./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor12663471 <...> Warning: Permanently added '10.128.1.124' (ED25519) to the list of known hosts. execve("./syz-executor12663471", ["./syz-executor12663471"], 0x7ffdf6409440 /* 10 vars */) = 0 brk(NULL) = 0x55557cd2c000 brk(0x55557cd2cd40) = 0x55557cd2cd40 arch_prctl(ARCH_SET_FS, 0x55557cd2c3c0) = 0 set_tid_address(0x55557cd2c690) = 341 set_robust_list(0x55557cd2c6a0, 24) = 0 rseq(0x55557cd2cce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor12663471", 4096) = 26 getrandom("\x9f\x7d\x30\xfb\x40\x9f\x6b\x42", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557cd2cd40 brk(0x55557cd4dd40) = 0x55557cd4dd40 brk(0x55557cd4e000) = 0x55557cd4e000 mprotect(0x7f676dd43000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.ycfP2t", 0700) = 0 chmod("./syzkaller.ycfP2t", 0777) = 0 chdir("./syzkaller.ycfP2t") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 342] chdir("./0") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [ 23.549190][ T23] audit: type=1400 audit(1745984948.650:81): avc: denied { execmem } for pid=341 comm="syz-executor126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.572667][ T23] audit: type=1400 audit(1745984948.670:82): avc: denied { read write } for pid=341 comm="syz-executor126" name="loop0" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 342] write(1, "executing program\n", 18) = 18 [pid 342] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 342] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[344]}, 88) = 344 [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 344] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x200000000300) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_SET_MEM_TABLE [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... ioctl resumed>, 0x200000003380) = 0 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 344] eventfd2(118, EFD_SEMAPHORE [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... eventfd2 resumed>) = 4 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_SET_VRING_ERR [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_SET_VRING_ADDR [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x200000000240) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_SET_VRING_KICK [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x200000000000) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x200000000140) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] memfd_create("syzkaller", 0 [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... memfd_create resumed>) = 5 [pid 342] <... futex resumed>) = 0 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 344] <... mmap resumed>) = 0x7f676585d000 [pid 344] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 344] munmap(0x7f676585d000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.597692][ T23] audit: type=1400 audit(1745984948.670:83): avc: denied { open } for pid=341 comm="syz-executor126" path="/dev/loop0" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.622845][ T23] audit: type=1400 audit(1745984948.690:84): avc: denied { ioctl } for pid=341 comm="syz-executor126" path="/dev/loop0" dev="devtmpfs" ino=142 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 344] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 344] close(5) = 0 [pid 344] close(6) = 0 [pid 344] mkdir("./file0", 0777) = 0 [ 23.648792][ T23] audit: type=1400 audit(1745984948.700:85): avc: denied { read write } for pid=342 comm="syz-executor126" name="vhost-vsock" dev="devtmpfs" ino=10551 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.676864][ T23] audit: type=1400 audit(1745984948.700:86): avc: denied { open } for pid=342 comm="syz-executor126" path="/dev/vhost-vsock" dev="devtmpfs" ino=10551 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.700889][ T23] audit: type=1400 audit(1745984948.700:87): avc: denied { ioctl } for pid=342 comm="syz-executor126" path="/dev/vhost-vsock" dev="devtmpfs" ino=10551 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.726301][ T23] audit: type=1400 audit(1745984948.750:88): avc: denied { mounton } for pid=342 comm="syz-executor126" path="/root/syzkaller.ycfP2t/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.767020][ T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 344] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 344] chdir("./file0") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 344] ioctl(6, LOOP_CLR_FD) = 0 [pid 344] close(6) = 0 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... openat resumed>) = 6 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] write(6, "#! ./file1\n", 11 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... write resumed>) = 11 [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.787898][ T23] audit: type=1400 audit(1745984948.890:89): avc: denied { mount } for pid=342 comm="syz-executor126" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.823374][ T345] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-344: bg 0: block 234: padding at end of block bitmap is not set [pid 344] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 342] <... futex resumed>) = ? [pid 344] +++ killed by SIGBUS +++ [pid 342] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=342, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 23.823847][ T23] audit: type=1400 audit(1745984948.920:90): avc: denied { write } for pid=342 comm="syz-executor126" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0"executing program ) = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 349] chdir("./1") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(1, "executing program\n", 18) = 18 [pid 349] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 349] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[350]}, 88) = 350 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 350] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 350] memfd_create("syzkaller", 0) = 5 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 350] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 350] munmap(0x7f676585d000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 350] close(5) = 0 [pid 350] close(6) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 350] chdir("./file0") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_CLR_FD) = 0 [pid 350] close(6) = 0 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] write(6, "#! ./file1\n", 11) = 11 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 350] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 23.996711][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 349] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 349] <... futex resumed>) = ? [pid 350] +++ killed by SIGBUS +++ [pid 349] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=349, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 24.041360][ T351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-350: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 355] chdir("./2") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18executing program ) = 18 [pid 355] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 355] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[356]}, 88) = 356 [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 356] eventfd2(118, EFD_SEMAPHORE [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... eventfd2 resumed>) = 4 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 356] memfd_create("syzkaller", 0) = 5 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 356] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 356] munmap(0x7f676585d000, 138412032) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 356] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 356] close(5) = 0 [pid 356] close(6) = 0 [pid 356] mkdir("./file0", 0777) = 0 [pid 356] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 356] chdir("./file0") = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 356] ioctl(6, LOOP_CLR_FD) = 0 [pid 356] close(6) = 0 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] write(6, "#! ./file1\n", 11) = 11 [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.206519][ T356] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 356] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 0 [pid 356] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 355] <... futex resumed>) = ? [pid 356] +++ killed by SIGBUS +++ [pid 355] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 24.249867][ T357] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-356: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 361 ./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 361] chdir("./3") = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 361] write(1, "executing program\n", 18executing program ) = 18 [pid 361] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 361] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] <... clone3 resumed> => {parent_tid=[362]}, 88) = 362 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] ioctl(3, VHOST_SET_OWNER [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... ioctl resumed>, 0) = 0 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 361] <... futex resumed>) = 1 [pid 362] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 361] <... futex resumed>) = 1 [pid 362] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 362] memfd_create("syzkaller", 0) = 5 [pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 362] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 362] <... write resumed>) = 1048576 [pid 362] munmap(0x7f676585d000, 138412032) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 362] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 362] close(5) = 0 [pid 362] close(6) = 0 [pid 362] mkdir("./file0", 0777) = 0 [pid 362] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 362] chdir("./file0") = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 362] ioctl(6, LOOP_CLR_FD) = 0 [pid 362] close(6) = 0 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 362] <... futex resumed>) = 1 [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... openat resumed>) = 6 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 362] <... futex resumed>) = 1 [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] write(6, "#! ./file1\n", 11 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... write resumed>) = 11 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 362] <... futex resumed>) = 1 [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... mmap resumed>) = 0x200000000000 [pid 362] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... futex resumed>) = 1 [pid 362] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 361] <... futex resumed>) = ? [pid 362] +++ killed by SIGBUS +++ [pid 361] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=361, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 24.426442][ T362] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.460640][ T363] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-362: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 367] chdir("./4") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 367] write(1, "executing program\n", 18) = 18 [pid 367] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 367] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... clone3 resumed> => {parent_tid=[368]}, 88) = 368 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 1 [pid 368] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_ADDR [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... ioctl resumed>, 0x200000000300) = 0 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] ioctl(3, VHOST_SET_MEM_TABLE [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... ioctl resumed>, 0x200000003380) = 0 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 367] <... futex resumed>) = 0 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 368] <... futex resumed>) = 0 [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] ioctl(3, VHOST_SET_VRING_ERR [pid 367] <... futex resumed>) = 0 [pid 368] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_SET_VRING_KICK [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... ioctl resumed>, 0x200000000000) = 0 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 368] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 368] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 1 [pid 368] memfd_create("syzkaller", 0 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 368] <... memfd_create resumed>) = 5 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 368] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7f676585d000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 368] close(5) = 0 [pid 368] close(6) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_CLR_FD) = 0 [pid 368] close(6) = 0 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] write(6, "#! ./file1\n", 11 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... write resumed>) = 11 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = 1 [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... mmap resumed>) = 0x200000000000 [pid 368] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 367] <... futex resumed>) = ? [pid 368] +++ killed by SIGBUS +++ [pid 367] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 24.556291][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.587824][ T369] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-368: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 373] chdir("./5") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 373] write(1, "executing program\n", 18) = 18 [pid 373] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 373] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 374 attached => {parent_tid=[374]}, 88) = 374 [pid 374] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] ioctl(3, VHOST_SET_OWNER [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... ioctl resumed>, 0) = 0 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 374] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 1 [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 1 [pid 374] ioctl(3, VHOST_SET_MEM_TABLE [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... ioctl resumed>, 0x200000003380) = 0 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 1 [pid 374] eventfd2(118, EFD_SEMAPHORE [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... eventfd2 resumed>) = 4 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 374] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 373] <... futex resumed>) = 0 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 1 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 1 [pid 374] ioctl(3, VHOST_SET_VRING_KICK [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... ioctl resumed>, 0x200000000000) = 0 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 374] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 1 [pid 374] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 374] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 1 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 374] memfd_create("syzkaller", 0) = 5 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 374] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 374] munmap(0x7f676585d000, 138412032) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 374] close(5) = 0 [pid 374] close(6) = 0 [pid 374] mkdir("./file0", 0777) = 0 [pid 374] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 374] chdir("./file0") = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_CLR_FD) = 0 [pid 374] close(6) = 0 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 1 [pid 374] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] write(6, "#! ./file1\n", 11) = 11 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 1 [ 24.776638][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 374] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 374] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 1 [pid 374] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 373] <... futex resumed>) = ? [pid 374] +++ killed by SIGBUS +++ [pid 373] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=373, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 24.818119][ T375] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-374: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 379] chdir("./6") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18executing program ) = 18 [pid 379] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 379] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 380 attached => {parent_tid=[380]}, 88) = 380 [pid 380] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_OWNER [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... ioctl resumed>, 0) = 0 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 379] <... futex resumed>) = 1 [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 379] <... futex resumed>) = 1 [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 379] <... futex resumed>) = 1 [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 379] <... futex resumed>) = 1 [pid 380] memfd_create("syzkaller", 0 [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 380] <... memfd_create resumed>) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7f676585d000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 1 [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 1 [pid 380] write(6, "#! ./file1\n", 11) = 11 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 1 [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 380] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 1 [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 379] <... futex resumed>) = ? [pid 380] +++ killed by SIGBUS +++ [pid 379] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=379, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 24.966406][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.997528][ T381] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-380: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 385] chdir("./7") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18executing program ) = 18 [pid 385] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 385] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 385] <... clone3 resumed> => {parent_tid=[386]}, 88) = 386 [pid 385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 386] <... futex resumed>) = 0 [pid 386] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 386] <... futex resumed>) = 0 [pid 386] ioctl(3, VHOST_SET_OWNER [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... ioctl resumed>, 0) = 0 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 386] memfd_create("syzkaller", 0) = 5 [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 386] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 386] munmap(0x7f676585d000, 138412032) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 386] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 386] close(5) = 0 [pid 386] close(6) = 0 [pid 386] mkdir("./file0", 0777) = 0 [pid 386] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 386] chdir("./file0") = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 386] ioctl(6, LOOP_CLR_FD) = 0 [pid 386] close(6) = 0 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] write(6, "#! ./file1\n", 11) = 11 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 386] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 25.176473][ T386] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 386] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 