./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2914045909 <...> Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts. execve("./syz-executor2914045909", ["./syz-executor2914045909"], 0x7fff6a2ba5e0 /* 10 vars */) = 0 brk(NULL) = 0x55556442e000 brk(0x55556442ed00) = 0x55556442ed00 arch_prctl(ARCH_SET_FS, 0x55556442e380) = 0 set_tid_address(0x55556442e650) = 294 set_robust_list(0x55556442e660, 24) = 0 rseq(0x55556442eca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2914045909", 4096) = 28 getrandom("\x56\x09\x54\x21\x8b\x57\x6a\xb5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556442ed00 brk(0x55556444fd00) = 0x55556444fd00 brk(0x555564450000) = 0x555564450000 mprotect(0x7f0262159000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 getrandom("\xad\x54\xb1\x5d\x49\xaf\x66\x29", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.1mSGWd", 0700) = 0 chmod("./syzkaller.1mSGWd", 0777) = 0 chdir("./syzkaller.1mSGWd") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x55556442e660, 24) = 0 [pid 295] chdir("./0") = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3) = 0 [pid 295] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 295] write(1, "executing program\n", 18) = 18 [pid 295] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [ 21.881802][ T28] audit: type=1400 audit(1744591125.273:66): avc: denied { execmem } for pid=294 comm="syz-executor291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.886473][ T28] audit: type=1400 audit(1744591125.273:67): avc: denied { read write } for pid=294 comm="syz-executor291" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.893308][ T28] audit: type=1400 audit(1744591125.273:68): avc: denied { open } for pid=294 comm="syz-executor291" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.900342][ T28] audit: type=1400 audit(1744591125.273:69): avc: denied { ioctl } for pid=294 comm="syz-executor291" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 295] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 295] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 295] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 295] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 295] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 295] memfd_create("syzkaller", 0) = 5 [pid 295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 295] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 295] munmap(0x7f0259ca6000, 138412032) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 295] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 295] close(5) = 0 [pid 295] close(6) = 0 [pid 295] mkdir("./file0", 0777) = 0 [ 21.921614][ T28] audit: type=1400 audit(1744591125.283:70): avc: denied { read write } for pid=295 comm="syz-executor291" name="vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.940892][ T295] loop0: detected capacity change from 0 to 2048 [ 21.946031][ T28] audit: type=1400 audit(1744591125.283:71): avc: denied { open } for pid=295 comm="syz-executor291" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.979452][ T28] audit: type=1400 audit(1744591125.293:72): avc: denied { ioctl } for pid=295 comm="syz-executor291" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.004830][ T28] audit: type=1400 audit(1744591125.343:73): avc: denied { mounton } for pid=295 comm="syz-executor291" path="/root/syzkaller.1mSGWd/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 295] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 295] chdir("./file0") = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 295] ioctl(6, LOOP_CLR_FD) = 0 [pid 295] close(6) = 0 [pid 295] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 295] write(6, "#! ./file1\n", 11) = 11 [pid 295] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 22.030538][ T295] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.039324][ T28] audit: type=1400 audit(1744591125.433:74): avc: denied { mount } for pid=295 comm="syz-executor291" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.055172][ T295] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 295] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 295] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=295, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 301 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x55556442e660, 24) = 0 [pid 301] chdir("./1") = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] write(1, "executing program\n", 18executing program ) = 18 [pid 301] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 301] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 301] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 301] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 301] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 301] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 301] memfd_create("syzkaller", 0) = 5 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 301] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 301] munmap(0x7f0259ca6000, 138412032) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.075511][ T28] audit: type=1400 audit(1744591125.433:75): avc: denied { write } for pid=295 comm="syz-executor291" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.110322][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 301] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 301] close(5) = 0 [pid 301] close(6) = 0 [pid 301] mkdir("./file0", 0777) = 0 [pid 301] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 301] chdir("./file0") = 0 [pid 301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 301] ioctl(6, LOOP_CLR_FD) = 0 [pid 301] close(6) = 0 [pid 301] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 301] write(6, "#! ./file1\n", 11) = 11 [pid 301] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 301] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=301, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 22.141239][ T301] loop0: detected capacity change from 0 to 2048 [ 22.157956][ T301] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.170962][ T301] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x55556442e660, 24) = 0 [pid 306] chdir("./2") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18executing program ) = 18 [pid 306] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 306] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 306] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 306] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 306] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 306] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 306] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 306] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 306] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 306] memfd_create("syzkaller", 0) = 5 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 306] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 306] munmap(0x7f0259ca6000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 306] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 306] close(5) = 0 [pid 306] close(6) = 0 [pid 306] mkdir("./file0", 0777) = 0 [ 22.198609][ T294] EXT4-fs (loop0): unmounting filesystem. [ 22.232835][ T306] loop0: detected capacity change from 0 to 2048 [pid 306] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 306] chdir("./file0") = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 306] ioctl(6, LOOP_CLR_FD) = 0 [pid 306] close(6) = 0 [pid 306] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 306] write(6, "#! ./file1\n", 11) = 11 [pid 306] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 306] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=306, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0"executing program ) = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 311 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x55556442e660, 24) = 0 [pid 311] chdir("./3") = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 311] write(1, "executing program\n", 18) = 18 [pid 311] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 311] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 311] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 311] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 311] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 311] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 311] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 311] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 311] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 311] memfd_create("syzkaller", 0) = 5 [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 311] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 311] munmap(0x7f0259ca6000, 138412032) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.248932][ T306] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.261668][ T306] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 22.289895][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 311] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 311] close(5) = 0 [pid 311] close(6) = 0 [pid 311] mkdir("./file0", 0777) = 0 [pid 311] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 311] chdir("./file0") = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 311] ioctl(6, LOOP_CLR_FD) = 0 [pid 311] close(6) = 0 [pid 311] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 311] write(6, "#! ./file1\n", 11) = 11 [pid 311] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 311] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=311, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 22.317133][ T311] loop0: detected capacity change from 0 to 2048 [ 22.330053][ T311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.342586][ T311] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 22.361882][ T294] EXT4-fs (loop0): unmounting filesystem. umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x55556442e660, 24) = 0 [pid 315] chdir("./4") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] write(1, "executing program\n", 18executing program ) = 18 [pid 315] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 315] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 315] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 315] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 315] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 315] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 315] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 315] memfd_create("syzkaller", 0) = 5 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 315] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 315] munmap(0x7f0259ca6000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 315] close(5) = 0 [pid 315] close(6) = 0 [pid 315] mkdir("./file0", 0777) = 0 [pid 315] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 315] chdir("./file0") = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 315] ioctl(6, LOOP_CLR_FD) = 0 [pid 315] close(6) = 0 [pid 315] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 315] write(6, "#! ./file1\n", 11) = 11 [pid 315] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 22.393338][ T315] loop0: detected capacity change from 0 to 2048 [ 22.417559][ T315] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 315] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 315] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=315, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x55556442e660, 24) = 0 [pid 319] chdir("./5") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 319] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 319] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 319] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 319] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 319] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 319] memfd_create("syzkaller", 0) = 5 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 319] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 319] munmap(0x7f0259ca6000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.430441][ T315] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 22.457842][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 319] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 319] close(5) = 0 [pid 319] close(6) = 0 [pid 319] mkdir("./file0", 0777) = 0 [pid 319] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 319] chdir("./file0") = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 319] ioctl(6, LOOP_CLR_FD) = 0 [pid 319] close(6) = 0 [pid 319] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 319] write(6, "#! ./file1\n", 11) = 11 [pid 319] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 319] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 319] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=319, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 22.488416][ T319] loop0: detected capacity change from 0 to 2048 [ 22.507412][ T319] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.524389][ T320] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-319: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 323 ./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x55556442e660, 24) = 0 [pid 323] chdir("./6") = 0 [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 323] setpgid(0, 0) = 0 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 323] write(3, "1000", 4) = 4 [pid 323] close(3) = 0 [pid 323] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 323] write(1, "executing program\n", 18) = 18 [pid 323] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 323] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 323] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 323] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 323] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 323] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 323] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 323] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 323] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 323] memfd_create("syzkaller", 0) = 5 [pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 323] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 323] munmap(0x7f0259ca6000, 138412032) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 323] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 323] close(5) = 0 [pid 323] close(6) = 0 [pid 323] mkdir("./file0", 0777) = 0 [pid 323] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 323] chdir("./file0") = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 323] ioctl(6, LOOP_CLR_FD) = 0 [pid 323] close(6) = 0 [ 22.551567][ T294] EXT4-fs (loop0): unmounting filesystem. [ 22.575967][ T323] loop0: detected capacity change from 0 to 2048 [ 22.588821][ T323] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 323] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 323] write(6, "#! ./file1\n", 11) = 11 [pid 323] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 323] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 323] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=323, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 327 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x55556442e660, 24) = 0 [pid 327] chdir("./7") = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 327] write(1, "executing program\n", 18executing program ) = 18 [pid 327] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 327] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 327] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 327] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 327] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 327] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 327] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 327] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 327] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 327] memfd_create("syzkaller", 0) = 5 [pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 327] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 327] munmap(0x7f0259ca6000, 138412032) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.599480][ T323] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 22.626936][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 327] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 327] close(5) = 0 [pid 327] close(6) = 0 [pid 327] mkdir("./file0", 0777) = 0 [pid 327] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 327] chdir("./file0") = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 327] ioctl(6, LOOP_CLR_FD) = 0 [pid 327] close(6) = 0 [pid 327] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 327] write(6, "#! ./file1\n", 11) = 11 [pid 327] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 22.657314][ T327] loop0: detected capacity change from 0 to 2048 [ 22.677498][ T327] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 327] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 327] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=327, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 331 ./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x55556442e660, 24) = 0 [pid 331] chdir("./8") = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 331] write(1, "executing program\n", 18executing program ) = 18 [pid 331] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 331] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 331] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 331] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 331] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 331] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 331] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 331] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 331] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 331] memfd_create("syzkaller", 0) = 5 [pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 331] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 331] munmap(0x7f0259ca6000, 138412032) = 0 [ 22.702377][ T328] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-327: bg 0: block 234: padding at end of block bitmap is not set [ 22.730106][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 331] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 331] close(5) = 0 [pid 331] close(6) = 0 [pid 331] mkdir("./file0", 0777) = 0 [pid 331] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 331] chdir("./file0") = 0 [pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 331] ioctl(6, LOOP_CLR_FD) = 0 [pid 331] close(6) = 0 [pid 331] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 331] write(6, "#! ./file1\n", 11) = 11 [pid 331] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 22.761973][ T331] loop0: detected capacity change from 0 to 2048 [ 22.787698][ T331] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 331] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 331] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=331, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x55556442e660, 24) = 0 [pid 335] chdir("./9") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 335] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 335] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 335] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 335] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 335] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 335] memfd_create("syzkaller", 0) = 5 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 335] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 335] munmap(0x7f0259ca6000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.800227][ T331] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 22.828013][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 335] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 335] close(5) = 0 [pid 335] close(6) = 0 [pid 335] mkdir("./file0", 0777) = 0 [pid 335] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 335] chdir("./file0") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 335] ioctl(6, LOOP_CLR_FD) = 0 [pid 335] close(6) = 0 [pid 335] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 335] write(6, "#! ./file1\n", 11) = 11 [pid 335] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 22.853640][ T335] loop0: detected capacity change from 0 to 2048 [ 22.887678][ T335] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 335] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=335, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x55556442e660, 24) = 0 [pid 339] chdir("./10") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18) = 18 [pid 339] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 339] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 339] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 339] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 339] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 339] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 339] memfd_create("syzkaller", 0) = 5 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 339] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 339] munmap(0x7f0259ca6000, 138412032) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.900589][ T335] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 22.928626][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 339] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 339] close(5) = 0 [pid 339] close(6) = 0 [pid 339] mkdir("./file0", 0777) = 0 [pid 339] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 339] chdir("./file0") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 339] ioctl(6, LOOP_CLR_FD) = 0 [pid 339] close(6) = 0 [pid 339] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 339] write(6, "#! ./file1\n", 11) = 11 [pid 339] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 339] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 339] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=339, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 22.952531][ T339] loop0: detected capacity change from 0 to 2048 [ 22.968097][ T339] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.978747][ T339] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 343 ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x55556442e660, 24) = 0 [pid 343] chdir("./11") = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 343] write(1, "executing program\n", 18executing program ) = 18 [pid 343] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 343] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 343] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 343] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 343] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 343] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 343] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 343] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 343] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 343] memfd_create("syzkaller", 0) = 5 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 343] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 343] munmap(0x7f0259ca6000, 138412032) = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 343] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 343] close(5) = 0 [pid 343] close(6) = 0 [pid 343] mkdir("./file0", 0777) = 0 [pid 343] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 343] chdir("./file0") = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 343] ioctl(6, LOOP_CLR_FD) = 0 [pid 343] close(6) = 0 [pid 343] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 23.005951][ T294] EXT4-fs (loop0): unmounting filesystem. [ 23.029876][ T343] loop0: detected capacity change from 0 to 2048 [ 23.047531][ T343] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 343] write(6, "#! ./file1\n", 11) = 11 [pid 343] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 343] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 343] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=343, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 347 ./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x55556442e660, 24) = 0 [pid 347] chdir("./12") = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [pid 347] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 347] write(1, "executing program\n", 18) = 18 [pid 347] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 347] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 347] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 347] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 347] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 347] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 347] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 347] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 347] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 347] memfd_create("syzkaller", 0) = 5 [pid 347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 347] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 347] munmap(0x7f0259ca6000, 138412032) = 0 [pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.058218][ T343] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 23.085848][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 347] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 347] close(5) = 0 [pid 347] close(6) = 0 [pid 347] mkdir("./file0", 0777) = 0 [pid 347] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 347] chdir("./file0") = 0 [pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 347] ioctl(6, LOOP_CLR_FD) = 