./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor826405831 <...> Warning: Permanently added '10.128.1.2' (ED25519) to the list of known hosts. execve("./syz-executor826405831", ["./syz-executor826405831"], 0x7fff0a53b0a0 /* 10 vars */) = 0 brk(NULL) = 0x5555830fd000 brk(0x5555830fdd40) = 0x5555830fdd40 arch_prctl(ARCH_SET_FS, 0x5555830fd3c0) = 0 set_tid_address(0x5555830fd690) = 341 set_robust_list(0x5555830fd6a0, 24) = 0 rseq(0x5555830fdce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor826405831", 4096) = 27 getrandom("\xa0\x8a\x19\xf0\x42\xaf\x96\x26", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555830fdd40 brk(0x55558311ed40) = 0x55558311ed40 brk(0x55558311f000) = 0x55558311f000 mprotect(0x7f60f6f81000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.7HvhUZ", 0700) = 0 chmod("./syzkaller.7HvhUZ", 0777) = 0 chdir("./syzkaller.7HvhUZ") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 24.587549][ T23] audit: type=1400 audit(1745973684.790:81): avc: denied { execmem } for pid=341 comm="syz-executor826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555830fd690) = 343 ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 343] chdir("./0") = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 343] write(1, "executing program\n", 18executing program ) = 18 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 343] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0} => {parent_tid=[344]}, 88) = 344 [pid 343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 344] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] memfd_create("syzkaller", 0) = 5 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 344] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 344] munmap(0x7f60eea9b000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 344] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 344] close(5) = 0 [pid 344] close(6) = 0 [pid 344] mkdir("./file0", 0777) = 0 [ 24.622221][ T23] audit: type=1400 audit(1745973684.820:82): avc: denied { read write } for pid=341 comm="syz-executor826" name="loop0" dev="devtmpfs" ino=1176 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.648606][ T23] audit: type=1400 audit(1745973684.820:83): avc: denied { open } for pid=341 comm="syz-executor826" path="/dev/loop0" dev="devtmpfs" ino=1176 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.686670][ T23] audit: type=1400 audit(1745973684.840:84): avc: denied { ioctl } for pid=341 comm="syz-executor826" path="/dev/loop0" dev="devtmpfs" ino=1176 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.712955][ T23] audit: type=1400 audit(1745973684.860:85): avc: denied { read write } for pid=343 comm="syz-executor826" name="vhost-vsock" dev="devtmpfs" ino=10579 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.737429][ T23] audit: type=1400 audit(1745973684.860:86): avc: denied { open } for pid=343 comm="syz-executor826" path="/dev/vhost-vsock" dev="devtmpfs" ino=10579 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.761659][ T23] audit: type=1400 audit(1745973684.860:87): avc: denied { ioctl } for pid=343 comm="syz-executor826" path="/dev/vhost-vsock" dev="devtmpfs" ino=10579 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 344] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 344] chdir("./file0") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 344] ioctl(6, LOOP_CLR_FD) = 0 [pid 344] close(6) = 0 [ 24.762423][ T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.787138][ T23] audit: type=1400 audit(1745973684.890:88): avc: denied { mounton } for pid=343 comm="syz-executor826" path="/root/syzkaller.7HvhUZ/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 343] <... futex resumed>) = 1 [pid 344] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... openat resumed>) = 6 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 343] <... futex resumed>) = 1 [pid 344] write(6, "#! ./file1\n", 11 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... write resumed>) = 11 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 343] <... futex resumed>) = 0 [pid 344] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 343] <... futex resumed>) = 1 [pid 344] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... mmap resumed>) = 0x200000000000 [ 24.833432][ T23] audit: type=1400 audit(1745973685.010:89): avc: denied { mount } for pid=343 comm="syz-executor826" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 24.856896][ T23] audit: type=1400 audit(1745973685.060:90): avc: denied { write } for pid=343 comm="syz-executor826" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 344] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 343] <... futex resumed>) = ? [pid 344] +++ killed by SIGBUS +++ [pid 343] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=343, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 24.881815][ T345] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-344: bg 0: block 234: padding at end of block bitmap is not set umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583106770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583106770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555830fe730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555830fd690) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 349] chdir("./1") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(1, "executing program\n", 18executing program ) = 18 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 349] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0} => {parent_tid=[350]}, 88) = 350 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 350] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 