0 [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 385] <... futex resumed>) = ? [pid 386] +++ killed by SIGBUS +++ [pid 385] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=385, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 25.221618][ T387] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-386: bg 0: block 234: padding at end of block bitmap is not set close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 391] chdir("./8") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] write(1, "executing program\n", 18executing program ) = 18 [pid 391] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 391] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] <... clone3 resumed> => {parent_tid=[392]}, 88) = 392 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] <... futex resumed>) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 1 [pid 392] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 1 [pid 392] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 1 [pid 392] memfd_create("syzkaller", 0 [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 392] <... memfd_create resumed>) = 5 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 392] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 392] munmap(0x7f676585d000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 392] close(5) = 0 [pid 392] close(6) = 0 [pid 392] mkdir("./file0", 0777) = 0 [pid 392] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 392] chdir("./file0") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_CLR_FD) = 0 [pid 392] close(6) = 0 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] write(6, "#! ./file1\n", 11) = 11 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 392] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [ 25.336362][ T392] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 392] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 391] <... futex resumed>) = ? [pid 392] +++ killed by SIGBUS +++ [pid 391] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=391, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 25.380956][ T393] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-392: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 397 ./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 397] chdir("./9") = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 397] write(1, "executing program\n", 18executing program ) = 18 [pid 397] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 397] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[398]}, 88) = 398 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 398] memfd_create("syzkaller", 0) = 5 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 398] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 398] munmap(0x7f676585d000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 398] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 398] close(5) = 0 [pid 398] close(6) = 0 [pid 398] mkdir("./file0", 0777) = 0 [pid 398] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 398] chdir("./file0") = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 398] ioctl(6, LOOP_CLR_FD) = 0 [pid 398] close(6) = 0 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] write(6, "#! ./file1\n", 11) = 11 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 398] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 0 [pid 398] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 397] <... futex resumed>) = ? [pid 398] +++ killed by SIGBUS +++ [pid 397] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=397, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 25.526521][ T398] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.560377][ T399] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-398: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 403 ./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 403] chdir("./10") = 0 [pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 403] setpgid(0, 0) = 0 [pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 403] write(3, "1000", 4) = 4 [pid 403] close(3) = 0 [pid 403] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 403] write(1, "executing program\n", 18) = 18 [pid 403] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 403] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 404 attached => {parent_tid=[404]}, 88) = 404 [pid 404] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] <... futex resumed>) = 0 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] <... futex resumed>) = 0 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 404] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] <... futex resumed>) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ADDR [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... ioctl resumed>, 0x200000000300) = 0 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 403] <... futex resumed>) = 1 [pid 404] ioctl(3, VHOST_SET_MEM_TABLE [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... ioctl resumed>, 0x200000003380) = 0 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] eventfd2(118, EFD_SEMAPHORE [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... eventfd2 resumed>) = 4 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ERR [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 403] <... futex resumed>) = 0 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 0 [pid 403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] ioctl(3, VHOST_SET_VRING_ADDR [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... ioctl resumed>, 0x200000000240) = 0 [pid 403] <... futex resumed>) = 0 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 0 [pid 403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 403] <... futex resumed>) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_KICK [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... ioctl resumed>, 0x200000000000) = 0 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... ioctl resumed>, 0x200000000140) = 0 [pid 403] <... futex resumed>) = 0 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 0 [pid 403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] memfd_create("syzkaller", 0 [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... memfd_create resumed>) = 5 [pid 403] <... futex resumed>) = 0 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 404] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 404] munmap(0x7f676585d000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 404] close(5) = 0 [pid 404] close(6) = 0 [pid 404] mkdir("./file0", 0777) = 0 [pid 404] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_CLR_FD) = 0 [pid 404] close(6) = 0 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] write(6, "#! ./file1\n", 11) = 11 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 404] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 403] <... futex resumed>) = ? [pid 404] +++ killed by SIGBUS +++ [pid 403] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=403, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 25.716388][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.747687][ T405] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-404: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 409 ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 409] chdir("./11") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 409] write(1, "executing program\n", 18) = 18 [pid 409] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 409] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[410]}, 88) = 410 [pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 410] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 410] memfd_create("syzkaller", 0) = 5 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 410] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 410] munmap(0x7f676585d000, 138412032) = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 410] close(5) = 0 [pid 410] close(6) = 0 [pid 410] mkdir("./file0", 0777) = 0 [pid 410] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 410] chdir("./file0") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_CLR_FD) = 0 [pid 410] close(6) = 0 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] write(6, "#! ./file1\n", 11) = 11 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 410] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] <... futex resumed>) = 0 [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 409] <... futex resumed>) = ? [pid 410] +++ killed by SIGBUS +++ [pid 409] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=409, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 25.906521][ T410] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.939783][ T411] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-410: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 415 [pid 415] chdir("./12") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 415] write(1, "executing program\n", 18executing program ) = 18 [pid 415] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 415] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 415] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 416] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... clone3 resumed> => {parent_tid=[416]}, 88) = 416 [pid 415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] ioctl(3, VHOST_SET_OWNER [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... ioctl resumed>, 0) = 0 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... futex resumed>) = 0 [pid 416] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = 1 [pid 416] eventfd2(118, EFD_SEMAPHORE [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... eventfd2 resumed>) = 4 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... futex resumed>) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_ERR [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 415] <... futex resumed>) = 0 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] ioctl(3, VHOST_SET_VRING_ADDR [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... ioctl resumed>, 0x200000000240) = 0 [pid 415] <... futex resumed>) = 0 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... futex resumed>) = 0 [pid 416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 415] <... futex resumed>) = 0 [pid 416] <... ioctl resumed>, 0x200000000140) = 0 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... futex resumed>) = 0 [pid 416] memfd_create("syzkaller", 0 [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... memfd_create resumed>) = 5 [pid 415] <... futex resumed>) = 0 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 416] <... mmap resumed>) = 0x7f676585d000 [pid 416] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 416] munmap(0x7f676585d000, 138412032) = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 416] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 416] close(5) = 0 [pid 416] close(6) = 0 [pid 416] mkdir("./file0", 0777) = 0 [pid 416] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 416] chdir("./file0") = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 416] ioctl(6, LOOP_CLR_FD) = 0 [pid 416] close(6) = 0 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] write(6, "#! ./file1\n", 11) = 11 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 416] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 415] <... futex resumed>) = ? [pid 416] +++ killed by SIGBUS +++ [pid 415] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=415, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 26.116440][ T416] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.147748][ T417] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-416: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 421 ./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 421] chdir("./13") = 0 [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 421] write(1, "executing program\n", 18) = 18 [pid 421] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 421] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] <... clone3 resumed> => {parent_tid=[422]}, 88) = 422 [pid 421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = 1 [pid 422] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = 1 [pid 422] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 422] <... futex resumed>) = 0 [pid 422] ioctl(3, VHOST_SET_VRING_ADDR [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... ioctl resumed>, 0x200000000300) = 0 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 422] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] <... futex resumed>) = 0 [pid 422] ioctl(3, VHOST_SET_MEM_TABLE [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... ioctl resumed>, 0x200000003380) = 0 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 422] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] eventfd2(118, EFD_SEMAPHORE [pid 421] <... futex resumed>) = 0 [pid 422] <... eventfd2 resumed>) = 4 [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 422] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] <... futex resumed>) = 0 [pid 422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] ioctl(3, VHOST_SET_VRING_ERR [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 421] <... futex resumed>) = 0 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] ioctl(3, VHOST_SET_VRING_KICK [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... ioctl resumed>, 0x200000000000) = 0 [pid 421] <... futex resumed>) = 0 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... ioctl resumed>, 0x200000000140) = 0 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 422] <... futex resumed>) = 0 [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = 1 [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 422] memfd_create("syzkaller", 0) = 5 [pid 422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 422] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 422] munmap(0x7f676585d000, 138412032) = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 422] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 422] close(5) = 0 [pid 422] close(6) = 0 [pid 422] mkdir("./file0", 0777) = 0 [pid 422] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 422] chdir("./file0") = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 422] ioctl(6, LOOP_CLR_FD) = 0 [pid 422] close(6) = 0 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 1 [pid 422] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 1 [pid 422] write(6, "#! ./file1\n", 11) = 11 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 1 [pid 422] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 422] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 1 [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 421] <... futex resumed>) = ? [pid 422] +++ killed by SIGBUS +++ [pid 421] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=421, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 26.264888][ T422] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.296263][ T423] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-422: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 427 ./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 427] chdir("./14") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 427] write(1, "executing program\n", 18) = 18 [pid 427] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 427] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[428]}, 88) = 428 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 1 [pid 428] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 428] memfd_create("syzkaller", 0) = 5 [pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 428] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 428] munmap(0x7f676585d000, 138412032) = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 428] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 428] close(5) = 0 [pid 428] close(6) = 0 [pid 428] mkdir("./file0", 0777) = 0 [pid 428] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 428] chdir("./file0") = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 428] ioctl(6, LOOP_CLR_FD) = 0 [pid 428] close(6) = 0 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] write(6, "#! ./file1\n", 11) = 11 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 428] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 0 [pid 428] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 427] <... futex resumed>) = ? [pid 428] +++ killed by SIGBUS +++ [pid 427] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=427, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 26.436746][ T428] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.470074][ T429] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-428: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 433] chdir("./15") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] write(1, "executing program\n", 18executing program ) = 18 [pid 433] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 433] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... clone3 resumed> => {parent_tid=[434]}, 88) = 434 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 434] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 434] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... ioctl resumed>, 0x200000000140) = 0 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 434] memfd_create("syzkaller", 0 [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 434] <... memfd_create resumed>) = 5 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 434] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 434] munmap(0x7f676585d000, 138412032) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 434] close(5) = 0 [pid 434] close(6) = 0 [pid 434] mkdir("./file0", 0777) = 0 [pid 434] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 434] chdir("./file0") = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_CLR_FD) = 0 [pid 434] close(6) = 0 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] write(6, "#! ./file1\n", 11) = 11 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 434] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... mmap resumed>) = 0x200000000000 [pid 434] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 0 [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 433] <... futex resumed>) = ? [ 26.606510][ T434] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.639565][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-434: bg 0: block 234: padding at end of block bitmap is not set [pid 434] +++ killed by SIGBUS +++ [pid 433] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=433, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 26.655570][ T435] vhost-434 (435) used greatest stack depth: 22752 bytes left umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 439] chdir("./16") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] write(1, "executing program\n", 18executing program ) = 18 [pid 439] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 439] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 440 attached => {parent_tid=[440]}, 88) = 440 [pid 440] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] ioctl(3, VHOST_SET_OWNER [pid 439] <... futex resumed>) = 1 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... ioctl resumed>, 0) = 0 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 440] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] ioctl(3, VHOST_SET_VRING_KICK [pid 439] <... futex resumed>) = 0 [pid 440] <... ioctl resumed>, 0x200000000000) = 0 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] memfd_create("syzkaller", 0 [pid 439] <... futex