0 [pid 347] close(6) = 0 [pid 347] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 347] write(6, "#! ./file1\n", 11) = 11 [pid 347] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 347] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 347] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=347, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 23.111675][ T347] loop0: detected capacity change from 0 to 2048 [ 23.127841][ T347] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.144679][ T348] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-347: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 351 ./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x55556442e660, 24) = 0 [pid 351] chdir("./13") = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [pid 351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 351] write(1, "executing program\n", 18executing program ) = 18 [pid 351] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 351] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 351] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 351] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 351] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 351] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 351] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 351] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 351] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 351] memfd_create("syzkaller", 0) = 5 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 351] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 351] munmap(0x7f0259ca6000, 138412032) = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 351] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 351] close(5) = 0 [pid 351] close(6) = 0 [pid 351] mkdir("./file0", 0777) = 0 [pid 351] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 351] chdir("./file0") = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 351] ioctl(6, LOOP_CLR_FD) = 0 [pid 351] close(6) = 0 [pid 351] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 351] write(6, "#! ./file1\n", 11) = 11 [pid 351] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.172905][ T294] EXT4-fs (loop0): unmounting filesystem. [ 23.197206][ T351] loop0: detected capacity change from 0 to 2048 [ 23.209696][ T351] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 351] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 351] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=351, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x55556442e660, 24) = 0 [pid 355] chdir("./14") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18executing program ) = 18 [pid 355] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 355] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 355] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 355] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 355] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 355] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 355] memfd_create("syzkaller", 0) = 5 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 355] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 355] munmap(0x7f0259ca6000, 138412032) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.220190][ T351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 23.247301][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 355] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 355] close(5) = 0 [pid 355] close(6) = 0 [pid 355] mkdir("./file0", 0777) = 0 [pid 355] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 355] chdir("./file0") = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 355] ioctl(6, LOOP_CLR_FD) = 0 [pid 355] close(6) = 0 [pid 355] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 355] write(6, "#! ./file1\n", 11) = 11 [pid 355] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 355] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 23.278982][ T355] loop0: detected capacity change from 0 to 2048 [ 23.297385][ T355] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.310469][ T355] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x55556442e660, 24) = 0 [pid 360] chdir("./15") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 360] write(1, "executing program\n", 18) = 18 [pid 360] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 360] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 360] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 360] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 360] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 360] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 360] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 360] memfd_create("syzkaller", 0) = 5 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 360] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 360] munmap(0x7f0259ca6000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 360] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 360] close(5) = 0 [pid 360] close(6) = 0 [pid 360] mkdir("./file0", 0777) = 0 [ 23.338644][ T294] EXT4-fs (loop0): unmounting filesystem. [ 23.367377][ T360] loop0: detected capacity change from 0 to 2048 [pid 360] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 360] chdir("./file0") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 360] ioctl(6, LOOP_CLR_FD) = 0 [pid 360] close(6) = 0 [pid 360] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 360] write(6, "#! ./file1\n", 11) = 11 [pid 360] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 360] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=360, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 23.387576][ T360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.411841][ T361] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-360: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 364 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x55556442e660, 24) = 0 [pid 364] chdir("./16") = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 364] write(1, "executing program\n", 18executing program ) = 18 [pid 364] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 364] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 364] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 364] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 364] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 364] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 364] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 364] memfd_create("syzkaller", 0) = 5 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 364] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 364] munmap(0x7f0259ca6000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.437275][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 364] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 364] close(5) = 0 [pid 364] close(6) = 0 [pid 364] mkdir("./file0", 0777) = 0 [pid 364] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 364] chdir("./file0") = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 364] ioctl(6, LOOP_CLR_FD) = 0 [pid 364] close(6) = 0 [pid 364] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 364] write(6, "#! ./file1\n", 11) = 11 [pid 364] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 364] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 364] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=364, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 23.469953][ T364] loop0: detected capacity change from 0 to 2048 [ 23.487825][ T364] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.500747][ T364] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0"executing program ) = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 368 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x55556442e660, 24) = 0 [pid 368] chdir("./17") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 368] write(1, "executing program\n", 18) = 18 [pid 368] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 368] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 368] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 368] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 368] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 368] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 368] memfd_create("syzkaller", 0) = 5 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 368] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7f0259ca6000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 368] close(5) = 0 [pid 368] close(6) = 0 [pid 368] mkdir("./file0", 0777) = 0 [ 23.529064][ T294] EXT4-fs (loop0): unmounting filesystem. [ 23.557534][ T368] loop0: detected capacity change from 0 to 2048 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_CLR_FD) = 0 [pid 368] close(6) = 0 [pid 368] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 368] write(6, "#! ./file1\n", 11) = 11 [pid 368] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 368] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=368, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x55556442e660, 24) = 0 [pid 372] chdir("./18") = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 372] write(1, "executing program\n", 18) = 18 [pid 372] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 372] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 372] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 372] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 372] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 372] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 372] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 372] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 372] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 372] memfd_create("syzkaller", 0) = 5 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 372] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 372] munmap(0x7f0259ca6000, 138412032) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.577785][ T368] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.590588][ T368] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 23.617831][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 372] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 372] close(5) = 0 [pid 372] close(6) = 0 [pid 372] mkdir("./file0", 0777) = 0 [pid 372] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 372] chdir("./file0") = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 372] ioctl(6, LOOP_CLR_FD) = 0 [pid 372] close(6) = 0 [pid 372] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 372] write(6, "#! ./file1\n", 11) = 11 [pid 372] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 372] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 372] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=372, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 23.642168][ T372] loop0: detected capacity change from 0 to 2048 [ 23.657607][ T372] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.674233][ T373] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-372: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 376 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x55556442e660, 24) = 0 [pid 376] chdir("./19") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 376] write(1, "executing program\n", 18executing program ) = 18 [pid 376] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 376] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 376] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 376] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 376] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 376] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 376] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 376] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 376] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 376] memfd_create("syzkaller", 0) = 5 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 376] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 376] munmap(0x7f0259ca6000, 138412032) = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 376] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 376] close(5) = 0 [pid 376] close(6) = 0 [pid 376] mkdir("./file0", 0777) = 0 [ 23.701535][ T294] EXT4-fs (loop0): unmounting filesystem. [ 23.727406][ T376] loop0: detected capacity change from 0 to 2048 [pid 376] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 376] chdir("./file0") = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 376] ioctl(6, LOOP_CLR_FD) = 0 [pid 376] close(6) = 0 [pid 376] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 376] write(6, "#! ./file1\n", 11) = 11 [pid 376] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 376] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=376, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x55556442e660, 24) = 0 [pid 380] chdir("./20") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] write(1, "executing program\n", 18) = 18 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] memfd_create("syzkaller", 0) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7f0259ca6000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.748175][ T376] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.765227][ T377] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-376: bg 0: block 234: padding at end of block bitmap is not set [ 23.792798][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] write(6, "#! ./file1\n", 11) = 11 [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 23.823225][ T380] loop0: detected capacity change from 0 to 2048 [ 23.838163][ T380] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.850991][ T380] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x55556442e660, 24) = 0 [pid 384] chdir("./21") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 384] write(1, "executing program\n", 18) = 18 [pid 384] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 384] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 384] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 384] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 384] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 384] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 384] memfd_create("syzkaller", 0) = 5 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 384] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 384] munmap(0x7f0259ca6000, 138412032) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 384] close(5) = 0 [pid 384] close(6) = 0 [pid 384] mkdir("./file0", 0777) = 0 [ 23.878867][ T294] EXT4-fs (loop0): unmounting filesystem. [ 23.904333][ T384] loop0: detected capacity change from 0 to 2048 [pid 384] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 384] chdir("./file0") = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 384] ioctl(6, LOOP_CLR_FD) = 0 [pid 384] close(6) = 0 [pid 384] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 384] write(6, "#! ./file1\n", 11) = 11 [pid 384] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 384] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=384, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 388 ./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x55556442e660, 24) = 0 [pid 388] chdir("./22") = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 388] write(1, "executing program\n", 18executing program ) = 18 [pid 388] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 388] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 388] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 388] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 388] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 388] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 388] memfd_create("syzkaller", 0) = 5 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 388] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 388] munmap(0x7f0259ca6000, 138412032) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.927662][ T384] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.940583][ T384] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 23.968681][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 388] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 388] close(5) = 0 [pid 388] close(6) = 0 [pid 388] mkdir("./file0", 0777) = 0 [pid 388] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 388] chdir("./file0") = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 388] ioctl(6, LOOP_CLR_FD) = 0 [pid 388] close(6) = 0 [pid 388] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 388] write(6, "#! ./file1\n", 11) = 11 [pid 388] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.992463][ T388] loop0: detected capacity change from 0 to 2048 [ 24.008081][ T388] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 388] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=388, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 392 ./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x55556442e660, 24) = 0 [pid 392] chdir("./23") = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 392] write(1, "executing program\n", 18) = 18 [pid 392] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 392] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 392] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 392] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 392] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 392] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 392] memfd_create("syzkaller", 0) = 5 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 392] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 392] munmap(0x7f0259ca6000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.033939][ T389] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-388: bg 0: block 234: padding at end of block bitmap is not set [ 24.060449][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 392] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 392] close(5) = 0 [pid 392] close(6) = 0 [pid 392] mkdir("./file0", 0777) = 0 [pid 392] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 392] chdir("./file0") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_CLR_FD) = 0 [pid 392] close(6) = 0 [pid 392] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 392] write(6, "#! ./file1\n", 11) = 11 [pid 392] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 392] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 392] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=392, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 24.086955][ T392] loop0: detected capacity change from 0 to 2048 [ 24.107814][ T392] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.118424][ T392] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 396 ./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x55556442e660, 24) = 0 [pid 396] chdir("./24") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 396] write(1, "executing program\n", 18) = 18 [pid 396] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 396] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 396] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 396] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 396] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 396] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 396] memfd_create("syzkaller", 0) = 5 [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 396] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 396] munmap(0x7f0259ca6000, 138412032) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 396] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 396] close(5) = 0 [pid 396] close(6) = 0 [pid 396] mkdir("./file0", 0777) = 0 [ 24.146383][ T294] EXT4-fs (loop0): unmounting filesystem. [ 24.172833][ T396] loop0: detected capacity change from 0 to 2048 [pid 396] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 396] chdir("./file0") = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 396] ioctl(6, LOOP_CLR_FD) = 0 [pid 396] close(6) = 0 [pid 396] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 396] write(6, "#! ./file1\n", 11) = 11 [pid 396] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 396] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=396, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 400 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x55556442e660, 24) = 0 [pid 400] chdir("./25") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 400] write(1, "executing program\n", 18) = 18 [pid 400] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 400] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 400] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 400] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 400] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 400] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 400] memfd_create("syzkaller", 0) = 5 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 400] munmap(0x7f0259ca6000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.197547][ T396] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.209060][ T396] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 24.240952][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 400] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 400] close(5) = 0 [pid 400] close(6) = 0 [pid 400] mkdir("./file0", 0777) = 0 [pid 400] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_CLR_FD) = 0 [pid 400] close(6) = 0 [pid 400] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 400] write(6, "#! ./file1\n", 11) = 11 [ 24.268940][ T400] loop0: detected capacity change from 0 to 2048 [ 24.297451][ T400] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 400] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 400] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=400, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x55556442e660, 24) = 0 [pid 405] chdir("./26") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 405] write(1, "executing program\n", 18) = 18 [pid 405] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 405] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 405] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 405] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 405] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 405] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 405] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 405] memfd_create("syzkaller", 0) = 5 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 405] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 405] munmap(0x7f0259ca6000, 138412032) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.316031][ T401] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-400: bg 0: block 234: padding at end of block bitmap is not set [ 24.338729][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 405] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 405] close(5) = 0 [pid 405] close(6) = 0 [pid 405] mkdir("./file0", 0777) = 0 [pid 405] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 405] chdir("./file0") = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_CLR_FD) = 0 [pid 405] close(6) = 0 [pid 405] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 405] write(6, "#! ./file1\n", 11) = 11 [pid 405] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.363414][ T405] loop0: detected capacity change from 0 to 2048 [ 24.387879][ T405] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 405] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=405, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 409 executing program ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x55556442e660, 24) = 0 [pid 409] chdir("./27") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 409] write(1, "executing program\n", 18) = 18 [pid 409] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 409] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 409] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 409] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 409] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 409] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 409] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 409] memfd_create("syzkaller", 0) = 5 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 409] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 409] munmap(0x7f0259ca6000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 409] close(5) = 0 [pid 409] close(6) = 0 [pid 409] mkdir("./file0", 0777) = 0 [ 24.400891][ T405] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 24.428350][ T294] EXT4-fs (loop0): unmounting filesystem. [ 24.453810][ T409] loop0: detected capacity change from 0 to 2048 [pid 409] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 409] chdir("./file0") = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_CLR_FD) = 0 [pid 409] close(6) = 0 [pid 409] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 409] write(6, "#! ./file1\n", 11) = 11 [pid 409] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 409] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=409, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 413 executing program ./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x55556442e660, 24) = 0 [pid 413] chdir("./28") = 0 [pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 413] setpgid(0, 0) = 0 [pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 413] write(3, "1000", 4) = 4 [pid 413] close(3) = 0 [pid 413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 