350] memfd_create("syzkaller", 0) = 5 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 350] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 350] munmap(0x7f60eea9b000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 350] close(5) = 0 [pid 350] close(6) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 350] chdir("./file0") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_CLR_FD) = 0 [pid 350] close(6) = 0 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] write(6, "#! ./file1\n", 11) = 11 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 350] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 0 [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 349] <... futex resumed>) = ? [pid 350] +++ killed by SIGBUS +++ [pid 349] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=349, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 25.026081][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.058796][ T351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-350: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583106770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583106770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555830fe730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555830fd690) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 355] chdir("./2") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18executing program ) = 18 [pid 355] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 355] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0}./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] <... clone3 resumed> => {parent_tid=[356]}, 88) = 356 [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] <... futex resumed>) = 1 [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] ioctl(3, VHOST_SET_OWNER [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... ioctl resumed>, 0) = 0 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] <... futex resumed>) = 0 [pid 356] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 355] <... futex resumed>) = 1 [pid 356] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 355] <... futex resumed>) = 1 [pid 356] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] memfd_create("syzkaller", 0 [pid 355] <... futex resumed>) = 1 [pid 356] <... memfd_create resumed>) = 5 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 356] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 356] <... write resumed>) = 1048576 [pid 356] munmap(0x7f60eea9b000, 138412032) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 356] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 356] close(5) = 0 [pid 356] close(6) = 0 [pid 356] mkdir("./file0", 0777) = 0 [pid 356] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 356] chdir("./file0") = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 356] ioctl(6, LOOP_CLR_FD) = 0 [pid 356] close(6) = 0 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 1 [pid 356] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 1 [pid 356] write(6, "#! ./file1\n", 11) = 11 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 1 [pid 356] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 356] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 1 [pid 356] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 355] <... futex resumed>) = ? [pid 356] +++ killed by SIGBUS +++ [pid 355] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 25.216173][ T356] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.248327][ T357] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-356: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583106770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583106770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555830fe730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555830fd690) = 361 ./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 361] chdir("./3") = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 361] write(1, "executing program\n", 18executing program ) = 18 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 361] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0} => {parent_tid=[362]}, 88) = 362 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 362] memfd_create("syzkaller", 0) = 5 [pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 362] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 362] munmap(0x7f60eea9b000, 138412032) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 362] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 362] close(5) = 0 [pid 362] close(6) = 0 [pid 362] mkdir("./file0", 0777) = 0 [pid 362] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 362] chdir("./file0") = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 362] ioctl(6, LOOP_CLR_FD) = 0 [pid 362] close(6) = 0 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] write(6, "#! ./file1\n", 11) = 11 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 362] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... futex resumed>) = 0 [pid 362] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 361] <... futex resumed>) = ? [pid 362] +++ killed by SIGBUS +++ [pid 361] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=361, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 25.421087][ T362] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.453997][ T363] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-362: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583106770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583106770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555830fe730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555830fd690) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 