resumed>) = 0 [pid 440] <... memfd_create resumed>) = 5 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 440] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7f676585d000, 138412032) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 440] close(5) = 0 [pid 440] close(6) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] write(6, "#! ./file1\n", 11) = 11 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 440] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 439] <... futex resumed>) = ? [pid 440] +++ killed by SIGBUS +++ [pid 439] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=439, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 26.777112][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.808155][ T441] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-440: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 445] chdir("./17") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18executing program ) = 18 [pid 445] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 445] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[446]}, 88) = 446 [pid 445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 446] memfd_create("syzkaller", 0) = 5 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 446] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 446] munmap(0x7f676585d000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 446] close(5) = 0 [pid 446] close(6) = 0 [pid 446] mkdir("./file0", 0777) = 0 [pid 446] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 446] chdir("./file0") = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_CLR_FD) = 0 [pid 446] close(6) = 0 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] write(6, "#! ./file1\n", 11) = 11 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 446] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 445] <... futex resumed>) = ? [pid 446] +++ killed by SIGBUS +++ [pid 445] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=445, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 26.966579][ T446] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.001117][ T447] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-446: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 451] chdir("./18") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 451] write(1, "executing program\n", 18executing program ) = 18 [pid 451] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 451] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 451] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[452]}, 88) = 452 [pid 451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 452] ioctl(3, VHOST_SET_VRING_ADDR [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... ioctl resumed>, 0x200000000300) = 0 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 452] eventfd2(118, EFD_SEMAPHORE [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... eventfd2 resumed>) = 4 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] memfd_create("syzkaller", 0 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 452] <... memfd_create resumed>) = 5 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 452] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 452] munmap(0x7f676585d000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 452] close(5) = 0 [pid 452] close(6) = 0 [pid 452] mkdir("./file0", 0777) = 0 [pid 452] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 452] chdir("./file0") = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_CLR_FD) = 0 [pid 452] close(6) = 0 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 452] write(6, "#! ./file1\n", 11 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... write resumed>) = 11 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 452] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 0 [pid 452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 451] <... futex resumed>) = ? [pid 452] +++ killed by SIGBUS +++ [pid 451] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=451, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 27.126660][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.159435][ T453] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-452: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 457 attached , child_tidptr=0x55557cd2c690) = 457 [pid 457] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 457] chdir("./19") = 0 [pid 457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 457] setpgid(0, 0) = 0 [pid 457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 457] write(3, "1000", 4) = 4 [pid 457] close(3) = 0 [pid 457] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 457] write(1, "executing program\n", 18) = 18 [pid 457] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 457] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 457] <... clone3 resumed> => {parent_tid=[458]}, 88) = 458 [pid 457] rt_sigprocmask(SIG_SETMASK, [], [pid 458] rt_sigprocmask(SIG_SETMASK, [], [pid 457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] ioctl(3, VHOST_SET_VRING_ADDR [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... ioctl resumed>, 0x200000000240) = 0 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 458] memfd_create("syzkaller", 0) = 5 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 458] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 458] munmap(0x7f676585d000, 138412032) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 458] close(5) = 0 [pid 458] close(6) = 0 [pid 458] mkdir("./file0", 0777) = 0 [pid 458] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 458] chdir("./file0") = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_CLR_FD) = 0 [pid 458] close(6) = 0 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] write(6, "#! ./file1\n", 11) = 11 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 458] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 0 [pid 458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 457] <... futex resumed>) = ? [pid 458] +++ killed by SIGBUS +++ [pid 457] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=457, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 27.304378][ T458] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.338126][ T459] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-458: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 463 ./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 463] chdir("./20") = 0 [pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 463] setpgid(0, 0) = 0 [pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 463] write(3, "1000", 4) = 4 [pid 463] close(3) = 0 [pid 463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 463] write(1, "executing program\n", 18executing program ) = 18 [pid 463] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 463] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 463] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 464 attached => {parent_tid=[464]}, 88) = 464 [pid 464] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... openat resumed>) = 3 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 463] <... futex resumed>) = 1 [pid 464] ioctl(3, VHOST_SET_OWNER [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... ioctl resumed>, 0) = 0 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 463] <... futex resumed>) = 1 [pid 464] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 0 [pid 464] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 463] <... futex resumed>) = 0 [pid 464] ioctl(3, VHOST_SET_VRING_ERR [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] <... futex resumed>) = 0 [pid 464] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 463] <... futex resumed>) = 0 [pid 464] ioctl(3, VHOST_SET_VRING_KICK [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... ioctl resumed>, 0x200000000000) = 0 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 464] <... futex resumed>) = 0 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 463] <... futex resumed>) = 0 [pid 464] <... ioctl resumed>, 0x200000000140) = 0 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 463] <... futex resumed>) = 0 [pid 464] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 463] <... futex resumed>) = 1 [pid 464] memfd_create("syzkaller", 0 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 464] <... memfd_create resumed>) = 5 [pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 464] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 464] munmap(0x7f676585d000, 138412032) = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 464] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 464] close(5) = 0 [pid 464] close(6) = 0 [pid 464] mkdir("./file0", 0777) = 0 [pid 464] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 464] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 464] chdir("./file0") = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 464] ioctl(6, LOOP_CLR_FD) = 0 [pid 464] close(6) = 0 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] write(6, "#! ./file1\n", 11) = 11 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 464] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 463] <... futex resumed>) = ? [pid 464] +++ killed by SIGBUS +++ [pid 463] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=463, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 27.516376][ T464] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.547890][ T465] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-464: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 469 ./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 469] chdir("./21") = 0 [pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 469] setpgid(0, 0) = 0 [pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 469] write(3, "1000", 4) = 4 [pid 469] close(3) = 0 [pid 469] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 469] write(1, "executing program\n", 18) = 18 [pid 469] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 469] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[470]}, 88) = 470 [pid 469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 470] memfd_create("syzkaller", 0) = 5 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 470] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 470] munmap(0x7f676585d000, 138412032) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 470] close(5) = 0 [pid 470] close(6) = 0 [pid 470] mkdir("./file0", 0777) = 0 [pid 470] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 470] chdir("./file0") = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_CLR_FD) = 0 [pid 470] close(6) = 0 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... futex resumed>) = 1 [pid 470] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = 1 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] write(6, "#! ./file1\n", 11 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... write resumed>) = 11 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... futex resumed>) = 1 [pid 470] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 470] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 469] <... futex resumed>) = ? [pid 470] +++ killed by SIGBUS +++ [pid 469] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=469, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 27.722399][ T470] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.756421][ T471] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-470: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 475 attached , child_tidptr=0x55557cd2c690) = 475 [pid 475] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 475] chdir("./22") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 475] write(1, "executing program\n", 18) = 18 [pid 475] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 475] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... clone3 resumed> => {parent_tid=[476]}, 88) = 476 [pid 475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 476] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... openat resumed>) = 3 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 476] ioctl(3, VHOST_SET_OWNER [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... ioctl resumed>, 0) = 0 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] ioctl(3, VHOST_SET_VRING_KICK [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... ioctl resumed>, 0x200000000000) = 0 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 476] memfd_create("syzkaller", 0) = 5 [pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 476] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 476] munmap(0x7f676585d000, 138412032) = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 476] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 476] close(5) = 0 [pid 476] close(6) = 0 [pid 476] mkdir("./file0", 0777) = 0 [pid 476] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 476] chdir("./file0") = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 476] ioctl(6, LOOP_CLR_FD) = 0 [pid 476] close(6) = 0 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 476] write(6, "#! ./file1\n", 11 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... write resumed>) = 11 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 476] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 0 [pid 476] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 475] <... futex resumed>) = ? [pid 476] +++ killed by SIGBUS +++ [pid 475] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=475, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 27.885212][ T476] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.918211][ T477] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-476: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 481 ./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 481] chdir("./23") = 0 [pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 481] setpgid(0, 0) = 0 [pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 481] write(3, "1000", 4) = 4 [pid 481] close(3) = 0 [pid 481] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 481] write(1, "executing program\n", 18) = 18 [pid 481] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 481] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 481] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[482]}, 88) = 482 [pid 481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 482] memfd_create("syzkaller", 0) = 5 [pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 482] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 482] munmap(0x7f676585d000, 138412032) = 0 [pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 482] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 482] close(5) = 0 [pid 482] close(6) = 0 [pid 482] mkdir("./file0", 0777) = 0 [pid 482] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 482] chdir("./file0") = 0 [pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 482] ioctl(6, LOOP_CLR_FD) = 0 [pid 482] close(6) = 0 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] write(6, "#! ./file1\n", 11) = 11 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 482] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 0 [pid 482] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 481] <... futex resumed>) = ? [pid 482] +++ killed by SIGBUS +++ [pid 481] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=481, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 28.086485][ T482] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.119349][ T483] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-482: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 487 ./strace-static-x86_64: Process 487 attached [pid 487] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 487] chdir("./24") = 0 [pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 487] setpgid(0, 0) = 0 [pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 487] write(3, "1000", 4) = 4 [pid 487] close(3) = 0 [pid 487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 487] write(1, "executing program\n", 18executing program ) = 18 [pid 487] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 487] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[488]}, 88) = 488 [pid 487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 488] ioctl(3, VHOST_SET_VRING_ADDR [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... ioctl resumed>, 0x200000000300) = 0 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 488] eventfd2(118, EFD_SEMAPHORE [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... eventfd2 resumed>) = 4 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] memfd_create("syzkaller", 0 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 488] <... memfd_create resumed>) = 5 [pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 488] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 488] munmap(0x7f676585d000, 138412032) = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 488] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 488] close(5) = 0 [pid 488] close(6) = 0 [pid 488] mkdir("./file0", 0777) = 0 [pid 488] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 488] chdir("./file0") = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 488] ioctl(6, LOOP_CLR_FD) = 0 [pid 488] close(6) = 0 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] write(6, "#! ./file1\n", 11) = 11 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 488] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 0 [pid 488] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 487] <... futex resumed>) = ? [pid 488] +++ killed by SIGBUS +++ [pid 487] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=487, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 28.285496][ T488] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.318211][ T489] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-488: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 493 ./strace-static-x86_64: Process 493 attached [pid 493] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 493] chdir("./25") = 0 [pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 493] setpgid(0, 0) = 0 [pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 493] write(3, "1000", 4) = 4 [pid 493] close(3) = 0 [pid 493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 493] write(1, "executing program\n", 18executing program ) = 18 [pid 493] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 493] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[494]}, 88) = 494 [pid 493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 494] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 494] memfd_create("syzkaller", 0) = 5 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 494] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 494] munmap(0x7f676585d000, 138412032) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 494] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 494] close(5) = 0 [pid 494] close(6) = 0 [pid 494] mkdir("./file0", 0777) = 0 [pid 494] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 494] chdir("./file0") = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 494] ioctl(6, LOOP_CLR_FD) = 0 [pid 494] close(6) = 0 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] write(6, "#! ./file1\n", 11) = 11 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 494] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] <... futex resumed>) = 0 [pid 494] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 493] <... futex resumed>) = ? [pid 494] +++ killed by SIGBUS +++ [pid 493] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=493, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 