413] write(1, "executing program\n", 18) = 18 [pid 413] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 413] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 413] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 413] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 413] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 413] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 413] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 413] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 413] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 413] memfd_create("syzkaller", 0) = 5 [pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 413] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 413] munmap(0x7f0259ca6000, 138412032) = 0 [pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.478926][ T409] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.491567][ T409] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 24.518917][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 413] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 413] close(5) = 0 [pid 413] close(6) = 0 [pid 413] mkdir("./file0", 0777) = 0 [pid 413] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 413] chdir("./file0") = 0 [pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 413] ioctl(6, LOOP_CLR_FD) = 0 [pid 413] close(6) = 0 [pid 413] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 413] write(6, "#! ./file1\n", 11) = 11 [pid 413] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.544106][ T413] loop0: detected capacity change from 0 to 2048 [ 24.567630][ T413] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 413] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 413] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=413, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 417 ./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x55556442e660, 24) = 0 [pid 417] chdir("./29") = 0 [pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 417] setpgid(0, 0) = 0 [pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 417] write(3, "1000", 4) = 4 [pid 417] close(3) = 0 [pid 417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 417] write(1, "executing program\n", 18) = 18 [pid 417] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 417] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 417] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 417] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 417] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 417] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 417] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 417] memfd_create("syzkaller", 0) = 5 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 417] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 417] munmap(0x7f0259ca6000, 138412032) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 417] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 417] close(5) = 0 [pid 417] close(6) = 0 [pid 417] mkdir("./file0", 0777) = 0 [ 24.580930][ T413] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 24.608769][ T294] EXT4-fs (loop0): unmounting filesystem. [ 24.633287][ T417] loop0: detected capacity change from 0 to 2048 [pid 417] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 417] chdir("./file0") = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 417] ioctl(6, LOOP_CLR_FD) = 0 [pid 417] close(6) = 0 [pid 417] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 417] write(6, "#! ./file1\n", 11) = 11 [pid 417] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 417] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=417, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 421 ./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x55556442e660, 24) = 0 [pid 421] chdir("./30") = 0 [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 421] write(1, "executing program\n", 18) = 18 [pid 421] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 421] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 421] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 421] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 421] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 421] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 421] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 421] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 421] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 421] memfd_create("syzkaller", 0) = 5 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 421] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 421] munmap(0x7f0259ca6000, 138412032) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.649170][ T417] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.659488][ T417] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [ 24.687604][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 421] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 421] close(5) = 0 [pid 421] close(6) = 0 [pid 421] mkdir("./file0", 0777) = 0 [pid 421] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 421] chdir("./file0") = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 421] ioctl(6, LOOP_CLR_FD) = 0 [pid 421] close(6) = 0 [pid 421] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 421] write(6, "#! ./file1\n", 11) = 11 [pid 421] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 421] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [ 24.718404][ T421] loop0: detected capacity change from 0 to 2048 [ 24.737586][ T421] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.753783][ T421] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 421] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=421, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 24.768705][ T422] EXT4-fs error (device loop0): ext4_map_blocks:744: inode #18: block 62218: comm vhost-421: lblock 0 mapped to illegal pblock 62218 (length 1) [ 24.783596][ T422] EXT4-fs error (device loop0): ext4_map_blocks:634: inode #18: block 62218: comm vhost-421: lblock 0 mapped to illegal pblock 62218 (length 1) [ 24.798367][ T422] EXT4-fs error (device loop0): ext4_map_blocks:634: inode #18: block 62218: comm vhost-421: lblock 0 mapped to illegal pblock 62218 (length 1) umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 425 ./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x55556442e660, 24) = 0 [pid 425] chdir("./31") = 0 [pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 425] setpgid(0, 0) = 0 [pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 425] write(3, "1000", 4) = 4 [pid 425] close(3) = 0 [pid 425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 425] write(1, "executing program\n", 18executing program ) = 18 [pid 425] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 425] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 425] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 425] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 425] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 425] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 425] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 425] memfd_create("syzkaller", 0) = 5 [pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 425] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 425] munmap(0x7f0259ca6000, 138412032) = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 425] close(5) = 0 [pid 425] close(6) = 0 [pid 425] mkdir("./file0", 0777) = 0 [ 24.821661][ T294] EXT4-fs (loop0): unmounting filesystem. [ 24.853050][ T425] loop0: detected capacity change from 0 to 2048 [pid 425] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 425] chdir("./file0") = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_CLR_FD) = 0 [pid 425] close(6) = 0 [pid 425] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 425] write(6, "#! ./file1\n", 11) = 11 [pid 425] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 425] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=425, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x55556442e660, 24) = 0 [pid 430] chdir("./32") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] write(1, "executing program\n", 18executing program ) = 18 [pid 430] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 430] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 430] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 430] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 430] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 430] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 430] memfd_create("syzkaller", 0) = 5 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [ 24.868399][ T425] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.881445][ T425] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 430] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 430] munmap(0x7f0259ca6000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 430] close(5) = 0 [pid 430] close(6) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 430] chdir("./file0") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_CLR_FD) = 0 [pid 430] close(6) = 0 [pid 430] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 430] write(6, "#! ./file1\n", 11) = 11 [pid 430] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 430] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=430, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 434 ./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x55556442e660, 24) = 0 [pid 434] chdir("./33") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] write(1, "executing program\n", 18) = 18 [pid 434] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 434] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 434] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 434] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 434] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 434] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 434] memfd_create("syzkaller", 0) = 5 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 434] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 434] munmap(0x7f0259ca6000, 138412032) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.936548][ T430] loop0: detected capacity change from 0 to 2048 [ 24.961948][ T430] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 434] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 434] close(5) = 0 [pid 434] close(6) = 0 [pid 434] mkdir("./file0", 0777) = 0 [pid 434] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 434] chdir("./file0") = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_CLR_FD) = 0 [pid 434] close(6) = 0 [pid 434] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 434] write(6, "#! ./file1\n", 11) = 11 [pid 434] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 434] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=434, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 438 ./strace-static-x86_64: Process 438 attached [pid 438] set_robust_list(0x55556442e660, 24) = 0 [pid 438] chdir("./34") = 0 [pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 438] setpgid(0, 0) = 0 [pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 438] write(3, "1000", 4) = 4 [pid 438] close(3) = 0 [pid 438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 438] write(1, "executing program\n", 18executing program ) = 18 [pid 438] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 438] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 438] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 438] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 438] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 438] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 438] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 438] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 438] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 438] memfd_create("syzkaller", 0) = 5 [pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 438] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 438] munmap(0x7f0259ca6000, 138412032) = 0 [pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.007861][ T434] loop0: detected capacity change from 0 to 2048 [ 25.035859][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-434: bg 0: block 234: padding at end of block bitmap is not set [pid 438] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 438] close(5) = 0 [pid 438] close(6) = 0 [pid 438] mkdir("./file0", 0777) = 0 [pid 438] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 438] chdir("./file0") = 0 [pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 438] ioctl(6, LOOP_CLR_FD) = 0 [pid 438] close(6) = 0 [pid 438] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 438] write(6, "#! ./file1\n", 11) = 11 [pid 438] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 438] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=438, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 442 ./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x55556442e660, 24) = 0 [pid 442] chdir("./35") = 0 [pid 442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 442] setpgid(0, 0) = 0 [pid 442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 442] write(3, "1000", 4) = 4 [pid 442] close(3) = 0 [pid 442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 442] write(1, "executing program\n", 18) = 18 [pid 442] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 442] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 442] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 442] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 442] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 442] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 442] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 442] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 442] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 442] memfd_create("syzkaller", 0) = 5 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 442] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 442] munmap(0x7f0259ca6000, 138412032) = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.085425][ T438] loop0: detected capacity change from 0 to 2048 [ 25.100222][ T439] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-438: bg 0: block 234: padding at end of block bitmap is not set [pid 442] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 442] close(5) = 0 [pid 442] close(6) = 0 [pid 442] mkdir("./file0", 0777) = 0 [pid 442] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 442] chdir("./file0") = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 442] ioctl(6, LOOP_CLR_FD) = 0 [pid 442] close(6) = 0 [pid 442] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 442] write(6, "#! ./file1\n", 11) = 11 [pid 442] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 442] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 442] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=442, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 446 ./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x55556442e660, 24) = 0 [pid 446] chdir("./36") = 0 [pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 446] setpgid(0, 0) = 0 [pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 446] write(3, "1000", 4) = 4 [pid 446] close(3) = 0 [pid 446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 446] write(1, "executing program\n", 18) = 18 [pid 446] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 446] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 446] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 446] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 446] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 446] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 446] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 446] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 446] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 446] memfd_create("syzkaller", 0) = 5 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 446] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 446] munmap(0x7f0259ca6000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.146434][ T442] loop0: detected capacity change from 0 to 2048 [ 25.165090][ T442] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 446] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 446] close(5) = 0 [pid 446] close(6) = 0 [pid 446] mkdir("./file0", 0777) = 0 [pid 446] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 446] chdir("./file0") = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_CLR_FD) = 0 [pid 446] close(6) = 0 [pid 446] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 446] write(6, "#! ./file1\n", 11) = 11 [pid 446] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 446] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 446] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=446, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 450 ./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x55556442e660, 24) = 0 [pid 450] chdir("./37") = 0 [pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 450] setpgid(0, 0) = 0 [pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 450] write(3, "1000", 4) = 4 [pid 450] close(3) = 0 [pid 450] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 450] write(1, "executing program\n", 18) = 18 [pid 450] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 450] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 450] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 450] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 450] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 450] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 450] memfd_create("syzkaller", 0) = 5 [pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 450] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 450] munmap(0x7f0259ca6000, 138412032) = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.219328][ T446] loop0: detected capacity change from 0 to 2048 [ 25.249825][ T446] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 450] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 450] close(5) = 0 [pid 450] close(6) = 0 [pid 450] mkdir("./file0", 0777) = 0 [pid 450] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 450] chdir("./file0") = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 450] ioctl(6, LOOP_CLR_FD) = 0 [pid 450] close(6) = 0 [pid 450] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 450] write(6, "#! ./file1\n", 11) = 11 [pid 450] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 450] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=450, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 455 ./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x55556442e660, 24) = 0 [pid 455] chdir("./38") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 455] write(1, "executing program\n", 18) = 18 [pid 455] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 455] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 455] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 455] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 455] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 455] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 455] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 455] memfd_create("syzkaller", 0) = 5 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [ 25.295639][ T450] loop0: detected capacity change from 0 to 2048 [ 25.327083][ T450] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 455] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 455] munmap(0x7f0259ca6000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 455] close(5) = 0 [pid 455] close(6) = 0 [pid 455] mkdir("./file0", 0777) = 0 [pid 455] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 455] chdir("./file0") = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 455] ioctl(6, LOOP_CLR_FD) = 0 [pid 455] close(6) = 0 [pid 455] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 455] write(6, "#! ./file1\n", 11) = 11 [pid 455] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 455] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=455, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 executing program openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 459 ./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x55556442e660, 24) = 0 [pid 459] chdir("./39") = 0 [pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 459] setpgid(0, 0) = 0 [pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 459] write(3, "1000", 4) = 4 [pid 459] close(3) = 0 [pid 459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 459] write(1, "executing program\n", 18) = 18 [pid 459] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 459] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 459] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 459] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 459] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 459] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 459] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 459] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 459] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 459] memfd_create("syzkaller", 0) = 5 [pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 459] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 25.380916][ T455] loop0: detected capacity change from 0 to 2048 [ 25.406498][ T456] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-455: bg 0: block 234: padding at end of block bitmap is not set [pid 459] munmap(0x7f0259ca6000, 138412032) = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 459] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 459] close(5) = 0 [pid 459] close(6) = 0 [pid 459] mkdir("./file0", 0777) = 0 [pid 459] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 459] chdir("./file0") = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 459] ioctl(6, LOOP_CLR_FD) = 0 [pid 459] close(6) = 0 [pid 459] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 459] write(6, "#! ./file1\n", 11) = 11 [pid 459] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 459] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 459] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 463 ./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x55556442e660, 24) = 0 [pid 463] chdir("./40") = 0 [pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 463] setpgid(0, 0) = 0 [pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 463] write(3, "1000", 4) = 4 [pid 463] close(3) = 0 [pid 463] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 463] write(1, "executing program\n", 18) = 18 [pid 463] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 463] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 463] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 463] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 463] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 463] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 463] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 463] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 463] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 463] memfd_create("syzkaller", 0) = 5 [pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 463] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 463] munmap(0x7f0259ca6000, 138412032) = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.463284][ T459] loop0: detected capacity change from 0 to 2048 [ 25.489749][ T459] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 463] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 463] close(5) = 0 [pid 463] close(6) = 0 [pid 463] mkdir("./file0", 0777) = 0 [pid 463] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 463] chdir("./file0") = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 463] ioctl(6, LOOP_CLR_FD) = 0 [pid 463] close(6) = 0 [pid 463] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 463] write(6, "#! ./file1\n", 11) = 11 [pid 463] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 463] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 463] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=463, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 467 ./strace-static-x86_64: Process 467 attached [pid 467] set_robust_list(0x55556442e660, 24) = 0 [pid 467] chdir("./41") = 0 [pid 467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 467] setpgid(0, 0) = 0 [pid 467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 467] write(3, "1000", 4) = 4 [pid 467] close(3) = 0 [pid 467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 467] write(1, "executing program\n", 18) = 18 [pid 467] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 467] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 467] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 467] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 467] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 467] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 467] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 467] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 467] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 467] memfd_create("syzkaller", 0) = 5 [pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 467] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 467] munmap(0x7f0259ca6000, 138412032) = 0 [pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.542471][ T463] loop0: detected capacity change from 0 to 2048 [ 25.559941][ T463] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 467] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 467] close(5) = 0 [pid 467] close(6) = 0 [pid 467] mkdir("./file0", 0777) = 0 [pid 467] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 467] chdir("./file0") = 0 [pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 467] ioctl(6, LOOP_CLR_FD) = 0 [pid 467] close(6) = 0 [pid 467] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 467] write(6, "#! ./file1\n", 11) = 11 [pid 467] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 467] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 467] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=467, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 471 ./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x55556442e660, 24) = 0 [pid 471] chdir("./42") = 0 [pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 471] setpgid(0, 0) = 0 [pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 471] write(3, "1000", 4) = 4 [pid 471] close(3) = 0 [pid 471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 471] write(1, "executing program\n", 18executing program ) = 18 [pid 471] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 471] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 471] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 471] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 471] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 471] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 471] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 471] memfd_create("syzkaller", 0) = 5 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 471] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 471] munmap(0x7f0259ca6000, 138412032) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.600537][ T467] loop0: detected capacity change from 0 to 2048 [ 25.620164][ T467] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 471] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 471] close(5) = 0 [pid 471] close(6) = 0 [pid 471] mkdir("./file0", 0777) = 0 [pid 471] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 471] chdir("./file0") = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 471] ioctl(6, LOOP_CLR_FD) = 0 [pid 471] close(6) = 0 [pid 471] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 471] write(6, "#! ./file1\n", 11) = 11 [pid 471] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 471] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 471] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 475 ./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x55556442e660, 24) = 0 [pid 475] chdir("./43") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 475] write(1, "executing program\n", 18) = 18 [pid 475] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 475] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 475] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 475] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 475] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 475] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 475] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 475] memfd_create("syzkaller", 0) = 5 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 475] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 475] munmap(0x7f0259ca6000, 138412032) = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.672321][ T471] loop0: detected capacity change from 0 to 2048 [ 25.689606][ T471] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 475] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 475] close(5) = 0 [pid 475] close(6) = 0 [pid 475] mkdir("./file0", 0777) = 0 [pid 475] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 475] chdir("./file0") = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 475] ioctl(6, LOOP_CLR_FD) = 0 [pid 475] close(6) = 0 [pid 475] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 475] write(6, "#! ./file1\n", 11) = 11 [pid 475] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 475] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 475] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=475, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 479 ./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x55556442e660, 24) = 0 [pid 479] chdir("./44") = 0 [pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 479] setpgid(0, 0) = 0 [pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 479] write(3, "1000", 4) = 4 [pid 479] close(3) = 0 [pid 479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 479] write(1, "executing program\n", 18executing program ) = 18 [pid 479] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 479] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 479] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 479] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 479] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 479] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 479] memfd_create("syzkaller", 0) = 5 [pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [ 25.742053][ T475] loop0: detected capacity change from 0 to 2048 [ 25.774767][ T475] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 479] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 479] munmap(0x7f0259ca6000, 138412032) = 0 [pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 479] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 479] close(5) = 0 [pid 479] close(6) = 0 [pid 479] mkdir("./file0", 0777) = 0 [pid 479] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 479] chdir("./file0") = 0 [pid 479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 479] ioctl(6, LOOP_CLR_FD) = 0 [pid 479] close(6) = 0 [pid 479] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 479] write(6, "#! ./file1\n", 11) = 11 [pid 479] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.826969][ T479] loop0: detected capacity change from 0 to 2048 [pid 479] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 479] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=479, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 483 ./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x55556442e660, 24) = 0 [pid 483] chdir("./45") = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 483] write(1, "executing program\n", 18executing program ) = 18 [pid 483] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 483] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 483] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 483] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 483] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 483] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 483] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 483] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 483] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 483] memfd_create("syzkaller", 0) = 5 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 483] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 483] munmap(0x7f0259ca6000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.865047][ T480] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-479: bg 0: block 234: padding at end of block bitmap is not set [pid 483] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 483] close(5) = 0 [pid 483] close(6) = 0 [pid 483] mkdir("./file0", 0777) = 0 [pid 483] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 483] chdir("./file0") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_CLR_FD) = 0 [pid 483] close(6) = 0 [pid 483] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 483] write(6, "#! ./file1\n", 11) = 11 [pid 483] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 483] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 483] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=483, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 487 ./strace-static-x86_64: Process 487 attached [pid 487] set_robust_list(0x55556442e660, 24) = 0 [pid 487] chdir("./46") = 0 [pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 487] setpgid(0, 0) = 0 [pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 487] write(3, "1000", 4) = 4 [pid 487] close(3) = 0 [pid 487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 487] write(1, "executing program\n", 18executing program ) = 18 [pid 487] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 487] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 487] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 487] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 487] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 487] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 487] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 487] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 487] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 487] memfd_create("syzkaller", 0) = 5 [pid 487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 487] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 487] munmap(0x7f0259ca6000, 138412032) = 0 [pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.911861][ T483] loop0: detected capacity change from 0 to 2048 [ 25.941555][ T483] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 487] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 487] close(5) = 0 [pid 487] close(6) = 0 [pid 487] mkdir("./file0", 0777) = 0 [pid 487] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 487] chdir("./file0") = 0 [pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 487] ioctl(6, LOOP_CLR_FD) = 0 [pid 487] close(6) = 0 [pid 487] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 487] write(6, "#! ./file1\n", 11) = 11 [pid 487] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 487] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 487] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=487, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 491 ./strace-static-x86_64: Process 491 attached [pid 491] set_robust_list(0x55556442e660, 24) = 0 [pid 491] chdir("./47") = 0 [pid 491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 491] setpgid(0, 0) = 0 [pid 491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 491] write(3, "1000", 4) = 4 [pid 491] close(3) = 0 [pid 491] symlink("/dev/binderfs", "./binderfs") = 0 [pid 491] write(1, "executing program\n", 18executing program ) = 18 [pid 491] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 491] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 491] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 491] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 491] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 491] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 491] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 491] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 491] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 491] memfd_create("syzkaller", 0) = 5 [pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 491] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 491] munmap(0x7f0259ca6000, 138412032) = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.988225][ T487] loop0: detected capacity change from 0 to 2048 [ 26.012205][ T487] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 491] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 491] close(5) = 0 [pid 491] close(6) = 0 [pid 491] mkdir("./file0", 0777) = 0 [pid 491] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 491] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 491] chdir("./file0") = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 491] ioctl(6, LOOP_CLR_FD) = 0 [pid 491] close(6) = 0 [pid 491] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 491] write(6, "#! ./file1\n", 11) = 11 [pid 491] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 491] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 491] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=491, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 495 ./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x55556442e660, 24) = 0 [pid 495] chdir("./48") = 0 [pid 495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 495] setpgid(0, 0) = 0 [pid 495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 495] write(3, "1000", 4) = 4 [pid 495] close(3) = 0 [pid 495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 495] write(1, "executing program\n", 18executing program ) = 18 [pid 495] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 495] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 495] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 495] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 495] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 495] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 495] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 495] memfd_create("syzkaller", 0) = 5 [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 495] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 495] munmap(0x7f0259ca6000, 138412032) = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.059776][ T491] loop0: detected capacity change from 0 to 2048 [ 26.079764][ T491] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 495] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 495] close(5) = 0 [pid 495] close(6) = 0 [pid 495] mkdir("./file0", 0777) = 0 [pid 495] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 495] chdir("./file0") = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 495] ioctl(6, LOOP_CLR_FD) = 0 [pid 495] close(6) = 0 [pid 495] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 495] write(6, "#! ./file1\n", 11) = 11 [pid 495] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 495] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=495, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 499 ./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x55556442e660, 24) = 0 [pid 499] chdir("./49") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 499] write(1, "executing program\n", 18) = 18 [pid 499] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 499] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 499] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 499] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 499] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 499] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 499] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 499] memfd_create("syzkaller", 0) = 5 [pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 499] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 499] munmap(0x7f0259ca6000, 138412032) = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.136455][ T495] loop0: detected capacity change from 0 to 2048 [ 26.162665][ T495] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 499] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 499] close(5) = 0 [pid 499] close(6) = 0 [pid 499] mkdir("./file0", 0777) = 0 [pid 499] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 499] chdir("./file0") = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 499] ioctl(6, LOOP_CLR_FD) = 0 [pid 499] close(6) = 0 [pid 499] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 499] write(6, "#! ./file1\n", 11) = 11 [pid 499] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 499] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 499] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=499, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 503 ./strace-static-x86_64: Process 503 attached [pid 503] set_robust_list(0x55556442e660, 24) = 0 [pid 503] chdir("./50") = 0 [pid 503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 503] setpgid(0, 0) = 0 [pid 503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 503] write(3, "1000", 4) = 4 [pid 503] close(3) = 0 [pid 503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 503] write(1, "executing program\n", 18) = 18 [pid 503] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 503] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 503] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 503] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 503] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 503] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 503] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 503] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 503] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 503] memfd_create("syzkaller", 0) = 5 [pid 503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 503] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 503] munmap(0x7f0259ca6000, 138412032) = 0 [pid 503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.217130][ T499] loop0: detected capacity change from 0 to 2048 [ 26.234245][ T499] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 503] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 503] close(5) = 0 [pid 503] close(6) = 0 [pid 503] mkdir("./file0", 0777) = 0 [pid 503] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 503] chdir("./file0") = 0 [pid 503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 503] ioctl(6, LOOP_CLR_FD) = 0 [pid 503] close(6) = 0 [pid 503] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 503] write(6, "#! ./file1\n", 11) = 11 [pid 503] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 503] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 503] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=503, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 508 ./strace-static-x86_64: Process 508 attached [pid 508] set_robust_list(0x55556442e660, 24) = 0 [pid 508] chdir("./51") = 0 [pid 508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 508] setpgid(0, 0) = 0 [pid 508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 508] write(3, "1000", 4) = 4 [pid 508] close(3) = 0 [pid 508] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 508] write(1, "executing program\n", 18) = 18 [pid 508] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 508] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 508] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 508] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 508] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 508] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 508] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 508] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 508] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 508] memfd_create("syzkaller", 0) = 5 [pid 508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 508] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 508] munmap(0x7f0259ca6000, 138412032) = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.280718][ T503] loop0: detected capacity change from 0 to 2048 [ 26.299522][ T503] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 508] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 508] close(5) = 0 [pid 508] close(6) = 0 [pid 508] mkdir("./file0", 0777) = 0 [pid 508] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 508] chdir("./file0") = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 508] ioctl(6, LOOP_CLR_FD) = 0 [pid 508] close(6) = 0 [pid 508] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 508] write(6, "#! ./file1\n", 11) = 11 [pid 508] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 508] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 508] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=508, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 512 ./strace-static-x86_64: Process 512 attached [pid 512] set_robust_list(0x55556442e660, 24) = 0 [pid 512] chdir("./52") = 0 [pid 512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 512] setpgid(0, 0) = 0 [pid 512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 512] write(3, "1000", 4) = 4 [pid 512] close(3) = 0 [pid 512] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 512] write(1, "executing program\n", 18) = 18 [pid 512] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 512] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 512] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 512] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 512] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 512] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 512] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 512] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 512] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 512] memfd_create("syzkaller", 0) = 5 [pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 512] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 512] munmap(0x7f0259ca6000, 138412032) = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.347340][ T508] loop0: detected capacity change from 0 to 2048 [ 26.366887][ T508] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 512] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 512] close(5) = 0 [pid 512] close(6) = 0 [pid 512] mkdir("./file0", 0777) = 0 [pid 512] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 512] chdir("./file0") = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 512] ioctl(6, LOOP_CLR_FD) = 0 [pid 512] close(6) = 0 [pid 512] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 512] write(6, "#! ./file1\n", 11) = 11 [pid 512] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 512] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 512] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=512, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 516 ./strace-static-x86_64: Process 516 attached [pid 516] set_robust_list(0x55556442e660, 24) = 0 [pid 516] chdir("./53") = 0 [pid 516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 516] setpgid(0, 0) = 0 [pid 516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 516] write(3, "1000", 4) = 4 [pid 516] close(3) = 0 [pid 516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 516] write(1, "executing program\n", 18executing program ) = 18 [pid 516] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 516] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 516] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 516] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 516] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 516] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 516] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 516] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 516] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 516] memfd_create("syzkaller", 0) = 5 [pid 516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 516] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 516] munmap(0x7f0259ca6000, 138412032) = 0 [pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.420068][ T512] loop0: detected capacity change from 0 to 2048 [ 26.455723][ T513] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-512: bg 0: block 234: padding at end of block bitmap is not set [pid 516] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 516] close(5) = 0 [pid 516] close(6) = 0 [pid 516] mkdir("./file0", 0777) = 0 [pid 516] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 516] chdir("./file0") = 0 [pid 516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 516] ioctl(6, LOOP_CLR_FD) = 0 [pid 516] close(6) = 0 [pid 516] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 516] write(6, "#! ./file1\n", 11) = 11 [pid 516] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 516] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 516] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=516, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x55556442e660, 24) = 0 [pid 520] chdir("./54") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] write(1, "executing program\n", 18) = 18 [pid 520] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 520] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 520] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 520] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 520] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 520] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 520] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 520] memfd_create("syzkaller", 0) = 5 [pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 520] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 520] munmap(0x7f0259ca6000, 138412032) = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.501114][ T516] loop0: detected capacity change from 0 to 2048 [ 26.519811][ T516] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 520] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 520] close(5) = 0 [pid 520] close(6) = 0 [pid 520] mkdir("./file0", 0777) = 0 [pid 520] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 520] chdir("./file0") = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 520] ioctl(6, LOOP_CLR_FD) = 0 [pid 520] close(6) = 0 [pid 520] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 520] write(6, "#! ./file1\n", 11) = 11 [pid 520] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 520] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 520] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=520, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 524 ./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x55556442e660, 24) = 0 [pid 524] chdir("./55") = 0 [pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 524] setpgid(0, 0) = 0 [pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 524] write(3, "1000", 4) = 4 [pid 524] close(3) = 0 [pid 524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 