VRING_KICK [pid 645] <... futex resumed>) = 0 [pid 646] <... ioctl resumed>, 0x200000000000) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 645] <... futex resumed>) = 0 [pid 646] <... ioctl resumed>, 0x200000000140) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 646] memfd_create("syzkaller", 0) = 5 [pid 646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 646] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 646] munmap(0x7fcb118d2000, 138412032) = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 646] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 646] close(5) = 0 [pid 646] close(6) = 0 [pid 646] mkdir("./file0", 0777) = 0 [pid 646] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 646] chdir("./file0") = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 646] ioctl(6, LOOP_CLR_FD) = 0 [pid 646] close(6) = 0 [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] write(6, "#! ./file1\n", 11) = 11 [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 646] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... futex resumed>) = 0 [pid 645] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 645] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... futex resumed>) = 1 [pid 646] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 645] <... futex resumed>) = ? [pid 646] +++ killed by SIGBUS +++ [pid 645] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=645, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 33.453878][ T646] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.486105][ T647] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-646: bg 0: block 234: padding at end of block bitmap is not set umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557a127770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557a127770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x55557a11f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557a11e690) = 651 ./strace-static-x86_64: Process 651 attached [pid 651] set_robust_list(0x55557a11e6a0, 24) = 0 [pid 651] chdir("./61") = 0 [pid 651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 651] setpgid(0, 0) = 0 [pid 651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 651] write(3, "1000", 4) = 4 [pid 651] close(3) = 0 [pid 651] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 651] write(1, "executing program\n", 18) = 18 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] rt_sigaction(SIGRT_1, {sa_handler=0x7fcb19d5c5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcb19d4d760}, NULL, 8) = 0 [pid 651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcb19cd2000 [pid 651] mprotect(0x7fcb19cd3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcb19cf2990, parent_tid=0x7fcb19cf2990, exit_signal=0, stack=0x7fcb19cd2000, stack_size=0x20300, tls=0x7fcb19cf26c0} => {parent_tid=[652]}, 88) = 652 [pid 651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 652 attached [pid 652] set_robust_list(0x7fcb19cf29a0, 24) = 0 [pid 652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 652] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 1 [pid 652] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 652] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 652] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 652] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 652] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] ioctl(3, VHOST_SET_VRING_ADDR [pid 651] <... futex resumed>) = 0 [pid 652] <... ioctl resumed>, 0x200000000240) = 0 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 0 [pid 652] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = 1 [pid 652] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 0 [pid 652] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = 1 [pid 652] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = 1 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 652] memfd_create("syzkaller", 0) = 5 [pid 652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb118d2000 [pid 652] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 652] munmap(0x7fcb118d2000, 138412032) = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 652] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 652] close(5) = 0 [pid 652] close(6) = 0 [pid 652] mkdir("./file0", 0777) = 0 [pid 652] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 652] chdir("./file0") = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 652] ioctl(6, LOOP_CLR_FD) = 0 [pid 652] close(6) = 0 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] write(6, "#! ./file1\n", 11) = 11 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 651] <... futex resumed>) = 0 [pid 652] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... mmap resumed>) = 0x200000000000 [pid 651] <... futex resumed>) = 0 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] ioctl(-1, KVM_SET_IRQCHIP, 0x200000000280 [pid 651] futex(0x7fcb19dbe6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 651] <... futex resumed>) = 0 [pid 652] futex(0x7fcb19dbe6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] futex(0x7fcb19dbe6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 652] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] futex(0x7fcb19dbe6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 651] exit_group(0 [pid 652] <... futex resumed>) = ? [pid 651] <... exit_group resumed>) = ? [pid 652] +++ exited with 0 +++ [pid 