28.464741][ T494] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.499392][ T495] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-494: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 499 ./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 499] chdir("./26") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 499] write(1, "executing program\n", 18executing program ) = 18 [pid 499] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 499] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 500 attached => {parent_tid=[500]}, 88) = 500 [pid 500] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 500] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 500] ioctl(3, VHOST_SET_OWNER [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... ioctl resumed>, 0) = 0 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 500] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 500] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 500] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 499] <... futex resumed>) = 1 [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 499] <... futex resumed>) = 1 [pid 500] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 499] <... futex resumed>) = 1 [pid 500] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 499] <... futex resumed>) = 1 [pid 500] memfd_create("syzkaller", 0) = 5 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 500] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 500] <... write resumed>) = 1048576 [pid 500] munmap(0x7f676585d000, 138412032) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 500] close(5) = 0 [pid 500] close(6) = 0 [pid 500] mkdir("./file0", 0777) = 0 [pid 500] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 500] chdir("./file0") = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_CLR_FD) = 0 [pid 500] close(6) = 0 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] write(6, "#! ./file1\n", 11) = 11 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 500] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 499] <... futex resumed>) = ? [pid 500] +++ killed by SIGBUS +++ [pid 499] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=499, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 28.646598][ T500] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.677804][ T501] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-500: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 505] chdir("./27") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 505] write(1, "executing program\n", 18) = 18 [pid 505] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 505] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[506]}, 88) = 506 [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 506 attached [pid 506] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 506] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 506] memfd_create("syzkaller", 0) = 5 [pid 506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 506] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 506] munmap(0x7f676585d000, 138412032) = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 506] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 506] close(5) = 0 [pid 506] close(6) = 0 [pid 506] mkdir("./file0", 0777) = 0 [pid 506] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 506] chdir("./file0") = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 506] ioctl(6, LOOP_CLR_FD) = 0 [pid 506] close(6) = 0 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] write(6, "#! ./file1\n", 11) = 11 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 506] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 505] <... futex resumed>) = ? [pid 506] +++ killed by SIGBUS +++ [pid 505] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=505, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 28.846532][ T506] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.879707][ T507] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-506: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 511 ./strace-static-x86_64: Process 511 attached [pid 511] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 511] chdir("./28") = 0 [pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 511] setpgid(0, 0) = 0 [pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 511] write(3, "1000", 4) = 4 [pid 511] close(3) = 0 [pid 511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 511] write(1, "executing program\n", 18executing program ) = 18 [pid 511] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 511] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 511] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 512 attached => {parent_tid=[512]}, 88) = 512 [pid 512] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 512] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 512] ioctl(3, VHOST_SET_OWNER [pid 511] <... futex resumed>) = 1 [pid 512] <... ioctl resumed>, 0) = 0 [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 512] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 512] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 512] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 512] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = 1 [pid 512] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = 1 [pid 512] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = 1 [pid 512] memfd_create("syzkaller", 0) = 5 [pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 512] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 512] munmap(0x7f676585d000, 138412032) = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 512] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 512] close(5) = 0 [pid 512] close(6) = 0 [pid 512] mkdir("./file0", 0777) = 0 [pid 512] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 512] chdir("./file0") = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 512] ioctl(6, LOOP_CLR_FD) = 0 [pid 512] close(6) = 0 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] <... futex resumed>) = 0 [pid 512] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 512] write(6, "#! ./file1\n", 11) = 11 [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] <... futex resumed>) = 0 [pid 512] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] <... mmap resumed>) = 0x200000000000 [pid 512] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = 1 [pid 511] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 511] <... futex resumed>) = ? [pid 512] +++ killed by SIGBUS +++ [pid 511] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=511, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 29.046551][ T512] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.078943][ T513] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-512: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 517 ./strace-static-x86_64: Process 517 attached [pid 517] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 517] chdir("./29") = 0 [pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 517] setpgid(0, 0) = 0 [pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 517] write(3, "1000", 4) = 4 [pid 517] close(3) = 0 [pid 517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 517] write(1, "executing program\n", 18executing program ) = 18 [pid 517] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 517] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 518 attached => {parent_tid=[518]}, 88) = 518 [pid 518] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 518] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 518] <... futex resumed>) = 1 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 518] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 518] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 518] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 518] memfd_create("syzkaller", 0) = 5 [pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 518] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 518] munmap(0x7f676585d000, 138412032) = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 518] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 518] close(5) = 0 [pid 518] close(6) = 0 [pid 518] mkdir("./file0", 0777) = 0 [pid 518] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 518] chdir("./file0") = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 518] ioctl(6, LOOP_CLR_FD) = 0 [pid 518] close(6) = 0 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] write(6, "#! ./file1\n", 11) = 11 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 518] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = 0 [pid 518] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 517] <... futex resumed>) = ? [pid 518] +++ killed by SIGBUS +++ [pid 517] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=517, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 29.226536][ T518] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.259756][ T519] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-518: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 523 ./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 523] chdir("./30") = 0 [pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 523] setpgid(0, 0) = 0 [pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 523] write(3, "1000", 4) = 4 [pid 523] close(3) = 0 [pid 523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 523] write(1, "executing program\n", 18executing program ) = 18 [pid 523] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 523] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 524 attached => {parent_tid=[524]}, 88) = 524 [pid 524] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_ADDR [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... ioctl resumed>, 0x200000000300) = 0 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 524] <... futex resumed>) = 0 [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 523] <... futex resumed>) = 0 [pid 524] eventfd2(118, EFD_SEMAPHORE [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... eventfd2 resumed>) = 4 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 523] <... futex resumed>) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_ERR [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 523] <... futex resumed>) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_ADDR [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... ioctl resumed>, 0x200000000240) = 0 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 523] <... futex resumed>) = 0 [pid 524] ioctl(3, VHOST_SET_VRING_KICK [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... ioctl resumed>, 0x200000000000) = 0 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 523] <... futex resumed>) = 0 [pid 524] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... ioctl resumed>, 0x200000000140) = 0 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 523] <... futex resumed>) = 0 [pid 524] memfd_create("syzkaller", 0 [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 524] <... memfd_create resumed>) = 5 [pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 524] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 524] munmap(0x7f676585d000, 138412032) = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 524] close(5) = 0 [pid 524] close(6) = 0 [pid 524] mkdir("./file0", 0777) = 0 [pid 524] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 524] chdir("./file0") = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_CLR_FD) = 0 [pid 524] close(6) = 0 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 524] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... openat resumed>) = 6 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 524] write(6, "#! ./file1\n", 11 [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... write resumed>) = 11 [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] <... mmap resumed>) = 0x200000000000 [ 29.396496][ T524] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 524] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 523] <... futex resumed>) = ? [pid 524] +++ killed by SIGBUS +++ [pid 523] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=523, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 29.437035][ T525] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-524: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 529 attached , child_tidptr=0x55557cd2c690) = 529 [pid 529] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 529] chdir("./31") = 0 [pid 529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 529] setpgid(0, 0) = 0 [pid 529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 529] write(3, "1000", 4) = 4 [pid 529] close(3) = 0 [pid 529] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 529] write(1, "executing program\n", 18) = 18 [pid 529] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 529] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[530]}, 88) = 530 [pid 529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 530] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 530] memfd_create("syzkaller", 0) = 5 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 530] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 530] munmap(0x7f676585d000, 138412032) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 530] close(5) = 0 [pid 530] close(6) = 0 [pid 530] mkdir("./file0", 0777) = 0 [pid 530] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 530] chdir("./file0") = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_CLR_FD) = 0 [pid 530] close(6) = 0 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] write(6, "#! ./file1\n", 11) = 11 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 530] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 0 [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 529] <... futex resumed>) = ? [pid 530] +++ killed by SIGBUS +++ [pid 529] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=529, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 29.576523][ T530] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.609758][ T531] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-530: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 535 attached , child_tidptr=0x55557cd2c690) = 535 [pid 535] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 535] chdir("./32") = 0 [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 535] setpgid(0, 0) = 0 [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 535] write(3, "1000", 4) = 4 [pid 535] close(3) = 0 [pid 535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 535] write(1, "executing program\n", 18executing program ) = 18 [pid 535] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 535] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[536]}, 88) = 536 [pid 535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 536] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = 1 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 536] memfd_create("syzkaller", 0) = 5 [pid 536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 536] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 536] munmap(0x7f676585d000, 138412032) = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 536] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 536] close(5) = 0 [pid 536] close(6) = 0 [pid 536] mkdir("./file0", 0777) = 0 [pid 536] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 536] chdir("./file0") = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 536] ioctl(6, LOOP_CLR_FD) = 0 [pid 536] close(6) = 0 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] write(6, "#! ./file1\n", 11) = 11 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 536] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] <... futex resumed>) = 0 [pid 536] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 535] <... futex resumed>) = ? [pid 536] +++ killed by SIGBUS +++ [pid 535] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=535, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 29.766468][ T536] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.800108][ T537] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-536: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 541 ./strace-static-x86_64: Process 541 attached [pid 541] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 541] chdir("./33") = 0 [pid 541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 541] setpgid(0, 0) = 0 [pid 541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "1000", 4) = 4 [pid 541] close(3) = 0 [pid 541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 541] write(1, "executing program\n", 18) = 18 [pid 541] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000executing program ) = 0 [pid 541] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 541] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 541] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[542]}, 88) = 542 [pid 541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 542 attached [pid 542] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 542] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] <... futex resumed>) = 1 [pid 542] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 542] memfd_create("syzkaller", 0) = 5 [pid 542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 542] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 542] munmap(0x7f676585d000, 138412032) = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 542] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 542] close(5) = 0 [pid 542] close(6) = 0 [pid 542] mkdir("./file0", 0777) = 0 [pid 542] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 542] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 542] chdir("./file0") = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 542] ioctl(6, LOOP_CLR_FD) = 0 [pid 542] close(6) = 0 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] write(6, "#! ./file1\n", 11) = 11 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 542] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] <... futex resumed>) = 0 [pid 542] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 541] <... futex resumed>) = ? [pid 542] +++ killed by SIGBUS +++ [pid 541] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=541, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 29.916618][ T542] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.950551][ T543] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-542: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 547 ./strace-static-x86_64: Process 547 attached [pid 547] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 547] chdir("./34") = 0 [pid 547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 547] setpgid(0, 0) = 0 [pid 547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 547] write(3, "1000", 4) = 4 [pid 547] close(3) = 0 [pid 547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 547] write(1, "executing program\n", 18executing program ) = 18 [pid 547] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 547] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 547] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 547] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[548]}, 88) = 548 [pid 547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 548] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 548] ioctl(3, VHOST_SET_VRING_ADDR [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] <... ioctl resumed>, 0x200000000300) = 0 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 548] eventfd2(118, EFD_SEMAPHORE [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] <... eventfd2 resumed>) = 4 