524] write(1, "executing program\n", 18executing program ) = 18 [pid 524] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 524] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 524] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 524] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 524] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 524] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 524] memfd_create("syzkaller", 0) = 5 [pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 524] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 524] munmap(0x7f0259ca6000, 138412032) = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.570050][ T520] loop0: detected capacity change from 0 to 2048 [ 26.594608][ T521] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-520: bg 0: block 234: padding at end of block bitmap is not set [pid 524] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 524] close(5) = 0 [pid 524] close(6) = 0 [pid 524] mkdir("./file0", 0777) = 0 [pid 524] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 524] chdir("./file0") = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_CLR_FD) = 0 [pid 524] close(6) = 0 [pid 524] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 524] write(6, "#! ./file1\n", 11) = 11 [pid 524] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 524] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 524] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=524, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 528 ./strace-static-x86_64: Process 528 attached [pid 528] set_robust_list(0x55556442e660, 24) = 0 [pid 528] chdir("./56") = 0 [pid 528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 528] setpgid(0, 0) = 0 [pid 528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 528] write(3, "1000", 4) = 4 [pid 528] close(3) = 0 [pid 528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 528] write(1, "executing program\n", 18) = 18 [pid 528] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 528] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 528] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 528] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 528] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 528] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 528] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 528] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 528] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 528] memfd_create("syzkaller", 0) = 5 [pid 528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 528] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 528] munmap(0x7f0259ca6000, 138412032) = 0 [pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.647013][ T524] loop0: detected capacity change from 0 to 2048 [ 26.674605][ T525] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-524: bg 0: block 234: padding at end of block bitmap is not set [pid 528] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 528] close(5) = 0 [pid 528] close(6) = 0 [pid 528] mkdir("./file0", 0777) = 0 [pid 528] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 528] chdir("./file0") = 0 [pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 528] ioctl(6, LOOP_CLR_FD) = 0 [pid 528] close(6) = 0 [pid 528] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 528] write(6, "#! ./file1\n", 11) = 11 [pid 528] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 528] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 528] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=528, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 532 ./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x55556442e660, 24) = 0 [pid 532] chdir("./57") = 0 [pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 532] setpgid(0, 0) = 0 [pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 532] write(3, "1000", 4) = 4 [pid 532] close(3) = 0 [pid 532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 532] write(1, "executing program\n", 18) = 18 [pid 532] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 532] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 532] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 532] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 532] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 532] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 532] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 532] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 532] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 532] memfd_create("syzkaller", 0) = 5 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 532] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 532] munmap(0x7f0259ca6000, 138412032) = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.723276][ T528] loop0: detected capacity change from 0 to 2048 [ 26.743269][ T528] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 532] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 532] close(5) = 0 [pid 532] close(6) = 0 [pid 532] mkdir("./file0", 0777) = 0 [pid 532] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 532] chdir("./file0") = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 532] ioctl(6, LOOP_CLR_FD) = 0 [pid 532] close(6) = 0 [pid 532] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 532] write(6, "#! ./file1\n", 11) = 11 [pid 532] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 532] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 532] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=532, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 536 ./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x55556442e660, 24) = 0 [pid 536] chdir("./58") = 0 [pid 536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 536] setpgid(0, 0) = 0 [pid 536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 536] write(3, "1000", 4) = 4 [pid 536] close(3) = 0 [pid 536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 536] write(1, "executing program\n", 18executing program ) = 18 [pid 536] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 536] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 536] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 536] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 536] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 536] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 536] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 536] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 536] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 536] memfd_create("syzkaller", 0) = 5 [pid 536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 536] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 536] munmap(0x7f0259ca6000, 138412032) = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.794196][ T532] loop0: detected capacity change from 0 to 2048 [ 26.814006][ T532] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 536] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 536] close(5) = 0 [pid 536] close(6) = 0 [pid 536] mkdir("./file0", 0777) = 0 [pid 536] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 536] chdir("./file0") = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 536] ioctl(6, LOOP_CLR_FD) = 0 [pid 536] close(6) = 0 [pid 536] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 536] write(6, "#! ./file1\n", 11) = 11 [pid 536] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 536] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 536] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=536, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 executing program ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 540 ./strace-static-x86_64: Process 540 attached [pid 540] set_robust_list(0x55556442e660, 24) = 0 [pid 540] chdir("./59") = 0 [pid 540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 540] setpgid(0, 0) = 0 [pid 540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 540] write(3, "1000", 4) = 4 [pid 540] close(3) = 0 [pid 540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 540] write(1, "executing program\n", 18) = 18 [pid 540] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 540] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 540] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 540] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 540] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 540] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 540] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 540] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 540] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 540] memfd_create("syzkaller", 0) = 5 [pid 540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 540] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 540] munmap(0x7f0259ca6000, 138412032) = 0 [pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.868411][ T536] loop0: detected capacity change from 0 to 2048 [ 26.889951][ T536] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 540] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 540] close(5) = 0 [pid 540] close(6) = 0 [pid 540] mkdir("./file0", 0777) = 0 [pid 540] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 540] chdir("./file0") = 0 [pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 540] ioctl(6, LOOP_CLR_FD) = 0 [pid 540] close(6) = 0 [pid 540] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 540] write(6, "#! ./file1\n", 11) = 11 [pid 540] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 540] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 540] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=540, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 544 ./strace-static-x86_64: Process 544 attached [pid 544] set_robust_list(0x55556442e660, 24) = 0 [pid 544] chdir("./60") = 0 [pid 544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 544] setpgid(0, 0) = 0 [pid 544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 544] write(3, "1000", 4) = 4 [pid 544] close(3) = 0 [pid 544] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 544] write(1, "executing program\n", 18) = 18 [pid 544] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 544] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 544] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 544] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 544] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 544] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 544] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 544] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 544] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 544] memfd_create("syzkaller", 0) = 5 [pid 544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 544] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 544] munmap(0x7f0259ca6000, 138412032) = 0 [pid 544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.939679][ T540] loop0: detected capacity change from 0 to 2048 [ 26.967608][ T541] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-540: bg 0: block 234: padding at end of block bitmap is not set [pid 544] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 544] close(5) = 0 [pid 544] close(6) = 0 [pid 544] mkdir("./file0", 0777) = 0 [pid 544] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 544] chdir("./file0") = 0 [pid 544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 544] ioctl(6, LOOP_CLR_FD) = 0 [pid 544] close(6) = 0 [pid 544] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 544] write(6, "#! ./file1\n", 11) = 11 [pid 544] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 544] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 544] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=544, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 548 ./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x55556442e660, 24) = 0 [pid 548] chdir("./61") = 0 [pid 548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 548] setpgid(0, 0) = 0 [pid 548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 548] write(3, "1000", 4) = 4 [pid 548] close(3) = 0 [pid 548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 548] write(1, "executing program\n", 18executing program ) = 18 [pid 548] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 548] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 548] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 548] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 548] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 548] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 548] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 548] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 548] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 548] memfd_create("syzkaller", 0) = 5 [pid 548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [ 27.014290][ T544] loop0: detected capacity change from 0 to 2048 [ 27.045325][ T544] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 548] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 548] munmap(0x7f0259ca6000, 138412032) = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 548] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 548] close(5) = 0 [pid 548] close(6) = 0 [pid 548] mkdir("./file0", 0777) = 0 [pid 548] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 548] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 548] chdir("./file0") = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 548] ioctl(6, LOOP_CLR_FD) = 0 [pid 548] close(6) = 0 [pid 548] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 548] write(6, "#! ./file1\n", 11) = 11 [ 27.097536][ T548] loop0: detected capacity change from 0 to 2048 [pid 548] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 548] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 548] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=548, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 552 ./strace-static-x86_64: Process 552 attached [pid 552] set_robust_list(0x55556442e660, 24) = 0 [pid 552] chdir("./62") = 0 [pid 552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 552] setpgid(0, 0) = 0 [pid 552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 552] write(3, "1000", 4) = 4 [pid 552] close(3) = 0 [pid 552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 552] write(1, "executing program\n", 18) = 18 [pid 552] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 552] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 552] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 552] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 552] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 552] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 552] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 552] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 552] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 552] memfd_create("syzkaller", 0) = 5 [pid 552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 552] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 552] munmap(0x7f0259ca6000, 138412032) = 0 [pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.142587][ T549] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-548: bg 0: block 234: padding at end of block bitmap is not set [pid 552] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 552] close(5) = 0 [pid 552] close(6) = 0 [pid 552] mkdir("./file0", 0777) = 0 [pid 552] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 552] chdir("./file0") = 0 [pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 552] ioctl(6, LOOP_CLR_FD) = 0 [pid 552] close(6) = 0 [pid 552] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 552] write(6, "#! ./file1\n", 11) = 11 [pid 552] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 552] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 552] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=552, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 556 ./strace-static-x86_64: Process 556 attached [pid 556] set_robust_list(0x55556442e660, 24) = 0 [pid 556] chdir("./63") = 0 [pid 556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 556] setpgid(0, 0) = 0 [pid 556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 556] write(3, "1000", 4) = 4 [pid 556] close(3) = 0 [pid 556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 556] write(1, "executing program\n", 18executing program ) = 18 [pid 556] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 556] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 556] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 556] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 556] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 556] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 556] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 556] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 556] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 556] memfd_create("syzkaller", 0) = 5 [pid 556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 556] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 556] munmap(0x7f0259ca6000, 138412032) = 0 [ 27.190948][ T552] loop0: detected capacity change from 0 to 2048 [ 27.211661][ T552] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 556] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 556] close(5) = 0 [pid 556] close(6) = 0 [pid 556] mkdir("./file0", 0777) = 0 [pid 556] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 556] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 556] chdir("./file0") = 0 [pid 556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 556] ioctl(6, LOOP_CLR_FD) = 0 [pid 556] close(6) = 0 [pid 556] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 556] write(6, "#! ./file1\n", 11) = 11 [pid 556] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.255832][ T556] loop0: detected capacity change from 0 to 2048 [pid 556] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 556] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=556, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0"executing program ) = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 561 ./strace-static-x86_64: Process 561 attached [pid 561] set_robust_list(0x55556442e660, 24) = 0 [pid 561] chdir("./64") = 0 [pid 561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 561] setpgid(0, 0) = 0 [pid 561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 561] write(3, "1000", 4) = 4 [pid 561] close(3) = 0 [pid 561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 561] write(1, "executing program\n", 18) = 18 [pid 561] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 561] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 561] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 561] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 561] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 561] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 561] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 561] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 561] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 561] memfd_create("syzkaller", 0) = 5 [pid 561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 561] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 561] munmap(0x7f0259ca6000, 138412032) = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.294384][ T557] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-556: bg 0: block 234: padding at end of block bitmap is not set [pid 561] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 561] close(5) = 0 [pid 561] close(6) = 0 [pid 561] mkdir("./file0", 0777) = 0 [pid 561] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 561] chdir("./file0") = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 561] ioctl(6, LOOP_CLR_FD) = 0 [pid 561] close(6) = 0 [pid 561] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 561] write(6, "#! ./file1\n", 11) = 11 [pid 561] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 561] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 561] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=561, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 565 ./strace-static-x86_64: Process 565 attached [pid 565] set_robust_list(0x55556442e660, 24) = 0 [pid 565] chdir("./65") = 0 [pid 565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 565] setpgid(0, 0) = 0 [pid 565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 565] write(3, "1000", 4) = 4 [pid 565] close(3) = 0 [pid 565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 565] write(1, "executing program\n", 18) = 18 [pid 565] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 565] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 565] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 565] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 565] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 565] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 565] memfd_create("syzkaller", 0) = 5 [pid 565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 565] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 565] munmap(0x7f0259ca6000, 138412032) = 0 [pid 565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.340134][ T561] loop0: detected capacity change from 0 to 2048 [ 27.360041][ T561] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 565] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 565] close(5) = 0 [pid 565] close(6) = 0 [pid 565] mkdir("./file0", 0777) = 0 [pid 565] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 565] chdir("./file0") = 0 [pid 565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 565] ioctl(6, LOOP_CLR_FD) = 0 [pid 565] close(6) = 0 [pid 565] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 565] write(6, "#! ./file1\n", 11) = 11 [pid 565] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 565] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=565, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 569 ./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x55556442e660, 24) = 0 [pid 569] chdir("./66") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 569] write(1, "executing program\n", 18) = 18 [pid 569] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 569] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 569] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 569] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 569] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 569] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 569] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 569] memfd_create("syzkaller", 0) = 5 [pid 569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [ 27.411903][ T565] loop0: detected capacity change from 0 to 2048 [ 27.446254][ T565] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 569] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 569] munmap(0x7f0259ca6000, 138412032) = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 569] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 569] close(5) = 0 [pid 569] close(6) = 0 [pid 569] mkdir("./file0", 0777) = 0 [pid 569] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 569] chdir("./file0") = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 569] ioctl(6, LOOP_CLR_FD) = 0 [pid 569] close(6) = 0 [pid 569] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 569] write(6, "#! ./file1\n", 11) = 11 [pid 569] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.497234][ T569] loop0: detected capacity change from 0 to 2048 [pid 569] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 569] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=569, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 573 ./strace-static-x86_64: Process 573 attached [pid 573] set_robust_list(0x55556442e660, 24) = 0 [pid 573] chdir("./67") = 0 [pid 573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 573] setpgid(0, 0) = 0 [pid 573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 573] write(3, "1000", 4) = 4 [pid 573] close(3) = 0 [pid 573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 573] write(1, "executing program\n", 18) = 18 [pid 573] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 573] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 573] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 573] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 573] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 573] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 573] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 573] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 573] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 573] memfd_create("syzkaller", 0) = 5 [pid 573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 573] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 573] munmap(0x7f0259ca6000, 138412032) = 0 [ 27.535882][ T569] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 573] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 573] close(5) = 0 [pid 573] close(6) = 0 [pid 573] mkdir("./file0", 0777) = 0 [pid 573] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 573] chdir("./file0") = 0 [pid 573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 573] ioctl(6, LOOP_CLR_FD) = 0 [pid 573] close(6) = 0 [pid 573] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 573] write(6, "#! ./file1\n", 11) = 11 [pid 573] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 573] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 573] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=573, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 