651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=651, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557a11f730 /* 4 entries */, 32768) = 112 [ 33.649741][ T652] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.682223][ T653] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-652: bg 0: block 234: padding at end of block bitmap is not set [ 33.708939][ T308] ------------[ cut here ]------------ [ 33.714782][ T308] kernel BUG at fs/ext4/inode.c:2778! [ 33.720652][ T308] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 33.726720][ T308] CPU: 1 PID: 308 Comm: kworker/u4:3 Not tainted 5.10.238-syzkaller-00282-gd76d4cd0623a #0 [ 33.736761][ T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 33.746844][ T308] Workqueue: writeback wb_workfn (flush-7:0) [ 33.752813][ T308] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 33.758512][ T308] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 33.778192][ T308] RSP: 0018:ffffc90000cb7180 EFLAGS: 00010293 [ 33.784251][ T308] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88811d83bb40 [ 33.792203][ T308] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 33.800153][ T308] RBP: ffffc90000cb74f0 R08: dffffc0000000000 R09: ffffed10242ceb1e [ 33.808120][ T308] R10: ffffed10242ceb1e R11: 1ffff110242ceb1d R12: dffffc0000000000 [ 33.816075][ T308] R13: ffff8881019f5000 R14: 0000008000000000 R15: ffff8881216758e8 [ 33.824031][ T308] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 33.832957][ T308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.839520][ T308] CR2: 0000000000000002 CR3: 000000011e574000 CR4: 00000000003506a0 [ 33.847474][ T308] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.855438][ T308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.863476][ T308] Call Trace: [ 33.866761][ T308] ? __kasan_check_write+0x14/0x20 [ 33.871867][ T308] ? _raw_spin_lock+0x8e/0xe0 [ 33.876532][ T308] ? update_load_avg+0xdf5/0x14f0 [ 33.881537][ T308] ? ext4_readpage+0x220/0x220 [ 33.886279][ T308] ? enqueue_task_fair+0xac3/0x2250 [ 33.891918][ T308] ? memset+0x35/0x40 [ 33.896060][ T308] ? ___update_load_sum+0x48e/0x7e0 [ 33.901262][ T308] ? update_load_avg+0x4dc/0x14f0 [ 33.906283][ T308] ? ext4_readpage+0x220/0x220 [ 33.911169][ T308] do_writepages+0x12a/0x270 [ 33.915851][ T308] ? __writepage+0x130/0x130 [ 33.920430][ T308] ? __kasan_check_write+0x14/0x20 [ 33.925531][ T308] ? _raw_spin_lock+0x8e/0xe0 [ 33.930197][ T308] ? __kasan_check_write+0x14/0x20 [ 33.935297][ T308] __writeback_single_inode+0xd5/0xa20 [ 33.940744][ T308] ? wbc_attach_and_unlock_inode+0x385/0x590 [ 33.946714][ T308] writeback_sb_inodes+0x860/0x1400 [ 33.952510][ T308] ? queue_io+0x4c0/0x4c0 [ 33.956928][ T308] ? __kasan_check_read+0x11/0x20 [ 33.961941][ T308] ? queue_io+0x385/0x4c0 [ 33.966262][ T308] wb_writeback+0x3e3/0xb90 [ 33.970760][ T308] ? wb_io_lists_depopulated+0x180/0x180 [ 33.976385][ T308] ? set_worker_desc+0x155/0x1c0 [ 33.981307][ T308] ? sched_clock_cpu+0x1b/0x3d0 [ 33.986156][ T308] ? __kasan_check_write+0x14/0x20 [ 33.991257][ T308] wb_workfn+0x38f/0xe20 [ 33.995586][ T308] ? inode_wait_for_writeback+0x200/0x200 [ 34.001292][ T308] ? _raw_spin_unlock_irq+0x49/0x70 [ 34.006479][ T308] ? _raw_spin_unlock_irq+0x4e/0x70 [ 34.011665][ T308] ? finish_task_switch+0x12e/0x5a0 [ 34.016937][ T308] ? __switch_to_asm+0x34/0x60 [ 34.021689][ T308] ? __schedule+0xb4f/0x1310 [ 34.026268][ T308] ? __kasan_check_read+0x11/0x20 [ 34.031284][ T308] ? read_word_at_a_time+0x12/0x20 [ 34.036558][ T308] ? strscpy+0x9b/0x290 [ 34.040700][ T308] process_one_work+0x6e1/0xba0 [ 34.045538][ T308] worker_thread+0xa6a/0x13b0 [ 34.050202][ T308] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 34.056276][ T308] ? __kasan_check_read+0x11/0x20 [ 34.061320][ T308] kthread+0x346/0x3d0 [ 34.065385][ T308] ? worker_clr_flags+0x190/0x190 [ 34.070496][ T308] ? kthread_blkcg+0xd0/0xd0 [ 34.075074][ T308] ret_from_fork+0x1f/0x30 [ 34.079478][ T308] Modules linked in: [ 34.083488][ T308] ---[ end trace baca29fb6a3f5f83 ]--- [ 34.089101][ T308] RIP: 0010:ext4_writepages+0x2ddb/0x2e00 [ 34.094836][ T308] Code: 39 94 ff 84 db 75 31 e8 b3 36 94 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 6c 24 30 48 8b 5c 24 38 e9 21 f8 ff ff e8 95 36 94 ff <0f> 0b e8 8e 36 94 ff e8 65 0d 31 ff eb 98 e8 82 36 94 ff e8 59 0d [ 34.114891][ T308] RSP: 0018:ffffc90000cb7180 EFLAGS: 00010293 [ 34.120966][ T308] RAX: ffffffff81cf5d7b RBX: 0000008410000000 RCX: ffff88811d83bb40 [ 34.128956][ T308] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 34.136923][ T308] RBP: ffffc90000cb74f0 R08: dffffc0000000000 R09: ffffed10242ceb1e [ 34.144917][ T308] R10: ffffed10242ceb1e R11: 1ffff110242ceb1d R12: dffffc0000000000 [ 34.153180][ T308] R13: ffff8881019f5000 R14: 0000008000000000 R15: ffff8881216758e8 [ 34.161162][ T308] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 34.170388][ T308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.176962][ T308] CR2: 0000000000000002 CR3: 000000011e574000 CR4: 00000000003506a0 [ 34.184949][ T308] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.192930][ T308] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.200913][ T308] Kernel panic - not syncing: Fatal exception [ 34.201798][ T24] kauditd_printk_skb: 6 callbacks suppressed [ 34.201808][ T24] audit: type=1400 audit(1750390103.730:80): avc: denied { read } for pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 34.213392][ T308] Kernel Offset: disabled [ 34.239988][ T308] Rebooting in 86400 seconds..