367] chdir("./4") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] write(1, "executing program\n", 18executing program ) = 18 [pid 367] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 367] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0}./strace-static-x86_64: Process 368 attached => {parent_tid=[368]}, 88) = 368 [pid 368] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 1 [pid 368] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 1 [pid 368] memfd_create("syzkaller", 0 [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 368] <... memfd_create resumed>) = 5 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 368] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7f60eea9b000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 368] close(5) = 0 [pid 368] close(6) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_CLR_FD) = 0 [pid 368] close(6) = 0 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 368] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... openat resumed>) = 6 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 368] write(6, "#! ./file1\n", 11 [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... write resumed>) = 11 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 368] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... mmap resumed>) = 0x200000000000 [pid 368] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 367] <... futex resumed>) = ? [pid 368] +++ killed by SIGBUS +++ [pid 367] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 25.636049][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.670210][ T368] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor826: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583106770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583106770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555830fe730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555830fd690) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 373] chdir("./5") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] write(1, "executing program\n", 18executing program ) = 18 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 373] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0}./strace-static-x86_64: Process 374 attached => {parent_tid=[374]}, 88) = 374 [pid 374] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] ioctl(3, VHOST_SET_OWNER [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... ioctl resumed>, 0) = 0 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 374] memfd_create("syzkaller", 0) = 5 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 374] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 374] munmap(0x7f60eea9b000, 138412032) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 374] close(5) = 0 [pid 374] close(6) = 0 [pid 374] mkdir("./file0", 0777) = 0 [pid 374] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 374] chdir("./file0") = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_CLR_FD) = 0 [pid 374] close(6) = 0 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 374] <... futex resumed>) = 1 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] write(6, "#! ./file1\n", 11 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... write resumed>) = 11 [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 374] <... futex resumed>) = 1 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... mmap resumed>) = 0x200000000000 [ 25.855997][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 374] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 373] <... futex resumed>) = ? [pid 374] +++ killed by SIGBUS +++ [pid 373] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=373, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 25.900175][ T375] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-374: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583106770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583106770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555830fe730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555830fd690) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 379] chdir("./6") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18executing program ) = 18 [pid 379] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 379] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0}./strace-static-x86_64: Process 380 attached => {parent_tid=[380]}, 88) = 380 [pid 380] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_OWNER [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... ioctl resumed>, 0) = 0 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 379] <... futex resumed>) = 1 [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 379] <... futex resumed>) = 1 [pid 380] memfd_create("syzkaller", 0 [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 380] <... memfd_create resumed>) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7f60eea9b000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] write(6, "#! ./file1\n", 11 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... write resumed>) = 11 [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.096077][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 380] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 0 [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 379] <... futex resumed>) = ? [pid 380] +++ killed by SIGBUS +++ [pid 379] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=379, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 26.139159][ T381] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-380: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583106770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583106770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555830fe730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 385 attached , child_tidptr=0x5555830fd690) = 385 [pid 385] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 385] chdir("./7") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18executing program ) = 18 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 385] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0} => {parent_tid=[386]}, 88) = 386 [pid 385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 386] memfd_create("syzkaller", 0) = 5 [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 386] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 386] munmap(0x7f60eea9b000, 138412032) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 386] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 386] close(5) = 0 [pid 386] close(6) = 0 [pid 386] mkdir("./file0", 0777) = 0 [pid 386] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 386] chdir("./file0") = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 386] ioctl(6, LOOP_CLR_FD) = 0 [pid 386] close(6) = 0 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] write(6, "#! ./file1\n", 11) = 11 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 386] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 385] <... futex resumed>) = ? [pid 386] +++ killed by SIGBUS +++ [pid 385] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=385, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 26.311334][ T386] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.343541][ T387] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-386: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583106770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583106770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555830fe730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555830fd690) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 391] chdir("./8") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] write(1, "executing program\n", 18executing program ) = 18 [pid 391] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 391] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0}./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] <... clone3 resumed> => {parent_tid=[392]}, 88) = 392 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 1 [pid 392] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f60f6f876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 1 [pid 392] memfd_create("syzkaller", 0 [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 392] <... memfd_create resumed>) = 5 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 392] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 392] munmap(0x7f60eea9b000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 392] close(5) = 0 [pid 392] close(6) = 0 [pid 392] mkdir("./file0", 0777) = 0 [pid 392] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 392] chdir("./file0") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_CLR_FD) = 0 [pid 392] close(6) = 0 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] write(6, "#! ./file1\n", 11) = 11 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 392] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 26.585860][ T392] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 391] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 391] <... futex resumed>) = ? [pid 392] +++ killed by SIGBUS +++ [pid 391] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=391, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 26.630021][ T393] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-392: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555583106770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555583106770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555830fe730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555830fd690) = 397 ./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x5555830fd6a0, 24) = 0 [pid 397] chdir("./9") = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 397] write(1, "executing program\n", 18executing program ) = 18 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] rt_sigaction(SIGRT_1, {sa_handler=0x7f60f6f255b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f60f6f16760}, NULL, 8) = 0 [pid 397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f60f6e9b000 [pid 397] mprotect(0x7f60f6e9c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f60f6ebb990, parent_tid=0x7f60f6ebb990, exit_signal=0, stack=0x7f60f6e9b000, stack_size=0x20300, tls=0x7f60f6ebb6c0} => {parent_tid=[398]}, 88) = 398 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x7f60f6ebb9a0, 24) = 0 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] eventfd2(118, EFD_SEMAPHORE [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... eventfd2 resumed>) = 4 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 398] memfd_create("syzkaller", 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 398] <... memfd_create resumed>) = 5 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f60eea9b000 [pid 398] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 398] munmap(0x7f60eea9b000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 398] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 398] close(5) = 0 [pid 398] close(6) = 0 [pid 398] mkdir("./file0", 0777) = 0 [pid 398] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 398] chdir("./file0") = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 398] ioctl(6, LOOP_CLR_FD) = 0 [pid 398] close(6) = 0 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] write(6, "#! ./file1\n", 