577 ./strace-static-x86_64: Process 577 attached [pid 577] set_robust_list(0x55556442e660, 24) = 0 [pid 577] chdir("./68") = 0 [pid 577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 577] setpgid(0, 0) = 0 [pid 577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 577] write(3, "1000", 4) = 4 [pid 577] close(3) = 0 [pid 577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 577] write(1, "executing program\n", 18) = 18 [pid 577] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 577] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 577] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 577] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 577] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 577] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 577] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 577] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 577] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 577] memfd_create("syzkaller", 0) = 5 [pid 577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 577] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 577] munmap(0x7f0259ca6000, 138412032) = 0 [pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.582728][ T573] loop0: detected capacity change from 0 to 2048 [ 27.611450][ T573] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 577] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 577] close(5) = 0 [pid 577] close(6) = 0 [pid 577] mkdir("./file0", 0777) = 0 [pid 577] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 577] chdir("./file0") = 0 [pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 577] ioctl(6, LOOP_CLR_FD) = 0 [pid 577] close(6) = 0 [pid 577] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 577] write(6, "#! ./file1\n", 11) = 11 [pid 577] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 577] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 577] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=577, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 581 ./strace-static-x86_64: Process 581 attached [pid 581] set_robust_list(0x55556442e660, 24) = 0 [pid 581] chdir("./69") = 0 [pid 581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 581] setpgid(0, 0) = 0 [pid 581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 581] write(3, "1000", 4) = 4 [pid 581] close(3) = 0 [pid 581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 581] write(1, "executing program\n", 18) = 18 [pid 581] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 581] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 581] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 581] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 581] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 581] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 581] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 581] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 581] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 581] memfd_create("syzkaller", 0) = 5 [pid 581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 581] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 581] munmap(0x7f0259ca6000, 138412032) = 0 [pid 581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.659093][ T577] loop0: detected capacity change from 0 to 2048 [ 27.688478][ T578] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-577: bg 0: block 234: padding at end of block bitmap is not set [pid 581] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 581] close(5) = 0 [pid 581] close(6) = 0 [pid 581] mkdir("./file0", 0777) = 0 [pid 581] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 581] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 581] chdir("./file0") = 0 [pid 581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 581] ioctl(6, LOOP_CLR_FD) = 0 [pid 581] close(6) = 0 [pid 581] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 581] write(6, "#! ./file1\n", 11) = 11 [pid 581] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 581] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 581] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=581, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 27.737062][ T581] loop0: detected capacity change from 0 to 2048 [ 27.772566][ T581] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 585 ./strace-static-x86_64: Process 585 attached [pid 585] set_robust_list(0x55556442e660, 24) = 0 [pid 585] chdir("./70") = 0 [pid 585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 585] setpgid(0, 0) = 0 [pid 585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 585] write(3, "1000", 4) = 4 [pid 585] close(3) = 0 [pid 585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 585] write(1, "executing program\n", 18) = 18 [pid 585] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 585] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 585] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 585] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 585] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 585] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 585] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 585] memfd_create("syzkaller", 0) = 5 [pid 585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 585] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 585] munmap(0x7f0259ca6000, 138412032) = 0 [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 585] close(5) = 0 [pid 585] close(6) = 0 [pid 585] mkdir("./file0", 0777) = 0 [pid 585] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 585] chdir("./file0") = 0 [pid 585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 585] ioctl(6, LOOP_CLR_FD) = 0 [pid 585] close(6) = 0 [pid 585] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 585] write(6, "#! ./file1\n", 11) = 11 [pid 585] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 585] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=585, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 589 ./strace-static-x86_64: Process 589 attached [pid 589] set_robust_list(0x55556442e660, 24) = 0 [pid 589] chdir("./71") = 0 [pid 589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 589] setpgid(0, 0) = 0 [pid 589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 589] write(3, "1000", 4) = 4 [pid 589] close(3) = 0 [pid 589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 589] write(1, "executing program\n", 18executing program ) = 18 [pid 589] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 589] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 589] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 589] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 589] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 589] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 589] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 589] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 589] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 589] memfd_create("syzkaller", 0) = 5 [pid 589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 589] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 589] munmap(0x7f0259ca6000, 138412032) = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.818325][ T585] loop0: detected capacity change from 0 to 2048 [ 27.841589][ T585] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 589] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 589] close(5) = 0 [pid 589] close(6) = 0 [pid 589] mkdir("./file0", 0777) = 0 [pid 589] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 589] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 589] chdir("./file0") = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_CLR_FD) = 0 [pid 589] close(6) = 0 [pid 589] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 589] write(6, "#! ./file1\n", 11) = 11 [pid 589] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 589] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 589] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=589, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 593 ./strace-static-x86_64: Process 593 attached [pid 593] set_robust_list(0x55556442e660, 24) = 0 [pid 593] chdir("./72") = 0 [pid 593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 593] setpgid(0, 0) = 0 [pid 593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 593] write(3, "1000", 4) = 4 [pid 593] close(3) = 0 [pid 593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 593] write(1, "executing program\n", 18) = 18 [pid 593] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 593] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 593] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 593] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 593] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 593] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 593] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 593] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 593] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 593] memfd_create("syzkaller", 0) = 5 [pid 593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 593] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 593] munmap(0x7f0259ca6000, 138412032) = 0 [pid 593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.896413][ T589] loop0: detected capacity change from 0 to 2048 [ 27.920286][ T590] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-589: bg 0: block 234: padding at end of block bitmap is not set [pid 593] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 593] close(5) = 0 [pid 593] close(6) = 0 [pid 593] mkdir("./file0", 0777) = 0 [pid 593] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 593] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 593] chdir("./file0") = 0 [pid 593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 593] ioctl(6, LOOP_CLR_FD) = 0 [pid 593] close(6) = 0 [pid 593] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 593] write(6, "#! ./file1\n", 11) = 11 [pid 593] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 593] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 593] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=593, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 597 ./strace-static-x86_64: Process 597 attached [pid 597] set_robust_list(0x55556442e660, 24) = 0 [pid 597] chdir("./73") = 0 [pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 597] setpgid(0, 0) = 0 [pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 597] write(3, "1000", 4) = 4 [pid 597] close(3) = 0 [pid 597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 597] write(1, "executing program\n", 18executing program ) = 18 [pid 597] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 597] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 597] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 597] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 597] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 597] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 597] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 597] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 597] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 597] memfd_create("syzkaller", 0) = 5 [pid 597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 597] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 597] munmap(0x7f0259ca6000, 138412032) = 0 [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.963362][ T593] loop0: detected capacity change from 0 to 2048 [ 27.988152][ T594] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-593: bg 0: block 234: padding at end of block bitmap is not set [pid 597] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 597] close(5) = 0 [pid 597] close(6) = 0 [pid 597] mkdir("./file0", 0777) = 0 [pid 597] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 597] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 597] chdir("./file0") = 0 [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 597] ioctl(6, LOOP_CLR_FD) = 0 [pid 597] close(6) = 0 [pid 597] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 597] write(6, "#! ./file1\n", 11) = 11 [pid 597] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 597] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 597] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=597, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 601 ./strace-static-x86_64: Process 601 attached [pid 601] set_robust_list(0x55556442e660, 24) = 0 [pid 601] chdir("./74") = 0 [pid 601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 601] setpgid(0, 0) = 0 [pid 601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 601] write(3, "1000", 4) = 4 [pid 601] close(3) = 0 [pid 601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 601] write(1, "executing program\n", 18) = 18 [pid 601] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 601] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 601] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 601] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 601] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 601] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 601] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 601] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 601] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 601] memfd_create("syzkaller", 0) = 5 [pid 601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 601] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 601] munmap(0x7f0259ca6000, 138412032) = 0 [pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.029540][ T597] loop0: detected capacity change from 0 to 2048 [ 28.056447][ T597] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 601] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 601] close(5) = 0 [pid 601] close(6) = 0 [pid 601] mkdir("./file0", 0777) = 0 [pid 601] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 601] chdir("./file0") = 0 [pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 601] ioctl(6, LOOP_CLR_FD) = 0 [pid 601] close(6) = 0 [pid 601] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 601] write(6, "#! ./file1\n", 11) = 11 [pid 601] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.108108][ T601] loop0: detected capacity change from 0 to 2048 [ 28.143764][ T601] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 601] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 601] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=601, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 605 ./strace-static-x86_64: Process 605 attached [pid 605] set_robust_list(0x55556442e660, 24) = 0 [pid 605] chdir("./75") = 0 [pid 605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 605] setpgid(0, 0executing program ) = 0 [pid 605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 605] write(3, "1000", 4) = 4 [pid 605] close(3) = 0 [pid 605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 605] write(1, "executing program\n", 18) = 18 [pid 605] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 605] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 605] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 605] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 605] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 605] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 605] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 605] memfd_create("syzkaller", 0) = 5 [pid 605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 605] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 605] munmap(0x7f0259ca6000, 138412032) = 0 [pid 605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 605] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 605] close(5) = 0 [pid 605] close(6) = 0 [pid 605] mkdir("./file0", 0777) = 0 [pid 605] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 605] chdir("./file0") = 0 [pid 605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 605] ioctl(6, LOOP_CLR_FD) = 0 [pid 605] close(6) = 0 [pid 605] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 605] write(6, "#! ./file1\n", 11) = 11 [pid 605] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 605] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=605, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 609 ./strace-static-x86_64: Process 609 attached [pid 609] set_robust_list(0x55556442e660, 24) = 0 [pid 609] chdir("./76") = 0 [pid 609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 609] setpgid(0, 0) = 0 [pid 609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 609] write(3, "1000", 4) = 4 [pid 609] close(3) = 0 [pid 609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 609] write(1, "executing program\n", 18executing program ) = 18 [pid 609] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 609] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 609] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 609] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 609] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 609] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 609] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 609] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 609] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 609] memfd_create("syzkaller", 0) = 5 [pid 609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 609] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 609] munmap(0x7f0259ca6000, 138412032) = 0 [pid 609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.194761][ T605] loop0: detected capacity change from 0 to 2048 [ 28.211493][ T605] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 609] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 609] close(5) = 0 [pid 609] close(6) = 0 [pid 609] mkdir("./file0", 0777) = 0 [pid 609] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 609] chdir("./file0") = 0 [pid 609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 609] ioctl(6, LOOP_CLR_FD) = 0 [pid 609] close(6) = 0 [pid 609] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 609] write(6, "#! ./file1\n", 11) = 11 [pid 609] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 609] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 609] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=609, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 614 ./strace-static-x86_64: Process 614 attached [pid 614] set_robust_list(0x55556442e660, 24) = 0 [pid 614] chdir("./77") = 0 [pid 614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 614] setpgid(0, 0) = 0 [pid 614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 614] write(3, "1000", 4) = 4 [pid 614] close(3) = 0 [pid 614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 614] write(1, "executing program\n", 18) = 18 [pid 614] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 614] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 614] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 614] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 614] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 614] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 614] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 614] memfd_create("syzkaller", 0) = 5 [pid 614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [ 28.262924][ T609] loop0: detected capacity change from 0 to 2048 [ 28.297587][ T610] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-609: bg 0: block 234: padding at end of block bitmap is not set [pid 614] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 614] munmap(0x7f0259ca6000, 138412032) = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 614] close(5) = 0 [pid 614] close(6) = 0 [pid 614] mkdir("./file0", 0777) = 0 [pid 614] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 614] chdir("./file0") = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_CLR_FD) = 0 [pid 614] close(6) = 0 [pid 614] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 614] write(6, "#! ./file1\n", 11) = 11 [pid 614] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 614] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 614] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=614, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 618 ./strace-static-x86_64: Process 618 attached [pid 618] set_robust_list(0x55556442e660, 24) = 0 [pid 618] chdir("./78") = 0 [pid 618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 618] setpgid(0, 0) = 0 [pid 618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 618] write(3, "1000", 4) = 4 [pid 618] close(3) = 0 [pid 618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 618] write(1, "executing program\n", 18) = 18 [pid 618] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 618] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 618] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 618] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 618] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 618] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 618] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 618] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 618] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 618] memfd_create("syzkaller", 0) = 5 [pid 618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 618] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 618] munmap(0x7f0259ca6000, 138412032) = 0 [pid 618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.345595][ T614] loop0: detected capacity change from 0 to 2048 [ 28.360240][ T614] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 618] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 618] close(5) = 0 [pid 618] close(6) = 0 [pid 618] mkdir("./file0", 0777) = 0 [pid 618] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 618] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 618] chdir("./file0") = 0 [pid 618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 618] ioctl(6, LOOP_CLR_FD) = 0 [pid 618] close(6) = 0 [pid 618] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 618] write(6, "#! ./file1\n", 11) = 11 [pid 618] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 618] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 618] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=618, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 622 ./strace-static-x86_64: Process 622 attached [pid 622] set_robust_list(0x55556442e660, 24) = 0 [pid 622] chdir("./79") = 0 [pid 622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 622] setpgid(0, 0) = 0 [pid 622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 622] write(3, "1000", 4) = 4 [pid 622] close(3) = 0 [pid 622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 622] write(1, "executing program\n", 18executing program ) = 18 [pid 622] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 622] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 622] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 622] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 622] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 622] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 622] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 622] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 622] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 622] memfd_create("syzkaller", 0) = 5 [pid 622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [ 28.410547][ T618] loop0: detected capacity change from 0 to 2048 [ 28.444344][ T619] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-618: bg 0: block 234: padding at end of block bitmap is not set [pid 622] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 622] munmap(0x7f0259ca6000, 138412032) = 0 [pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 622] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 622] close(5) = 0 [pid 622] close(6) = 0 [pid 622] mkdir("./file0", 0777) = 0 [pid 622] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 622] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 622] chdir("./file0") = 0 [pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 622] ioctl(6, LOOP_CLR_FD) = 0 [pid 622] close(6) = 0 [pid 622] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 622] write(6, "#! ./file1\n", 11) = 11 [pid 622] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 622] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 622] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=622, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 626 ./strace-static-x86_64: Process 626 attached [pid 626] set_robust_list(0x55556442e660, 24) = 0 [pid 626] chdir("./80") = 0 [pid 626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 626] setpgid(0, 0) = 0 [pid 626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 626] write(3, "1000", 4) = 4 [pid 626] close(3) = 0 [pid 626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 626] write(1, "executing program\n", 18) = 18 [pid 626] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 executing program [pid 626] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 626] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 626] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 626] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 626] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 626] memfd_create("syzkaller", 0) = 5 [pid 626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 626] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 626] munmap(0x7f0259ca6000, 138412032) = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.492976][ T622] loop0: detected capacity change from 0 to 2048 [ 28.521804][ T622] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 626] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 626] close(5) = 0 [pid 626] close(6) = 0 [pid 626] mkdir("./file0", 0777) = 0 [pid 626] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 626] chdir("./file0") = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_CLR_FD) = 0 [pid 626] close(6) = 0 [pid 626] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 626] write(6, "#! ./file1\n", 11) = 11 [pid 626] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 626] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=626, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 630 ./strace-static-x86_64: Process 630 attached [pid 630] set_robust_list(0x55556442e660, 24) = 0 [pid 630] chdir("./81") = 0 [pid 630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 630] setpgid(0, 0) = 0 [pid 630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 630] write(3, "1000", 4) = 4 [pid 630] close(3) = 0 [pid 630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 630] write(1, "executing program\n", 18) = 18 [pid 630] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 630] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 630] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 630] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 630] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 630] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 630] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 630] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 630] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 630] memfd_create("syzkaller", 0) = 5 [pid 630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 630] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 630] munmap(0x7f0259ca6000, 138412032) = 0 [pid 630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.572597][ T626] loop0: detected capacity change from 0 to 2048 [ 28.592158][ T626] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 630] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 630] close(5) = 0 [pid 630] close(6) = 0 [pid 630] mkdir("./file0", 0777) = 0 [pid 630] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 630] chdir("./file0") = 0 [pid 630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 630] ioctl(6, LOOP_CLR_FD) = 0 [pid 630] close(6) = 0 [pid 630] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 630] write(6, "#! ./file1\n", 11) = 11 [pid 630] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 630] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=630, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 634 ./strace-static-x86_64: Process 634 attached [pid 634] set_robust_list(0x55556442e660, 24) = 0 [pid 634] chdir("./82") = 0 [pid 634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 634] setpgid(0, 0) = 0 [pid 634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 634] write(3, "1000", 4) = 4 [pid 634] close(3) = 0 [pid 634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 634] write(1, "executing program\n", 18) = 18 [pid 634] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 634] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 634] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 634] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 634] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 634] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 634] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 634] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 634] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 634] memfd_create("syzkaller", 0) = 5 [pid 634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 634] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 634] munmap(0x7f0259ca6000, 138412032) = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.638440][ T630] loop0: detected capacity change from 0 to 2048 [ 28.666531][ T631] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-630: bg 0: block 234: padding at end of block bitmap is not set [pid 634] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 634] close(5) = 0 [pid 634] close(6) = 0 [pid 634] mkdir("./file0", 0777) = 0 [pid 634] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 634] chdir("./file0") = 0 [pid 634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 634] ioctl(6, LOOP_CLR_FD) = 0 [pid 634] close(6) = 0 [pid 634] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 634] write(6, "#! ./file1\n", 11) = 11 [pid 634] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 634] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 634] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=634, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 638 ./strace-static-x86_64: Process 638 attached [pid 638] set_robust_list(0x55556442e660, 24) = 0 [pid 638] chdir("./83") = 0 [pid 638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 638] setpgid(0, 0) = 0 [pid 638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 638] write(3, "1000", 4) = 4 [pid 638] close(3) = 0 [pid 638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 638] write(1, "executing program\n", 18) = 18 [pid 638] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 638] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 638] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 638] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 638] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 638] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 638] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 638] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 638] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 638] memfd_create("syzkaller", 0) = 5 [pid 638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 638] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 638] munmap(0x7f0259ca6000, 138412032) = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.714941][ T634] loop0: detected capacity change from 0 to 2048 [ 28.734470][ T634] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 638] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 638] close(5) = 0 [pid 638] close(6) = 0 [pid 638] mkdir("./file0", 0777) = 0 [pid 638] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 638] chdir("./file0") = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 638] ioctl(6, LOOP_CLR_FD) = 0 [pid 638] close(6) = 0 [pid 638] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 638] write(6, "#! ./file1\n", 11) = 11 [pid 638] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 638] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 638] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=638, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 642 ./strace-static-x86_64: Process 642 attached [pid 642] set_robust_list(0x55556442e660, 24) = 0 [pid 642] chdir("./84") = 0 [pid 642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 642] setpgid(0, 0) = 0 [pid 642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 642] write(3, "1000", 4) = 4 [pid 642] close(3) = 0 [pid 642] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 642] write(1, "executing program\n", 18) = 18 [pid 642] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 642] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 642] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 642] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 642] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 642] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 642] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 642] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 642] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 642] memfd_create("syzkaller", 0) = 5 [pid 642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [ 28.783287][ T638] loop0: detected capacity change from 0 to 2048 [ 28.814866][ T638] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 642] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 642] munmap(0x7f0259ca6000, 138412032) = 0 [pid 642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 642] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 642] close(5) = 0 [pid 642] close(6) = 0 [pid 642] mkdir("./file0", 0777) = 0 [pid 642] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 642] chdir("./file0") = 0 [pid 642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 642] ioctl(6, LOOP_CLR_FD) = 0 [pid 642] close(6) = 0 [pid 642] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 642] write(6, "#! ./file1\n", 11) = 11 [pid 642] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 28.868941][ T642] loop0: detected capacity change from 0 to 2048 [pid 642] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 642] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=642, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 646 ./strace-static-x86_64: Process 646 attached [pid 646] set_robust_list(0x55556442e660, 24) = 0 [pid 646] chdir("./85") = 0 [pid 646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 646] setpgid(0, 0) = 0 [pid 646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 646] write(3, "1000", 4) = 4 [pid 646] close(3) = 0 [pid 646] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 646] write(1, "executing program\n", 18) = 18 [pid 646] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 646] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 646] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 646] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 646] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 646] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 646] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 646] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 646] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 646] memfd_create("syzkaller", 0) = 5 [pid 646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 646] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 646] munmap(0x7f0259ca6000, 138412032) = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.906094][ T643] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-642: bg 0: block 234: padding at end of block bitmap is not set [pid 646] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 646] close(5) = 0 [pid 646] close(6) = 0 [pid 646] mkdir("./file0", 0777) = 0 [pid 646] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 646] chdir("./file0") = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 646] ioctl(6, LOOP_CLR_FD) = 0 [pid 646] close(6) = 0 [pid 646] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 646] write(6, "#! ./file1\n", 11) = 11 [pid 646] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 646] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 646] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=646, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 650 ./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x55556442e660, 24) = 0 [pid 650] chdir("./86") = 0 [pid 650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 650] setpgid(0, 0) = 0 [pid 650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 650] write(3, "1000", 4) = 4 [pid 650] close(3) = 0 [pid 650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 650] write(1, "executing program\n", 18) = 18 [pid 650] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 650] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 650] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 650] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 650] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 650] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 650] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 650] memfd_create("syzkaller", 0) = 5 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 650] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 650] munmap(0x7f0259ca6000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.949819][ T646] loop0: detected capacity change from 0 to 2048 [ 28.976680][ T647] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-646: bg 0: block 234: padding at end of block bitmap is not set [pid 650] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 650] close(5) = 0 [pid 650] close(6) = 0 [pid 650] mkdir("./file0", 0777) = 0 [pid 650] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 650] chdir("./file0") = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_CLR_FD) = 0 [pid 650] close(6) = 0 [pid 650] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 650] write(6, "#! ./file1\n", 11) = 11 [pid 650] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 650] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=650, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 654 ./strace-static-x86_64: Process 654 attached [pid 654] set_robust_list(0x55556442e660, 24) = 0 [pid 654] chdir("./87") = 0 [pid 654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 654] setpgid(0, 0) = 0 [pid 654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 654] write(3, "1000", 4) = 4 [pid 654] close(3) = 0 [pid 654] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 654] write(1, "executing program\n", 18) = 18 [pid 654] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 654] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 654] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 654] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 654] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 654] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 654] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 654] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 654] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 654] memfd_create("syzkaller", 0) = 5 [pid 654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 654] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 654] munmap(0x7f0259ca6000, 138412032) = 0 [pid 654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.027657][ T650] loop0: detected capacity change from 0 to 2048 [ 29.054736][ T651] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-650: bg 0: block 234: padding at end of block bitmap is not set [pid 654] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 654] close(5) = 0 [pid 654] close(6) = 0 [pid 654] mkdir("./file0", 0777) = 0 [pid 654] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 654] chdir("./file0") = 0 [pid 654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 654] ioctl(6, LOOP_CLR_FD) = 0 [pid 654] close(6) = 0 [pid 654] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 654] write(6, "#! ./file1\n", 11) = 11 [pid 654] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 654] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 654] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=654, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 658 ./strace-static-x86_64: Process 658 attached [pid 658] set_robust_list(0x55556442e660, 24) = 0 [pid 658] chdir("./88") = 0 [pid 658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 658] setpgid(0, 0) = 0 [pid 658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 658] write(3, "1000", 4) = 4 [pid 658] close(3) = 0 [pid 658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 658] write(1, "executing program\n", 18) = 18 [pid 658] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 658] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 658] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 658] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 658] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 658] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 658] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 658] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 658] memfd_create("syzkaller", 0) = 5 [pid 658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 658] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 658] munmap(0x7f0259ca6000, 138412032) = 0 [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.102183][ T654] loop0: detected capacity change from 0 to 2048 [ 29.122030][ T654] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 658] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 658] close(5) = 0 [pid 658] close(6) = 0 [pid 658] mkdir("./file0", 0777) = 0 [pid 658] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 658] chdir("./file0") = 0 [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 658] ioctl(6, LOOP_CLR_FD) = 0 [pid 658] close(6) = 0 [pid 658] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 658] write(6, "#! ./file1\n", 11) = 11 [pid 658] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 658] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 658] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=658, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 662 ./strace-static-x86_64: Process 662 attached [pid 662] set_robust_list(0x55556442e660, 24) = 0 [pid 662] chdir("./89") = 0 [pid 662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 662] setpgid(0, 0) = 0 [pid 662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 662] write(3, "1000", 4) = 4 [pid 662] close(3) = 0 [pid 662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 662] write(1, "executing program\n", 18) = 18 [pid 662] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 662] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 662] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 662] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 662] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 662] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 662] memfd_create("syzkaller", 0) = 5 [pid 662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 662] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 662] munmap(0x7f0259ca6000, 138412032) = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.167931][ T658] loop0: detected capacity change from 0 to 2048 [ 29.184324][ T658] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 662] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 662] close(5) = 0 [pid 662] close(6) = 0 [pid 662] mkdir("./file0", 0777) = 0 [pid 662] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 662] chdir("./file0") = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_CLR_FD) = 0 [pid 662] close(6) = 0 [pid 662] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 662] write(6, "#! ./file1\n", 11) = 11 [pid 662] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 662] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 662] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=662, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 666 ./strace-static-x86_64: Process 666 attached [pid 666] set_robust_list(0x55556442e660, 24) = 0 [pid 666] chdir("./90") = 0 [pid 666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 666] setpgid(0, 0) = 0 [pid 666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 666] write(3, "1000", 4) = 4 [pid 666] close(3) = 0 [pid 666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 666] write(1, "executing program\n", 18executing program ) = 18 [pid 666] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 666] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 666] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 666] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 666] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 666] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 666] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 666] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 666] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 666] memfd_create("syzkaller", 0) = 5 [pid 666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 666] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 666] munmap(0x7f0259ca6000, 138412032) = 0 [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.239984][ T662] loop0: detected capacity change from 0 to 2048 [ 29.267866][ T662] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 666] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 666] close(5) = 0 [pid 666] close(6) = 0 [pid 666] mkdir("./file0", 0777) = 0 [pid 666] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 666] chdir("./file0") = 0 [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 666] ioctl(6, LOOP_CLR_FD) = 0 [pid 666] close(6) = 0 [pid 666] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 666] write(6, "#! ./file1\n", 11) = 11 [pid 666] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 666] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 666] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=666, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 671 ./strace-static-x86_64: Process 671 attached [pid 671] set_robust_list(0x55556442e660, 24) = 0 [pid 671] chdir("./91") = 0 [pid 671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 671] setpgid(0, 0) = 0 [pid 671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 671] write(3, "1000", 4) = 4 [pid 671] close(3) = 0 [pid 671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 671] write(1, "executing program\n", 18) = 18 [pid 671] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 671] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 671] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 671] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 671] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 671] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 671] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 671] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 671] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 671] memfd_create("syzkaller", 0) = 5 [pid 671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 671] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 671] munmap(0x7f0259ca6000, 138412032) = 0 [pid 671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.310233][ T666] loop0: detected capacity change from 0 to 2048 [ 29.340150][ T666] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 671] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 671] close(5) = 0 [pid 671] close(6) = 0 [pid 671] mkdir("./file0", 0777) = 0 [pid 671] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 671] chdir("./file0") = 0 [pid 671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 671] ioctl(6, LOOP_CLR_FD) = 0 [pid 671] close(6) = 0 [pid 671] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 671] write(6, "#! ./file1\n", 11) = 11 [pid 671] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 671] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 671] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=671, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0"executing program ) = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 675 ./strace-static-x86_64: Process 675 attached [pid 675] set_robust_list(0x55556442e660, 24) = 0 [pid 675] chdir("./92") = 0 [pid 675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 675] setpgid(0, 0) = 0 [pid 675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 675] write(3, "1000", 4) = 4 [pid 675] close(3) = 0 [pid 675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 675] write(1, "executing program\n", 18) = 18 [pid 675] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 675] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 675] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 675] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 675] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 675] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 675] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 675] memfd_create("syzkaller", 0) = 5 [pid 675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 675] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 675] munmap(0x7f0259ca6000, 138412032) = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.383427][ T671] loop0: detected capacity change from 0 to 2048 [ 29.400292][ T671] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 675] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 675] close(5) = 0 [pid 675] close(6) = 0 [pid 675] mkdir("./file0", 0777) = 0 [pid 675] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 675] chdir("./file0") = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 675] ioctl(6, LOOP_CLR_FD) = 0 [pid 675] close(6) = 0 [pid 675] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 675] write(6, "#! ./file1\n", 11) = 11 [pid 675] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 675] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 675] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=675, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556442e650) = 679 ./strace-static-x86_64: Process 679 attached [pid 679] set_robust_list(0x55556442e660, 24) = 0 [pid 679] chdir("./93") = 0 [pid 679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 679] setpgid(0, 0) = 0 [pid 679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 679] write(3, "1000", 4) = 4 [pid 679] close(3) = 0 [pid 679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 679] write(1, "executing program\n", 18) = 18 [pid 679] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 679] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 679] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 679] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 679] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 679] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 679] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 679] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 679] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 679] memfd_create("syzkaller", 0) = 5 [pid 679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 679] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 679] munmap(0x7f0259ca6000, 138412032) = 0 [pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.460785][ T675] loop0: detected capacity change from 0 to 2048 [ 29.479285][ T675] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 679] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 679] close(5) = 0 [pid 679] close(6) = 0 [pid 679] mkdir("./file0", 0777) = 0 [pid 679] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 679] chdir("./file0") = 0 [pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 679] ioctl(6, LOOP_CLR_FD) = 0 [pid 679] close(6) = 0 [pid 679] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 679] write(6, "#! ./file1\n", 11) = 11 [pid 679] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 679] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 679] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=679, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 683 ./strace-static-x86_64: Process 683 attached [pid 683] set_robust_list(0x55556442e660, 24) = 0 [pid 683] chdir("./94") = 0 [pid 683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 683] setpgid(0, 0) = 0 [pid 683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 683] write(3, "1000", 4) = 4 [pid 683] close(3) = 0 [pid 683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 683] write(1, "executing program\n", 18executing program ) = 18 [pid 683] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 683] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 683] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 683] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 683] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 683] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 683] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 683] memfd_create("syzkaller", 0) = 5 [pid 683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 683] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 683] munmap(0x7f0259ca6000, 138412032) = 0 [pid 683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.527557][ T679] loop0: detected capacity change from 0 to 2048 [ 29.552039][ T679] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 683] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 683] close(5) = 0 [pid 683] close(6) = 0 [pid 683] mkdir("./file0", 0777) = 0 [pid 683] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 683] chdir("./file0") = 0 [pid 683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 683] ioctl(6, LOOP_CLR_FD) = 0 [pid 683] close(6) = 0 [pid 683] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 683] write(6, "#! ./file1\n", 11) = 11 [pid 683] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 683] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 683] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=683, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 687 ./strace-static-x86_64: Process 687 attached [pid 687] set_robust_list(0x55556442e660, 24) = 0 [pid 687] chdir("./95") = 0 [pid 687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 687] setpgid(0, 0) = 0 [pid 687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 687] write(3, "1000", 4) = 4 [pid 687] close(3) = 0 [pid 687] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 687] write(1, "executing program\n", 18) = 18 [pid 687] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 687] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 687] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 687] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 687] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 687] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 687] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 687] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 687] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 687] memfd_create("syzkaller", 0) = 5 [pid 687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 687] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 687] munmap(0x7f0259ca6000, 138412032) = 0 [pid 687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.599151][ T683] loop0: detected capacity change from 0 to 2048 [ 29.621923][ T683] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 687] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 687] close(5) = 0 [pid 687] close(6) = 0 [pid 687] mkdir("./file0", 0777) = 0 [pid 687] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 687] chdir("./file0") = 0 [pid 687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 687] ioctl(6, LOOP_CLR_FD) = 0 [pid 687] close(6) = 0 [pid 687] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 687] write(6, "#! ./file1\n", 11) = 11 [pid 687] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 687] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 687] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=687, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 691 ./strace-static-x86_64: Process 691 attached [pid 691] set_robust_list(0x55556442e660, 24) = 0 executing program [pid 691] chdir("./96") = 0 [pid 691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 691] setpgid(0, 0) = 0 [pid 691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 691] write(3, "1000", 4) = 4 [pid 691] close(3) = 0 [pid 691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 691] write(1, "executing program\n", 18) = 18 [pid 691] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 691] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 691] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 691] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 691] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 691] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 691] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 691] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 691] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 691] memfd_create("syzkaller", 0) = 5 [pid 691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 691] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 691] munmap(0x7f0259ca6000, 138412032) = 0 [pid 691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.675369][ T687] loop0: detected capacity change from 0 to 2048 [ 29.699784][ T687] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 691] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 691] close(5) = 0 [pid 691] close(6) = 0 [pid 691] mkdir("./file0", 0777) = 0 [pid 691] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 691] chdir("./file0") = 0 [pid 691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 691] ioctl(6, LOOP_CLR_FD) = 0 [pid 691] close(6) = 0 [pid 691] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 691] write(6, "#! ./file1\n", 11) = 11 [pid 691] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 691] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 691] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=691, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 695 ./strace-static-x86_64: Process 695 attached [pid 695] set_robust_list(0x55556442e660, 24) = 0 [pid 695] chdir("./97") = 0 [pid 695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 695] setpgid(0, 0) = 0 [pid 695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 695] write(3, "1000", 4) = 4 [pid 695] close(3) = 0 [pid 695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 695] write(1, "executing program\n", 18executing program ) = 18 [pid 695] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 695] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 695] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 695] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 695] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 695] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 695] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 695] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 695] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 695] memfd_create("syzkaller", 0) = 5 [pid 695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [ 29.745808][ T691] loop0: detected capacity change from 0 to 2048 [ 29.774800][ T692] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-691: bg 0: block 234: padding at end of block bitmap is not set [pid 695] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 695] munmap(0x7f0259ca6000, 138412032) = 0 [pid 695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 695] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 695] close(5) = 0 [pid 695] close(6) = 0 [pid 695] mkdir("./file0", 0777) = 0 [pid 695] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 695] chdir("./file0") = 0 [pid 695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 695] ioctl(6, LOOP_CLR_FD) = 0 [pid 695] close(6) = 0 [pid 695] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 695] write(6, "#! ./file1\n", 11) = 11 [pid 695] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 695] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 695] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=695, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 699 ./strace-static-x86_64: Process 699 attached [pid 699] set_robust_list(0x55556442e660, 24) = 0 [pid 699] chdir("./98") = 0 [pid 699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 699] setpgid(0, 0) = 0 [pid 699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 699] write(3, "1000", 4) = 4 [pid 699] close(3) = 0 [pid 699] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 699] write(1, "executing program\n", 18) = 18 [pid 699] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 699] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 699] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 699] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 699] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 699] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 699] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 699] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 699] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 699] memfd_create("syzkaller", 0) = 5 [pid 699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 699] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 699] munmap(0x7f0259ca6000, 138412032) = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.828947][ T695] loop0: detected capacity change from 0 to 2048 [ 29.851366][ T695] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 699] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 699] close(5) = 0 [pid 699] close(6) = 0 [pid 699] mkdir("./file0", 0777) = 0 [pid 699] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 699] chdir("./file0") = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 699] ioctl(6, LOOP_CLR_FD) = 0 [pid 699] close(6) = 0 [pid 699] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 699] write(6, "#! ./file1\n", 11) = 11 [pid 699] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 699] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 699] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=699, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 703 ./strace-static-x86_64: Process 703 attached [pid 703] set_robust_list(0x55556442e660, 24) = 0 [pid 703] chdir("./99") = 0 [pid 703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 703] setpgid(0, 0) = 0 [pid 703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 703] write(3, "1000", 4) = 4 [pid 703] close(3) = 0 [pid 703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 703] write(1, "executing program\n", 18) = 18 [pid 703] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 703] ioctl(3, VHOST_SET_OWNERexecuting program , 0) = 0 [pid 703] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 703] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 703] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 703] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 703] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 703] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 703] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 703] memfd_create("syzkaller", 0) = 5 [pid 703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 703] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 703] munmap(0x7f0259ca6000, 138412032) = 0 [pid 703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.905399][ T699] loop0: detected capacity change from 0 to 2048 [ 29.929730][ T699] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 703] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 703] close(5) = 0 [pid 703] close(6) = 0 [pid 703] mkdir("./file0", 0777) = 0 [pid 703] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 703] chdir("./file0") = 0 [pid 703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 703] ioctl(6, LOOP_CLR_FD) = 0 [pid 703] close(6) = 0 [pid 703] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 703] write(6, "#! ./file1\n", 11) = 11 [pid 703] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 703] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 703] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=703, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 707 ./strace-static-x86_64: Process 707 attached [pid 707] set_robust_list(0x55556442e660, 24) = 0 [pid 707] chdir("./100"executing program ) = 0 [pid 707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 707] setpgid(0, 0) = 0 [pid 707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 707] write(3, "1000", 4) = 4 [pid 707] close(3) = 0 [pid 707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 707] write(1, "executing program\n", 18) = 18 [pid 707] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 707] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 707] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 707] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 707] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 707] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 707] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 707] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 707] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 707] memfd_create("syzkaller", 0) = 5 [pid 707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 707] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 707] munmap(0x7f0259ca6000, 138412032) = 0 [pid 707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.976356][ T703] loop0: detected capacity change from 0 to 2048 [ 30.002299][ T703] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 707] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 707] close(5) = 0 [pid 707] close(6) = 0 [pid 707] mkdir("./file0", 0777) = 0 [pid 707] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 707] chdir("./file0") = 0 [pid 707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 707] ioctl(6, LOOP_CLR_FD) = 0 [pid 707] close(6) = 0 [pid 707] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 707] write(6, "#! ./file1\n", 11) = 11 [pid 707] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 707] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 707] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=707, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 executing program ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 711 ./strace-static-x86_64: Process 711 attached [pid 711] set_robust_list(0x55556442e660, 24) = 0 [pid 711] chdir("./101") = 0 [pid 711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 711] setpgid(0, 0) = 0 [pid 711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 711] write(3, "1000", 4) = 4 [pid 711] close(3) = 0 [pid 711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 711] write(1, "executing program\n", 18) = 18 [pid 711] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 711] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 711] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 711] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 711] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 711] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 711] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 711] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 711] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 711] memfd_create("syzkaller", 0) = 5 [pid 711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 711] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 711] munmap(0x7f0259ca6000, 138412032) = 0 [pid 711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.054930][ T707] loop0: detected capacity change from 0 to 2048 [ 30.085697][ T708] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-707: bg 0: block 234: padding at end of block bitmap is not set [pid 711] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 711] close(5) = 0 [pid 711] close(6) = 0 [pid 711] mkdir("./file0", 0777) = 0 [pid 711] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 711] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 711] chdir("./file0") = 0 [pid 711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 711] ioctl(6, LOOP_CLR_FD) = 0 [pid 711] close(6) = 0 [pid 711] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 711] write(6, "#! ./file1\n", 11) = 11 [pid 711] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 711] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 711] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=711, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555564437730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555564437730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x55556442f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556442e650) = 715 ./strace-static-x86_64: Process 715 attached [pid 715] set_robust_list(0x55556442e660, 24) = 0 [pid 715] chdir("./102") = 0 [pid 715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 715] setpgid(0, 0) = 0 [pid 715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 715] write(3, "1000", 4) = 4 [pid 715] close(3) = 0 [pid 715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 715] write(1, "executing program\n", 18executing program ) = 18 [pid 715] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 715] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 715] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 715] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 715] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 715] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 715] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 715] memfd_create("syzkaller", 0) = 5 [pid 715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0259ca6000 [pid 715] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 715] munmap(0x7f0259ca6000, 138412032) = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.129861][ T711] loop0: detected capacity change from 0 to 2048 [ 30.151557][ T711] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor291: bg 0: block 234: padding at end of block bitmap is not set [pid 715] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 715] close(5) = 0 [pid 715] close(6) = 0 [pid 715] mkdir("./file0", 0777) = 0 [pid 715] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 715] chdir("./file0") = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 715] ioctl(6, LOOP_CLR_FD) = 0 [pid 715] close(6) = 0 [pid 715] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 715] write(6, "#! ./file1\n", 11) = 11 [pid 715] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 715] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 715] exit_group(0) = ? [pid 715] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=715, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556442f6f0 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 [ 30.203437][ T715] loop0: detected capacity change from 0 to 2048 [ 30.237949][ T716] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-715: bg 0: block 234: padding at end of block bitmap is not set [ 30.265007][ T8] ------------[ cut here ]------------ [ 30.270421][ T8] kernel BUG at fs/ext4/inode.c:2760! [ 30.275647][ T8] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 30.281508][ T8] CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 6.1.129-syzkaller-00005-g19a0fb1d3513 #0 [ 30.291054][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 30.300953][ T8] Workqueue: writeback wb_workfn (flush-7:0) [ 30.306765][ T8] RIP: 0010:ext4_writepages+0x3fab/0x3fd0 [ 30.312319][ T8] Code: ca 7f ff 31 ff 89 de e8 e3 ca 7f ff 45 84 f6 75 2a e8 49 c8 7f ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 35 c8 7f ff <0f> 0b e8 2e c8 7f ff e8 b5 b7 0a ff e9 46 c3 ff ff e8 1f c8 7f ff [ 30.331761][ T8] RSP: 0018:ffffc90000087000 EFLAGS: 00010293 [ 30.337663][ T8] RAX: ffffffff81f5cffb RBX: 0000008000000000 RCX: ffff888100393cc0 [ 30.345475][ T8] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 30.353287][ T8] RBP: ffffc90000087410 R08: ffffffff81f5975b R09: ffffed10217b4b7b [ 30.361099][ T8] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888116bde000 [ 30.368908][ T8] R13: ffff88810bda5d10 R14: 0000008410000000 R15: ffffc900000872e0 [ 30.376723][ T8] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 30.385487][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.391916][ T8] CR2: 00007ffc74c7df38 CR3: 00000001233c3000 CR4: 00000000003506a0 [ 30.399726][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.407534][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.415343][ T8] Call Trace: [ 30.418471][ T8] [ 30.421248][ T8] ? __die_body+0x62/0xb0 [ 30.425420][ T8] ? die+0x88/0xb0 [ 30.428976][ T8] ? do_trap+0x103/0x330 [ 30.433063][ T8] ? ext4_writepages+0x3fab/0x3fd0 [ 30.437998][ T8] ? handle_invalid_op+0x95/0xc0 [ 30.442770][ T8] ? ext4_writepages+0x3fab/0x3fd0 [ 30.447719][ T8] ? exc_invalid_op+0x32/0x50 [ 30.452232][ T8] ? asm_exc_invalid_op+0x1b/0x20 [ 30.457092][ T8] ? ext4_writepages+0x70b/0x3fd0 [ 30.461952][ T8] ? ext4_writepages+0x3fab/0x3fd0 [ 30.466900][ T8] ? ext4_writepages+0x3fab/0x3fd0 [ 30.471847][ T8] ? __kasan_check_read+0x11/0x20 [ 30.476708][ T8] ? folio_mark_accessed+0x211/0x650 [ 30.481828][ T8] ? folio_activate_fn+0xd20/0xd20 [ 30.486778][ T8] ? __find_get_block+0xd38/0x1180 [ 30.491722][ T8] ? sched_group_set_idle+0x710/0x710 [ 30.496931][ T8] ? write_boundary_block+0xb0/0xb0 [ 30.501965][ T8] ? ext4_read_folio+0x240/0x240 [ 30.506738][ T8] ? xas_load+0x39d/0x3b0 [ 30.510903][ T8] ? __kasan_check_write+0x14/0x20 [ 30.515852][ T8] ? __filemap_get_folio+0x95e/0xae0 [ 30.520972][ T8] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 30.526441][ T8] ? folio_mark_accessed+0x211/0x650 [ 30.531562][ T8] ? enqueue_task_fair+0xe82/0x2260 [ 30.536595][ T8] ? ext4_read_folio+0x240/0x240 [ 30.541368][ T8] do_writepages+0x385/0x620 [ 30.545800][ T8] ? __writepage+0x130/0x130 [ 30.550223][ T8] ? enqueue_task_fair+0xe82/0x2260 [ 30.555257][ T8] __writeback_single_inode+0xdc/0xb80 [ 30.560554][ T8] writeback_sb_inodes+0xb32/0x1910 [ 30.565584][ T8] ? _raw_spin_lock+0xa4/0x1b0 [ 30.570189][ T8] ? queue_io+0x520/0x520 [ 30.574353][ T8] ? __writeback_inodes_wb+0x3f0/0x3f0 [ 30.579646][ T8] ? queue_io+0x3d0/0x520 [ 30.583812][ T8] ? memset+0x35/0x40 [ 30.587630][ T8] wb_writeback+0x3c8/0xa00 [ 30.591973][ T8] ? inode_cgwb_move_to_attached+0x3c0/0x3c0 [ 30.597787][ T8] ? set_worker_desc+0x158/0x1c0 [ 30.602560][ T8] ? __kasan_check_write+0x14/0x20 [ 30.607509][ T8] wb_workfn+0x399/0x1030 [ 30.611676][ T8] ? inode_wait_for_writeback+0x280/0x280 [ 30.617226][ T8] ? kthread_data+0x53/0xc0 [ 30.621569][ T8] ? _raw_spin_unlock+0x4c/0x70 [ 30.626252][ T8] ? finish_task_switch+0x167/0x7b0 [ 30.631291][ T8] ? __kasan_check_read+0x11/0x20 [ 30.636150][ T8] ? read_word_at_a_time+0x12/0x20 [ 30.641094][ T8] ? strscpy+0x9c/0x260 [ 30.645090][ T8] process_one_work+0x73d/0xcb0 [ 30.649777][ T8] worker_thread+0xa60/0x1260 [ 30.654290][ T8] kthread+0x26d/0x300 [ 30.658196][ T8] ? worker_clr_flags+0x1a0/0x1a0 [ 30.663054][ T8] ? kthread_blkcg+0xd0/0xd0 [ 30.667480][ T8] ret_from_fork+0x1f/0x30 [ 30.671734][ T8] [ 30.674595][ T8] Modules linked in: [ 30.678609][ T8] ---[ end trace 0000000000000000 ]--- [ 30.683887][ T8] RIP: 0010:ext4_writepages+0x3fab/0x3fd0 [ 30.689580][ T8] Code: ca 7f ff 31 ff 89 de e8 e3 ca 7f ff 45 84 f6 75 2a e8 49 c8 7f ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 35 c8 7f ff <0f> 0b e8 2e c8 7f ff e8 b5 b7 0a ff e9 46 c3 ff ff e8 1f c8 7f ff [ 30.709072][ T8] RSP: 0018:ffffc90000087000 EFLAGS: 00010293 [ 30.714906][ T8] RAX: ffffffff81f5cffb RBX: 0000008000000000 RCX: ffff888100393cc0 [ 30.722763][ T8] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 30.730546][ T8] RBP: ffffc90000087410 R08: ffffffff81f5975b R09: ffffed10217b4b7b [ 30.738389][ T8] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888116bde000 [ 30.746177][ T8] R13: ffff88810bda5d10 R14: 0000008410000000 R15: ffffc900000872e0 [ 30.753961][ T8] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 30.762765][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.769173][ T8] CR2: 00007ffc74c7df38 CR3: 000000010f3f4000 CR4: 00000000003506a0 [ 30.776999][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.784791][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.792633][ T8] Kernel panic - not syncing: Fatal exception [ 30.798821][ T8] Kernel Offset: disabled [ 30.802946][ T8] Rebooting in 86400 seconds..