11) = 11 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f60f6f876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f60f6f876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] ioctl(-1, KVM_SET_IRQCHIP, 0x200000000280) = -1 EBADF (Bad file descriptor) [pid 398] futex(0x7f60f6f876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 397] exit_group(0) = ? [pid 398] <... futex resumed>) = ? [pid 398] +++ exited with 0 +++ [pid 397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555830fe730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 26.772860][ T398] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.802752][ T399] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-398: bg 0: block 234: padding at end of block bitmap is not set [ 26.827330][ T7] ------------[ cut here ]------------ [ 26.832887][ T7] kernel BUG at fs/ext4/inode.c:2844! [ 26.838399][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 26.844457][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0 [ 26.854141][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 26.864199][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 26.870163][ T7] RIP: 0010:ext4_writepages+0x2f83/0x2fb0 [ 26.875855][ T7] Code: 0f 94 c6 bf 02 00 00 00 e8 6a 29 a1 ff 84 db 75 2e e8 11 27 a1 ff 49 bc 00 00 00 00 00 fc ff df e9 47 f9 ff ff e8 fd 26 a1 ff <0f> 0b e8 f6 26 a1 ff 0f 0b e8 ef 26 a1 ff e8 ba ef 41 ff eb 9b e8 [ 26.895432][ T7] RSP: 0018:ffff8881f5db71a0 EFLAGS: 00010293 [ 26.901471][ T7] RAX: ffffffff81be57e3 RBX: 0000010410000000 RCX: ffff8881f5d68fc0 [ 26.909419][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 26.917369][ T7] RBP: ffff8881f5db74f0 R08: dffffc0000000000 R09: ffffed103b9f0344 [ 26.925318][ T7] R10: ffffed103b9f0344 R11: 1ffff1103b9f0343 R12: dffffc0000000000 [ 26.933264][ T7] R13: ffff8881f5db7810 R14: 0000010000000000 R15: ffff8881dcf81af0 [ 26.941211][ T7] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 26.950115][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.956675][ T7] CR2: 0000555583106738 CR3: 00000001dd4fd000 CR4: 00000000003406b0 [ 26.964627][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.972606][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.980574][ T7] Call Trace: [ 26.983842][ T7] ? __kasan_check_read+0x11/0x20 [ 26.988842][ T7] ? __find_get_block+0xab4/0xe90 [ 26.993841][ T7] ? write_boundary_block+0x140/0x140 [ 26.999188][ T7] ? ext4_readpage+0x310/0x310 [ 27.003945][ T7] ? __getblk_gfp+0x3b/0x760 [ 27.008508][ T7] ? __kasan_check_write+0x14/0x20 [ 27.013595][ T7] ? ext4_get_group_desc+0x249/0x2a0 [ 27.018858][ T7] ? __update_load_avg_se+0x695/0xba0 [ 27.024204][ T7] ? ext4_readpage+0x310/0x310 [ 27.028941][ T7] do_writepages+0x127/0x270 [ 27.033504][ T7] ? debug_smp_processor_id+0x20/0x20 [ 27.038851][ T7] ? __writepage+0x120/0x120 [ 27.043420][ T7] ? __kasan_check_write+0x14/0x20 [ 27.048505][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 27.053159][ T7] ? __kasan_check_write+0x14/0x20 [ 27.058244][ T7] __writeback_single_inode+0xd9/0xc30 [ 27.063675][ T7] ? wbc_attach_and_unlock_inode+0x3b3/0x5b0 [ 27.069627][ T7] writeback_sb_inodes+0x94f/0x1700 [ 27.074800][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 27.079452][ T7] ? queue_io+0x4e0/0x4e0 [ 27.083762][ T7] ? __kasan_check_read+0x11/0x20 [ 27.088760][ T7] wb_writeback+0x3e1/0xc20 [ 27.093236][ T7] ? wb_io_lists_depopulated+0x170/0x170 [ 27.098860][ T7] ? check_preemption_disabled+0x9b/0x300 [ 27.104551][ T7] ? debug_smp_processor_id+0x20/0x20 [ 27.109896][ T7] ? __kasan_check_write+0x14/0x20 [ 27.114992][ T7] ? check_preemption_disabled+0x9b/0x300 [ 27.120694][ T7] wb_workfn+0x375/0xf90 [ 27.124917][ T7] ? inode_wait_for_writeback+0x200/0x200 [ 27.130651][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 27.135822][ T7] ? finish_task_switch+0x12e/0x590 [ 27.140994][ T7] ? __schedule+0xa57/0x12a0 [ 27.145557][ T7] ? __kasan_check_read+0x11/0x20 [ 27.150577][ T7] ? read_word_at_a_time+0x12/0x20 [ 27.155665][ T7] ? strscpy+0x9b/0x290 [ 27.159794][ T7] process_one_work+0x73b/0xcc0 [ 27.164628][ T7] worker_thread+0xa5c/0x13b0 [ 27.169292][ T7] ? __kasan_check_read+0x11/0x20 [ 27.174290][ T7] kthread+0x31e/0x3a0 [ 27.178352][ T7] ? worker_clr_flags+0x190/0x190 [ 27.183349][ T7] ? kthread_blkcg+0xd0/0xd0 [ 27.187910][ T7] ret_from_fork+0x1f/0x30 [ 27.192295][ T7] Modules linked in: [ 27.196299][ T7] ---[ end trace 6c05f2bedb61f578 ]--- [ 27.201762][ T7] RIP: 0010:ext4_writepages+0x2f83/0x2fb0 [ 27.207617][ T7] Code: 0f 94 c6 bf 02 00 00 00 e8 6a 29 a1 ff 84 db 75 2e e8 11 27 a1 ff 49 bc 00 00 00 00 00 fc ff df e9 47 f9 ff ff e8 fd 26 a1 ff <0f> 0b e8 f6 26 a1 ff 0f 0b e8 ef 26 a1 ff e8 ba ef 41 ff eb 9b e8 [ 27.227240][ T7] RSP: 0018:ffff8881f5db71a0 EFLAGS: 00010293 [ 27.233307][ T7] RAX: ffffffff81be57e3 RBX: 0000010410000000 RCX: ffff8881f5d68fc0 [ 27.241287][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 27.249266][ T7] RBP: ffff8881f5db74f0 R08: dffffc0000000000 R09: ffffed103b9f0344 [ 27.257265][ T7] R10: ffffed103b9f0344 R11: 1ffff1103b9f0343 R12: dffffc0000000000 [ 27.265241][ T7] R13: ffff8881f5db7810 R14: 0000010000000000 R15: ffff8881dcf81af0 [ 27.273188][ T7] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 27.282113][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.288696][ T7] CR2: 0000555583106738 CR3: 00000001dd4fd000 CR4: 00000000003406b0 [ 27.296706][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.304681][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.312631][ T7] Kernel panic - not syncing: Fatal exception [ 27.318934][ T7] Kernel Offset: disabled [ 27.323260][ T7] Rebooting in 86400 seconds..