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 548] memfd_create("syzkaller", 0 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 548] <... memfd_create resumed>) = 5 [pid 548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 548] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 548] munmap(0x7f676585d000, 138412032) = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 548] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 548] close(5) = 0 [pid 548] close(6) = 0 [pid 548] mkdir("./file0", 0777) = 0 [pid 548] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 548] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 548] chdir("./file0") = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 548] ioctl(6, LOOP_CLR_FD) = 0 [pid 548] close(6) = 0 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] write(6, "#! ./file1\n", 11) = 11 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 548] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] <... futex resumed>) = 0 [pid 548] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 547] <... futex resumed>) = ? [pid 548] +++ killed by SIGBUS +++ [pid 547] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=547, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 30.126619][ T548] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.159948][ T549] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-548: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 553 ./strace-static-x86_64: Process 553 attached [pid 553] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 553] chdir("./35") = 0 [pid 553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 553] setpgid(0, 0) = 0 [pid 553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 553] write(3, "1000", 4) = 4 [pid 553] close(3) = 0 [pid 553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 553] write(1, "executing program\n", 18) = 18 executing program [pid 553] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 553] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 553] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 553] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[554]}, 88) = 554 [pid 553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 554] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 554] memfd_create("syzkaller", 0) = 5 [pid 554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 554] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 554] munmap(0x7f676585d000, 138412032) = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 554] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 554] close(5) = 0 [pid 554] close(6) = 0 [pid 554] mkdir("./file0", 0777) = 0 [pid 554] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 554] chdir("./file0") = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 554] ioctl(6, LOOP_CLR_FD) = 0 [pid 554] close(6) = 0 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] write(6, "#! ./file1\n", 11) = 11 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 554] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 554] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... futex resumed>) = 0 [pid 554] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 553] <... futex resumed>) = ? [pid 554] +++ killed by SIGBUS +++ [pid 553] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=553, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 30.326444][ T554] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.359991][ T555] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-554: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 559 ./strace-static-x86_64: Process 559 attached [pid 559] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 559] chdir("./36") = 0 [pid 559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 559] setpgid(0, 0) = 0 [pid 559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 559] write(3, "1000", 4) = 4 [pid 559] close(3) = 0 [pid 559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 559] write(1, "executing program\n", 18executing program ) = 18 [pid 559] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 559] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 559] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 559] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[560]}, 88) = 560 [pid 559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 560 attached [pid 560] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 560] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 560] memfd_create("syzkaller", 0) = 5 [pid 560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 560] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 560] munmap(0x7f676585d000, 138412032) = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 560] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 560] close(5) = 0 [pid 560] close(6) = 0 [pid 560] mkdir("./file0", 0777) = 0 [pid 560] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 560] chdir("./file0") = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 560] ioctl(6, LOOP_CLR_FD) = 0 [pid 560] close(6) = 0 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] write(6, "#! ./file1\n", 11) = 11 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 560] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] <... futex resumed>) = 0 [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 559] <... futex resumed>) = ? [pid 560] +++ killed by SIGBUS +++ [pid 559] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=559, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 30.536492][ T560] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.569476][ T561] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-560: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 565 ./strace-static-x86_64: Process 565 attached [pid 565] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 565] chdir("./37") = 0 [pid 565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 565] setpgid(0, 0) = 0 [pid 565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 565] write(3, "1000", 4) = 4 [pid 565] close(3) = 0 [pid 565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 565] write(1, "executing program\n", 18executing program ) = 18 [pid 565] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 565] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 565] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 565] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 566 attached => {parent_tid=[566]}, 88) = 566 [pid 566] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 565] <... futex resumed>) = 1 [pid 566] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 565] <... futex resumed>) = 1 [pid 566] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 565] <... futex resumed>) = 1 [pid 566] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 565] <... futex resumed>) = 1 [pid 566] memfd_create("syzkaller", 0 [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 566] <... memfd_create resumed>) = 5 [pid 566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 566] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 566] munmap(0x7f676585d000, 138412032) = 0 [pid 566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 566] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 566] close(5) = 0 [pid 566] close(6) = 0 [pid 566] mkdir("./file0", 0777) = 0 [pid 566] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 566] chdir("./file0") = 0 [pid 566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 566] ioctl(6, LOOP_CLR_FD) = 0 [pid 566] close(6) = 0 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 565] <... futex resumed>) = 0 [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... futex resumed>) = 1 [pid 566] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 565] <... futex resumed>) = 0 [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... futex resumed>) = 1 [pid 566] write(6, "#! ./file1\n", 11) = 11 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 565] <... futex resumed>) = 0 [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... futex resumed>) = 1 [pid 566] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 566] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 565] <... futex resumed>) = 0 [pid 565] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... futex resumed>) = 1 [pid 566] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 565] <... futex resumed>) = ? [pid 566] +++ killed by SIGBUS +++ [pid 565] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=565, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 30.705921][ T566] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.737052][ T567] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-566: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 571 ./strace-static-x86_64: Process 571 attached [pid 571] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 571] chdir("./38") = 0 [pid 571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 571] setpgid(0, 0) = 0 [pid 571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 571] write(3, "1000", 4) = 4 [pid 571] close(3) = 0 [pid 571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 571] write(1, "executing program\n", 18executing program ) = 18 [pid 571] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 571] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] <... clone3 resumed> => {parent_tid=[572]}, 88) = 572 [pid 571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... futex resumed>) = 0 [pid 571] <... futex resumed>) = 1 [pid 572] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 572] ioctl(3, VHOST_SET_OWNER [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... ioctl resumed>, 0) = 0 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 572] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] <... futex resumed>) = 0 [pid 572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] ioctl(3, VHOST_SET_VRING_ERR [pid 571] <... futex resumed>) = 0 [pid 572] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 571] <... futex resumed>) = 0 [pid 572] ioctl(3, VHOST_SET_VRING_ADDR [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... ioctl resumed>, 0x200000000240) = 0 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] <... futex resumed>) = 0 [pid 572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 571] <... futex resumed>) = 0 [pid 572] <... ioctl resumed>, 0x200000000140) = 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... futex resumed>) = 0 [pid 571] <... futex resumed>) = 1 [pid 572] memfd_create("syzkaller", 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 572] <... memfd_create resumed>) = 5 [pid 572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 572] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 572] munmap(0x7f676585d000, 138412032) = 0 [pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 572] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 572] close(5) = 0 [pid 572] close(6) = 0 [pid 572] mkdir("./file0", 0777) = 0 [pid 572] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 572] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 572] chdir("./file0") = 0 [pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 572] ioctl(6, LOOP_CLR_FD) = 0 [pid 572] close(6) = 0 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] write(6, "#! ./file1\n", 11) = 11 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 572] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 571] <... futex resumed>) = ? [pid 572] +++ killed by SIGBUS +++ [pid 571] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=571, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 30.916383][ T572] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.947794][ T573] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-572: bg 0: block 234: padding at end of block bitmap is not set umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 577 ./strace-static-x86_64: Process 577 attached [pid 577] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 577] chdir("./39") = 0 [pid 577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 577] setpgid(0, 0) = 0 [pid 577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 577] write(3, "1000", 4) = 4 [pid 577] close(3) = 0 [pid 577] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 577] write(1, "executing program\n", 18) = 18 [pid 577] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 577] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 577] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 577] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[578]}, 88) = 578 [pid 577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 578 attached [pid 578] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 578] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 578] memfd_create("syzkaller", 0) = 5 [pid 578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 578] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 578] munmap(0x7f676585d000, 138412032) = 0 [pid 578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 578] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 578] close(5) = 0 [pid 578] close(6) = 0 [pid 578] mkdir("./file0", 0777) = 0 [pid 578] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 578] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 578] chdir("./file0") = 0 [pid 578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 578] ioctl(6, LOOP_CLR_FD) = 0 [pid 578] close(6) = 0 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] write(6, "#! ./file1\n", 11) = 11 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 578] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 577] <... futex resumed>) = ? [pid 578] +++ killed by SIGBUS +++ [pid 577] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=577, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 31.126597][ T578] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.159846][ T579] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-578: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 583 ./strace-static-x86_64: Process 583 attached [pid 583] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 583] chdir("./40") = 0 [pid 583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 583] setpgid(0, 0) = 0 [pid 583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 583] write(3, "1000", 4) = 4 [pid 583] close(3) = 0 [pid 583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 583] write(1, "executing program\n", 18executing program ) = 18 [pid 583] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 583] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 583] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 583] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[584]}, 88) = 584 [pid 583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 584 attached [pid 584] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 584] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 584] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 584] memfd_create("syzkaller", 0) = 5 [pid 584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 584] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 584] munmap(0x7f676585d000, 138412032) = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 584] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 584] close(5) = 0 [pid 584] close(6) = 0 [pid 584] mkdir("./file0", 0777) = 0 [pid 584] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 584] chdir("./file0") = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 584] ioctl(6, LOOP_CLR_FD) = 0 [pid 584] close(6) = 0 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] write(6, "#! ./file1\n", 11) = 11 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 584] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] <... futex resumed>) = 0 [pid 584] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 583] <... futex resumed>) = ? [pid 584] +++ killed by SIGBUS +++ [pid 583] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=583, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 31.344358][ T584] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.377291][ T585] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-584: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 589 ./strace-static-x86_64: Process 589 attached [pid 589] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 589] chdir("./41") = 0 [pid 589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 589] setpgid(0, 0) = 0 [pid 589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 589] write(3, "1000", 4) = 4 [pid 589] close(3) = 0 [pid 589] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 589] write(1, "executing program\n", 18) = 18 [pid 589] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 589] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 589] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[590]}, 88) = 590 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 590 attached [pid 590] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 590] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 590] memfd_create("syzkaller", 0) = 5 [pid 590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 590] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 590] munmap(0x7f676585d000, 138412032) = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 590] close(5) = 0 [pid 590] close(6) = 0 [pid 590] mkdir("./file0", 0777) = 0 [pid 590] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 590] chdir("./file0") = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_CLR_FD) = 0 [pid 590] close(6) = 0 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] write(6, "#! ./file1\n", 11) = 11 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 590] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 0 [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 589] <... futex resumed>) = ? [pid 590] +++ killed by SIGBUS +++ [pid 589] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=589, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 31.575618][ T590] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.609547][ T591] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-590: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 595 ./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 595] chdir("./42") = 0 [pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 595] setpgid(0, 0) = 0 [pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 595] write(3, "1000", 4) = 4 [pid 595] close(3) = 0 [pid 595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 595] write(1, "executing program\n", 18executing program ) = 18 [pid 595] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 595] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 595] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 595] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 595] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 596 attached => {parent_tid=[596]}, 88) = 596 [pid 596] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] ioctl(3, VHOST_SET_OWNER [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... ioctl resumed>, 0) = 0 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 595] <... futex resumed>) = 1 [pid 596] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 595] <... futex resumed>) = 1 [pid 596] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 595] <... futex resumed>) = 1 [pid 596] memfd_create("syzkaller", 0) = 5 [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 596] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 596] munmap(0x7f676585d000, 138412032) = 0 [pid 596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 596] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 596] close(5) = 0 [pid 596] close(6) = 0 [pid 596] mkdir("./file0", 0777) = 0 [pid 596] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 596] chdir("./file0") = 0 [pid 596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 596] ioctl(6, LOOP_CLR_FD) = 0 [pid 596] close(6) = 0 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] write(6, "#! ./file1\n", 11) = 11 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 596] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 595] <... futex resumed>) = ? [pid 596] +++ killed by SIGBUS +++ [pid 595] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=595, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 31.757755][ T596] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.788735][ T597] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-596: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 601 ./strace-static-x86_64: Process 601 attached [pid 601] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 601] chdir("./43") = 0 [pid 601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 601] setpgid(0, 0) = 0 [pid 601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 601] write(3, "1000", 4) = 4 [pid 601] close(3) = 0 [pid 601] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 601] write(1, "executing program\n", 18) = 18 [pid 601] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 601] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[602]}, 88) = 602 [pid 601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 602 attached [pid 602] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 602] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 1 [pid 602] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 602] memfd_create("syzkaller", 0) = 5 [pid 602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 602] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 602] munmap(0x7f676585d000, 138412032) = 0 [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 602] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 602] close(5) = 0 [pid 602] close(6) = 0 [pid 602] mkdir("./file0", 0777) = 0 [pid 602] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 602] chdir("./file0") = 0 [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 602] ioctl(6, LOOP_CLR_FD) = 0 [pid 602] close(6) = 0 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] write(6, "#! ./file1\n", 11) = 11 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 602] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 0 [pid 602] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 601] <... futex resumed>) = ? [pid 602] +++ killed by SIGBUS +++ [pid 601] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=601, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 31.966535][ T602] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.999693][ T603] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-602: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 607 ./strace-static-x86_64: Process 607 attached [pid 607] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 607] chdir("./44") = 0 [pid 607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 607] setpgid(0, 0) = 0 [pid 607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 607] write(3, "1000", 4) = 4 [pid 607] close(3) = 0 [pid 607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 607] write(1, "executing program\n", 18executing program ) = 18 [pid 607] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 607] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 607] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 608 attached => {parent_tid=[608]}, 88) = 608 [pid 608] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 607] <... futex resumed>) = 1 [pid 608] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 607] <... futex resumed>) = 1 [pid 608] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 607] <... futex resumed>) = 1 [pid 608] memfd_create("syzkaller", 0) = 5 [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 608] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 608] munmap(0x7f676585d000, 138412032) = 0 [pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 608] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 608] close(5) = 0 [pid 608] close(6) = 0 [pid 608] mkdir("./file0", 0777) = 0 [pid 608] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 608] chdir("./file0") = 0 [pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 608] ioctl(6, LOOP_CLR_FD) = 0 [pid 608] close(6) = 0 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] write(6, "#! ./file1\n", 11) = 11 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 608] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 607] <... futex resumed>) = ? [pid 608] +++ killed by SIGBUS +++ [pid 607] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=607, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 32.136424][ T608] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.167590][ T609] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-608: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 613 ./strace-static-x86_64: Process 613 attached [pid 613] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 613] chdir("./45") = 0 [pid 613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 613] setpgid(0, 0) = 0 [pid 613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 613] write(3, "1000", 4) = 4 [pid 613] close(3) = 0 [pid 613] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 613] write(1, "executing program\n", 18) = 18 [pid 613] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 613] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 613] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[614]}, 88) = 614 [pid 613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 614 attached [pid 614] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 614] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 614] memfd_create("syzkaller", 0) = 5 [pid 614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 614] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 614] munmap(0x7f676585d000, 138412032) = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 614] close(5) = 0 [pid 614] close(6) = 0 [pid 614] mkdir("./file0", 0777) = 0 [pid 614] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 614] chdir("./file0") = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_CLR_FD) = 0 [pid 614] close(6) = 0 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] write(6, "#! ./file1\n", 11) = 11 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 614] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] <... futex resumed>) = 0 [pid 614] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 613] <... futex resumed>) = ? [pid 614] +++ killed by SIGBUS +++ [pid 613] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=613, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 32.296490][ T614] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.330242][ T615] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-614: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 619 ./strace-static-x86_64: Process 619 attached [pid 619] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 619] chdir("./46") = 0 [pid 619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 619] setpgid(0, 0) = 0 [pid 619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 619] write(3, "1000", 4) = 4 [pid 619] close(3) = 0 [pid 619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 619] write(1, "executing program\n", 18executing program ) = 18 [pid 619] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 619] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 619] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 620 attached [pid 620] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... clone3 resumed> => {parent_tid=[620]}, 88) = 620 [pid 619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] ioctl(3, VHOST_SET_OWNER [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... ioctl resumed>, 0) = 0 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 620] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 620] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... futex resumed>) = 1 [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 620] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 620] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 620] memfd_create("syzkaller", 0 [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 620] <... memfd_create resumed>) = 5 [pid 620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 620] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 620] munmap(0x7f676585d000, 138412032) = 0 [pid 620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 620] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 620] close(5) = 0 [pid 620] close(6) = 0 [pid 620] mkdir("./file0", 0777) = 0 [pid 620] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 620] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 620] chdir("./file0") = 0 [pid 620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 620] ioctl(6, LOOP_CLR_FD) = 0 [pid 620] close(6) = 0 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... futex resumed>) = 1 [pid 620] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... futex resumed>) = 1 [pid 620] write(6, "#! ./file1\n", 11) = 11 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... futex resumed>) = 1 [pid 620] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 620] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... futex resumed>) = 1 [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 619] <... futex resumed>) = ? [pid 620] +++ killed by SIGBUS +++ [pid 619] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=619, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 32.476485][ T620] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.508028][ T621] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-620: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 625 ./strace-static-x86_64: Process 625 attached [pid 625] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 625] chdir("./47") = 0 [pid 625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 625] setpgid(0, 0) = 0 [pid 625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 625] write(3, "1000", 4) = 4 [pid 625] close(3) = 0 [pid 625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 625] write(1, "executing program\n", 18executing program ) = 18 [pid 625] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 625] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 625] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 625] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[626]}, 88) = 626 [pid 625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 626 attached [pid 626] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 626] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 626] memfd_create("syzkaller", 0) = 5 [pid 626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 626] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 626] munmap(0x7f676585d000, 138412032) = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 626] close(5) = 0 [pid 626] close(6) = 0 [pid 626] mkdir("./file0", 0777) = 0 [pid 626] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 626] chdir("./file0") = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_CLR_FD) = 0 [pid 626] close(6) = 0 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] write(6, "#! ./file1\n", 11) = 11 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 626] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 626] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 0 [pid 626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 625] <... futex resumed>) = ? [pid 626] +++ killed by SIGBUS +++ [pid 625] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=625, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 32.656058][ T626] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.690237][ T627] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-626: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 631 ./strace-static-x86_64: Process 631 attached [pid 631] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 631] chdir("./48") = 0 [pid 631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 631] setpgid(0, 0) = 0 [pid 631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 631] write(3, "1000", 4) = 4 [pid 631] close(3) = 0 [pid 631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 631] write(1, "executing program\n", 18executing program ) = 18 [pid 631] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 631] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 631] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 632 attached [pid 632] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 632] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] <... clone3 resumed> => {parent_tid=[632]}, 88) = 632 [pid 631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] ioctl(3, VHOST_SET_OWNER [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... ioctl resumed>, 0) = 0 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 632] eventfd2(118, EFD_SEMAPHORE [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... eventfd2 resumed>) = 4 [pid 631] <... futex resumed>) = 0 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 632] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 0 [pid 632] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 632] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 632] <... futex resumed>) = 0 [pid 632] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 632] <... futex resumed>) = 0 [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 631] <... futex resumed>) = 0 [pid 632] <... ioctl resumed>, 0x200000000140) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 632] memfd_create("syzkaller", 0 [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... memfd_create resumed>) = 5 [pid 631] <... futex resumed>) = 0 [pid 632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 632] <... mmap resumed>) = 0x7f676585d000 [pid 632] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 632] munmap(0x7f676585d000, 138412032) = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 632] close(5) = 0 [pid 632] close(6) = 0 [pid 632] mkdir("./file0", 0777) = 0 [pid 632] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 632] chdir("./file0") = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_CLR_FD) = 0 [pid 632] close(6) = 0 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 1 [pid 632] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 1 [pid 632] write(6, "#! ./file1\n", 11) = 11 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 1 [pid 632] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 632] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 1 [pid 632] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 631] <... futex resumed>) = ? [pid 632] +++ killed by SIGBUS +++ [pid 631] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=631, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 32.836342][ T632] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.867174][ T633] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-632: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 637 ./strace-static-x86_64: Process 637 attached [pid 637] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 637] chdir("./49") = 0 [pid 637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 637] setpgid(0, 0) = 0 [pid 637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 637] write(3, "1000", 4) = 4 [pid 637] close(3) = 0 [pid 637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 637] write(1, "executing program\n", 18executing program ) = 18 [pid 637] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 637] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[638]}, 88) = 638 [pid 637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 638 attached [pid 638] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 638] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... futex resumed>) = 1 [pid 638] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 638] memfd_create("syzkaller", 0) = 5 [pid 638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 638] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 638] munmap(0x7f676585d000, 138412032) = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 638] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 638] close(5) = 0 [pid 638] close(6) = 0 [pid 638] mkdir("./file0", 0777) = 0 [pid 638] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 638] chdir("./file0") = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 638] ioctl(6, LOOP_CLR_FD) = 0 [pid 638] close(6) = 0 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] write(6, "#! ./file1\n", 11) = 11 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 638] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... futex resumed>) = 0 [pid 638] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 637] <... futex resumed>) = ? [pid 638] +++ killed by SIGBUS +++ [pid 637] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=637, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 33.046470][ T638] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.079590][ T639] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-638: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 643 ./strace-static-x86_64: Process 643 attached [pid 643] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 643] chdir("./50") = 0 [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 643] setpgid(0, 0) = 0 [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 643] write(3, "1000", 4) = 4 [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 643] write(1, "executing program\n", 18executing program ) = 18 [pid 643] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 643] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[644]}, 88) = 644 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 644 attached [pid 644] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 644] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 644] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 644] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 644] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 644] memfd_create("syzkaller", 0) = 5 [pid 644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 644] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 644] munmap(0x7f676585d000, 138412032) = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 644] close(5) = 0 [pid 644] close(6) = 0 [pid 644] mkdir("./file0", 0777) = 0 [pid 644] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 644] chdir("./file0") = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_CLR_FD) = 0 [pid 644] close(6) = 0 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] write(6, "#! ./file1\n", 11) = 11 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 644] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 644] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 644] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 644] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 643] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 33.216479][ T644] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 643] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 644] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 643] <... futex resumed>) = ? [pid 644] +++ killed by SIGBUS +++ [pid 643] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=643, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 33.261404][ T645] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-644: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 649 ./strace-static-x86_64: Process 649 attached [pid 649] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 649] chdir("./51") = 0 [pid 649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 649] setpgid(0, 0) = 0 [pid 649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 649] write(3, "1000", 4) = 4 [pid 649] close(3) = 0 [pid 649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 649] write(1, "executing program\n", 18executing program ) = 18 [pid 649] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 649] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[650]}, 88) = 650 ./strace-static-x86_64: Process 650 attached [pid 649] rt_sigprocmask(SIG_SETMASK, [], [pid 650] set_robust_list(0x7f676dc7d9a0, 24 [pid 649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] <... set_robust_list resumed>) = 0 [pid 650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 650] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 650] ioctl(3, VHOST_SET_MEM_TABLE [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] <... ioctl resumed>, 0x200000003380) = 0 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 650] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 650] memfd_create("syzkaller", 0) = 5 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 650] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 650] munmap(0x7f676585d000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 650] close(5) = 0 [pid 650] close(6) = 0 [pid 650] mkdir("./file0", 0777) = 0 [pid 650] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 650] chdir("./file0") = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_CLR_FD) = 0 [pid 650] close(6) = 0 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] write(6, "#! ./file1\n", 11) = 11 [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.446499][ T650] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 650] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 649] <... futex resumed>) = ? [pid 650] +++ killed by SIGBUS +++ [pid 649] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=649, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 33.490220][ T651] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-650: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 655 ./strace-static-x86_64: Process 655 attached [pid 655] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 655] chdir("./52") = 0 [pid 655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] setpgid(0, 0) = 0 [pid 655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] write(3, "1000", 4) = 4 [pid 655] close(3) = 0 [pid 655] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 655] write(1, "executing program\n", 18) = 18 [pid 655] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 655] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 656 attached [pid 656] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 656] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] <... clone3 resumed> => {parent_tid=[656]}, 88) = 656 [pid 655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 656] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 656] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] ioctl(3, VHOST_SET_MEM_TABLE [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] <... ioctl resumed>, 0x200000003380) = 0 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 656] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 656] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] <... futex resumed>) = 0 [pid 656] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] ioctl(3, VHOST_SET_VRING_ADDR [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] <... ioctl resumed>, 0x200000000240) = 0 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 655] <... futex resumed>) = 0 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 656] memfd_create("syzkaller", 0) = 5 [pid 656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 656] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 656] munmap(0x7f676585d000, 138412032) = 0 [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 656] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 656] close(5) = 0 [pid 656] close(6) = 0 [pid 656] mkdir("./file0", 0777) = 0 [pid 656] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 656] chdir("./file0") = 0 [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 656] ioctl(6, LOOP_CLR_FD) = 0 [pid 656] close(6) = 0 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] write(6, "#! ./file1\n", 11) = 11 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 656] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] <... futex resumed>) = 0 [pid 656] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 655] <... futex resumed>) = ? [pid 656] +++ killed by SIGBUS +++ [pid 655] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=655, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 33.626377][ T656] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.659953][ T657] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-656: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 661 ./strace-static-x86_64: Process 661 attached [pid 661] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 661] chdir("./53") = 0 [pid 661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 661] setpgid(0, 0) = 0 [pid 661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 661] write(3, "1000", 4) = 4 [pid 661] close(3) = 0 [pid 661] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 661] write(1, "executing program\n", 18) = 18 [pid 661] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 661] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 662 attached [pid 662] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 662] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] <... clone3 resumed> => {parent_tid=[662]}, 88) = 662 [pid 661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 662] <... futex resumed>) = 0 [pid 662] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... openat resumed>) = 3 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 662] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] ioctl(3, VHOST_SET_VRING_ADDR [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... ioctl resumed>, 0x200000000300) = 0 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] ioctl(3, VHOST_SET_VRING_ADDR [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... ioctl resumed>, 0x200000000240) = 0 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 662] memfd_create("syzkaller", 0) = 5 [pid 662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 662] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 662] munmap(0x7f676585d000, 138412032) = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 662] close(5) = 0 [pid 662] close(6) = 0 [pid 662] mkdir("./file0", 0777) = 0 [pid 662] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 662] chdir("./file0") = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_CLR_FD) = 0 [pid 662] close(6) = 0 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... futex resumed>) = 1 [pid 662] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... futex resumed>) = 1 [pid 662] write(6, "#! ./file1\n", 11) = 11 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... futex resumed>) = 1 [pid 662] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 662] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [ 33.876506][ T662] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 661] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 661] <... futex resumed>) = ? [pid 662] +++ killed by SIGBUS +++ [pid 661] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=661, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 33.918685][ T663] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-662: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 667 ./strace-static-x86_64: Process 667 attached [pid 667] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 667] chdir("./54") = 0 [pid 667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 667] setpgid(0, 0) = 0 [pid 667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 667] write(3, "1000", 4) = 4 [pid 667] close(3) = 0 [pid 667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 667] write(1, "executing program\n", 18executing program ) = 18 [pid 667] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 667] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 667] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 668 attached => {parent_tid=[668]}, 88) = 668 [pid 668] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 668] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] <... futex resumed>) = 0 [pid 667] <... futex resumed>) = 1 [pid 668] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] <... futex resumed>) = 0 [pid 667] <... futex resumed>) = 1 [pid 668] eventfd2(118, EFD_SEMAPHORE [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] <... eventfd2 resumed>) = 4 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] <... futex resumed>) = 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 668] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] <... futex resumed>) = 0 [pid 668] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 667] <... futex resumed>) = 0 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] <... futex resumed>) = 0 [pid 667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 668] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] <... futex resumed>) = 0 [pid 667] <... futex resumed>) = 1 [pid 668] ioctl(3, VHOST_SET_VRING_KICK [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] <... ioctl resumed>, 0x200000000000) = 0 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 668] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] <... futex resumed>) = 0 [pid 667] <... futex resumed>) = 1 [pid 668] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 668] memfd_create("syzkaller", 0 [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] <... memfd_create resumed>) = 5 [pid 667] <... futex resumed>) = 0 [pid 668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 668] <... mmap resumed>) = 0x7f676585d000 [pid 668] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 668] munmap(0x7f676585d000, 138412032) = 0 [pid 668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 668] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 668] close(5) = 0 [pid 668] close(6) = 0 [pid 668] mkdir("./file0", 0777) = 0 [pid 668] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 668] chdir("./file0") = 0 [pid 668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 668] ioctl(6, LOOP_CLR_FD) = 0 [pid 668] close(6) = 0 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] <... futex resumed>) = 1 [pid 668] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] <... futex resumed>) = 1 [pid 668] write(6, "#! ./file1\n", 11) = 11 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] <... futex resumed>) = 1 [pid 668] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 668] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] <... futex resumed>) = 1 [pid 668] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 667] <... futex resumed>) = ? [pid 668] +++ killed by SIGBUS +++ [pid 667] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=667, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 34.116383][ T668] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.147725][ T669] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-668: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 673 ./strace-static-x86_64: Process 673 attached [pid 673] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 673] chdir("./55") = 0 [pid 673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 673] setpgid(0, 0) = 0 [pid 673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 673] write(3, "1000", 4) = 4 [pid 673] close(3) = 0 [pid 673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 673] write(1, "executing program\n", 18executing program ) = 18 [pid 673] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 673] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 673] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 673] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[674]}, 88) = 674 [pid 673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 674 attached [pid 674] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 674] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 674] memfd_create("syzkaller", 0) = 5 [pid 674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 674] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 674] munmap(0x7f676585d000, 138412032) = 0 [pid 674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 674] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 674] close(5) = 0 [pid 674] close(6) = 0 [pid 674] mkdir("./file0", 0777) = 0 [pid 674] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 674] chdir("./file0") = 0 [pid 674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 674] ioctl(6, LOOP_CLR_FD) = 0 [pid 674] close(6) = 0 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] write(6, "#! ./file1\n", 11) = 11 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 674] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 673] <... futex resumed>) = ? [pid 674] +++ killed by SIGBUS +++ [pid 673] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=673, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 34.326501][ T674] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.359337][ T675] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-674: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 679 ./strace-static-x86_64: Process 679 attached [pid 679] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 679] chdir("./56") = 0 [pid 679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 679] setpgid(0, 0) = 0 [pid 679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 679] write(3, "1000", 4) = 4 [pid 679] close(3) = 0 [pid 679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 679] write(1, "executing program\n", 18executing program ) = 18 [pid 679] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 679] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 679] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 680 attached [pid 680] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] <... clone3 resumed> => {parent_tid=[680]}, 88) = 680 [pid 679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] ioctl(3, VHOST_SET_OWNER [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] <... ioctl resumed>, 0) = 0 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 680] <... futex resumed>) = 0 [pid 679] <... futex resumed>) = 1 [pid 680] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 680] <... futex resumed>) = 0 [pid 679] <... futex resumed>) = 1 [pid 680] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 680] <... futex resumed>) = 0 [pid 679] <... futex resumed>) = 1 [pid 680] memfd_create("syzkaller", 0) = 5 [pid 680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 680] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 680] <... write resumed>) = 1048576 [pid 680] munmap(0x7f676585d000, 138412032) = 0 [pid 680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 680] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 680] close(5) = 0 [pid 680] close(6) = 0 [pid 680] mkdir("./file0", 0777) = 0 [pid 680] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 680] chdir("./file0") = 0 [pid 680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 680] ioctl(6, LOOP_CLR_FD) = 0 [pid 680] close(6) = 0 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] <... futex resumed>) = 1 [pid 680] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] <... futex resumed>) = 1 [pid 680] write(6, "#! ./file1\n", 11) = 11 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] <... futex resumed>) = 1 [pid 680] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 680] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] <... futex resumed>) = 1 [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 679] <... futex resumed>) = ? [pid 680] +++ killed by SIGBUS +++ [pid 679] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=679, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 34.486319][ T680] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.516941][ T681] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-680: bg 0: block 234: padding at end of block bitmap is not set umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 685 ./strace-static-x86_64: Process 685 attached [pid 685] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 685] chdir("./57") = 0 [pid 685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 685] setpgid(0, 0) = 0 [pid 685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 685] write(3, "1000", 4) = 4 [pid 685] close(3) = 0 [pid 685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 685] write(1, "executing program\n", 18executing program ) = 18 [pid 685] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 685] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 685] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[686]}, 88) = 686 [pid 685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 686 attached [pid 686] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 686] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 686] memfd_create("syzkaller", 0) = 5 [pid 686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 686] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 686] munmap(0x7f676585d000, 138412032) = 0 [pid 686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 686] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 686] close(5) = 0 [pid 686] close(6) = 0 [pid 686] mkdir("./file0", 0777) = 0 [pid 686] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 686] chdir("./file0") = 0 [pid 686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 686] ioctl(6, LOOP_CLR_FD) = 0 [pid 686] close(6) = 0 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] write(6, "#! ./file1\n", 11) = 11 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 686] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 685] <... futex resumed>) = ? [pid 686] +++ killed by SIGBUS +++ [pid 685] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=685, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 34.636516][ T686] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.668582][ T687] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-686: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 691 attached , child_tidptr=0x55557cd2c690) = 691 [pid 691] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 691] chdir("./58") = 0 [pid 691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 691] setpgid(0, 0) = 0 [pid 691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 691] write(3, "1000", 4) = 4 [pid 691] close(3) = 0 [pid 691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 691] write(1, "executing program\n", 18executing program ) = 18 [pid 691] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 691] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 691] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[692]}, 88) = 692 [pid 691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 692 attached [pid 692] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 692] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] ioctl(3, VHOST_SET_VRING_ADDR [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] <... ioctl resumed>, 0x200000000300) = 0 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] <... ioctl resumed>, 0x200000000140) = 0 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] memfd_create("syzkaller", 0 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 692] <... memfd_create resumed>) = 5 [pid 692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 692] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 692] munmap(0x7f676585d000, 138412032) = 0 [pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 692] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 692] close(5) = 0 [pid 692] close(6) = 0 [pid 692] mkdir("./file0", 0777) = 0 [pid 692] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 692] chdir("./file0") = 0 [pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 692] ioctl(6, LOOP_CLR_FD) = 0 [pid 692] close(6) = 0 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] write(6, "#! ./file1\n", 11) = 11 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] <... mmap resumed>) = 0x200000000000 [pid 692] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 692] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] <... futex resumed>) = 0 [pid 692] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 691] <... futex resumed>) = ? [pid 692] +++ killed by SIGBUS +++ [pid 691] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=691, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 34.846495][ T692] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.878586][ T693] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-692: bg 0: block 234: padding at end of block bitmap is not set umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 697 ./strace-static-x86_64: Process 697 attached [pid 697] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 697] chdir("./59") = 0 [pid 697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 697] setpgid(0, 0) = 0 [pid 697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 697] write(3, "1000", 4) = 4 [pid 697] close(3) = 0 [pid 697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 697] write(1, "executing program\n", 18executing program ) = 18 [pid 697] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 697] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 698 attached [pid 698] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] <... clone3 resumed> => {parent_tid=[698]}, 88) = 698 [pid 697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 698] <... futex resumed>) = 0 [pid 698] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 698] <... futex resumed>) = 0 [pid 698] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 698] <... futex resumed>) = 0 [pid 698] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 698] <... futex resumed>) = 0 [pid 698] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 698] <... futex resumed>) = 0 [pid 698] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 698] <... futex resumed>) = 0 [pid 698] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 698] <... futex resumed>) = 0 [pid 698] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 697] <... futex resumed>) = 1 [pid 698] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 697] <... futex resumed>) = 1 [pid 698] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 697] <... futex resumed>) = 1 [pid 698] memfd_create("syzkaller", 0) = 5 [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 698] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 698] munmap(0x7f676585d000, 138412032) = 0 [pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 698] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 698] close(5) = 0 [pid 698] close(6) = 0 [pid 698] mkdir("./file0", 0777) = 0 [pid 698] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 698] chdir("./file0") = 0 [pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 698] ioctl(6, LOOP_CLR_FD) = 0 [pid 698] close(6) = 0 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] write(6, "#! ./file1\n", 11) = 11 [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 698] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] <... mmap resumed>) = 0x200000000000 [ 35.027182][ T698] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 698] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 697] <... futex resumed>) = ? [pid 698] +++ killed by SIGBUS +++ [pid 697] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=697, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 35.069806][ T699] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-698: bg 0: block 234: padding at end of block bitmap is not set umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 703 ./strace-static-x86_64: Process 703 attached [pid 703] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 703] chdir("./60") = 0 [pid 703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 703] setpgid(0, 0) = 0 [pid 703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 703] write(3, "1000", 4) = 4 [pid 703] close(3) = 0 [pid 703] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 703] write(1, "executing program\n", 18) = 18 [pid 703] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 703] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 703] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 703] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[704]}, 88) = 704 [pid 703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 704 attached [pid 704] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 704] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 704] memfd_create("syzkaller", 0) = 5 [pid 704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 704] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 704] munmap(0x7f676585d000, 138412032) = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 704] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 704] close(5) = 0 [pid 704] close(6) = 0 [pid 704] mkdir("./file0", 0777) = 0 [pid 704] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 704] chdir("./file0") = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 704] ioctl(6, LOOP_CLR_FD) = 0 [pid 704] close(6) = 0 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] write(6, "#! ./file1\n", 11) = 11 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... futex resumed>) = 1 [pid 704] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 704] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 703] <... futex resumed>) = ? [pid 704] +++ killed by SIGBUS +++ [pid 703] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=703, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 35.246483][ T704] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.280517][ T705] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-704: bg 0: block 234: padding at end of block bitmap is not set umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 709 ./strace-static-x86_64: Process 709 attached [pid 709] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 709] chdir("./61") = 0 [pid 709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 709] setpgid(0, 0) = 0 [pid 709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 709] write(3, "1000", 4) = 4 [pid 709] close(3) = 0 [pid 709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 709] write(1, "executing program\n", 18executing program ) = 18 [pid 709] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 709] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 709] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[710]}, 88) = 710 [pid 709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 710 attached [pid 710] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 710] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] eventfd2(118, EFD_SEMAPHORE [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... eventfd2 resumed>) = 4 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 710] memfd_create("syzkaller", 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 710] <... memfd_create resumed>) = 5 [pid 710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 710] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 710] munmap(0x7f676585d000, 138412032) = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 710] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 710] close(5) = 0 [pid 710] close(6) = 0 [pid 710] mkdir("./file0", 0777) = 0 [pid 710] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 710] chdir("./file0") = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 710] ioctl(6, LOOP_CLR_FD) = 0 [pid 710] close(6) = 0 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 710] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 710] write(6, "#! ./file1\n", 11) = 11 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 710] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 710] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 0 [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 709] <... futex resumed>) = ? [pid 710] +++ killed by SIGBUS +++ [pid 709] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=709, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 35.446479][ T710] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.479145][ T711] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-710: bg 0: block 234: padding at end of block bitmap is not set umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 715 ./strace-static-x86_64: Process 715 attached [pid 715] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 715] chdir("./62") = 0 [pid 715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 715] setpgid(0, 0) = 0 [pid 715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 715] write(3, "1000", 4) = 4 [pid 715] close(3) = 0 [pid 715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 715] write(1, "executing program\n", 18executing program ) = 18 [pid 715] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 715] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 715] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 715] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[716]}, 88) = 716 [pid 715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 716 attached [pid 716] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 716] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 716] memfd_create("syzkaller", 0) = 5 [pid 716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 716] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 716] munmap(0x7f676585d000, 138412032) = 0 [pid 716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 716] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 716] close(5) = 0 [pid 716] close(6) = 0 [pid 716] mkdir("./file0", 0777) = 0 [pid 716] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 716] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 716] chdir("./file0") = 0 [pid 716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 716] ioctl(6, LOOP_CLR_FD) = 0 [pid 716] close(6) = 0 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] write(6, "#! ./file1\n", 11) = 11 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 716] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 716] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] <... futex resumed>) = 0 [pid 716] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 715] <... futex resumed>) = ? [pid 716] +++ killed by SIGBUS +++ [pid 715] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=715, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 35.625851][ T716] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.659996][ T717] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-716: bg 0: block 234: padding at end of block bitmap is not set umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 721 ./strace-static-x86_64: Process 721 attached [pid 721] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 721] chdir("./63") = 0 [pid 721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 721] setpgid(0, 0) = 0 [pid 721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 721] write(3, "1000", 4) = 4 [pid 721] close(3) = 0 [pid 721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 721] write(1, "executing program\n", 18executing program ) = 18 [pid 721] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 721] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 721] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 722 attached [pid 722] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 722] rt_sigprocmask(SIG_SETMASK, [], [pid 721] <... clone3 resumed> => {parent_tid=[722]}, 88) = 722 [pid 722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 722] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 722] <... futex resumed>) = 0 [pid 721] <... futex resumed>) = 1 [pid 722] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 722] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 722] <... futex resumed>) = 0 [pid 721] <... futex resumed>) = 1 [pid 722] ioctl(3, VHOST_SET_OWNER [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... ioctl resumed>, 0) = 0 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 722] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 722] <... futex resumed>) = 0 [pid 722] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 0 [pid 722] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 0 [pid 722] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 722] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 722] <... futex resumed>) = 0 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 722] ioctl(3, VHOST_SET_VRING_ERR [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 722] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] <... futex resumed>) = 0 [pid 722] <... futex resumed>) = 0 [pid 722] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 722] <... futex resumed>) = 0 [pid 721] <... futex resumed>) = 1 [pid 722] ioctl(3, VHOST_SET_VRING_ADDR [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... ioctl resumed>, 0x200000000240) = 0 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 722] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 722] <... futex resumed>) = 0 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 722] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 722] <... ioctl resumed>, 0x200000000140) = 0 [pid 721] <... futex resumed>) = 0 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 722] <... futex resumed>) = 0 [pid 721] <... futex resumed>) = 1 [pid 722] memfd_create("syzkaller", 0 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 722] <... memfd_create resumed>) = 5 [pid 722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 722] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 722] munmap(0x7f676585d000, 138412032) = 0 [pid 722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 722] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 722] close(5) = 0 [pid 722] close(6) = 0 [pid 722] mkdir("./file0", 0777) = 0 [pid 722] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 722] chdir("./file0") = 0 [pid 722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 722] ioctl(6, LOOP_CLR_FD) = 0 [pid 722] close(6) = 0 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 1 [pid 722] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 1 [pid 722] write(6, "#! ./file1\n", 11) = 11 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 1 [pid 722] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 722] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 1 [pid 722] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 721] <... futex resumed>) = ? [pid 722] +++ killed by SIGBUS +++ [pid 721] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=721, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 35.843816][ T722] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.875264][ T723] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-722: bg 0: block 234: padding at end of block bitmap is not set umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 727 ./strace-static-x86_64: Process 727 attached [pid 727] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 727] chdir("./64") = 0 [pid 727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 727] setpgid(0, 0) = 0 [pid 727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 727] write(3, "1000", 4) = 4 [pid 727] close(3) = 0 [pid 727] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 727] write(1, "executing program\n", 18) = 18 [pid 727] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 727] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 727] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 727] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[728]}, 88) = 728 [pid 727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 728 attached [pid 728] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 728] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 728] memfd_create("syzkaller", 0) = 5 [pid 728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 728] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 728] munmap(0x7f676585d000, 138412032) = 0 [pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 728] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 728] close(5) = 0 [pid 728] close(6) = 0 [pid 728] mkdir("./file0", 0777) = 0 [pid 728] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 728] chdir("./file0") = 0 [pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 728] ioctl(6, LOOP_CLR_FD) = 0 [pid 728] close(6) = 0 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] write(6, "#! ./file1\n", 11) = 11 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 728] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 728] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 0 [pid 728] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 727] <... futex resumed>) = ? [pid 728] +++ killed by SIGBUS +++ [pid 727] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=727, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 [ 36.016484][ T728] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.049934][ T729] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-728: bg 0: block 234: padding at end of block bitmap is not set umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 733 attached , child_tidptr=0x55557cd2c690) = 733 [pid 733] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 733] chdir("./65") = 0 [pid 733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 733] setpgid(0, 0) = 0 [pid 733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 733] write(3, "1000", 4) = 4 [pid 733] close(3) = 0 [pid 733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 733] write(1, "executing program\n", 18) = 18 executing program [pid 733] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 733] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 733] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[734]}, 88) = 734 [pid 733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 734 attached [pid 734] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 734] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = 1 [pid 734] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 734] memfd_create("syzkaller", 0) = 5 [pid 734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 734] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 734] munmap(0x7f676585d000, 138412032) = 0 [pid 734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 734] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 734] close(5) = 0 [pid 734] close(6) = 0 [pid 734] mkdir("./file0", 0777) = 0 [pid 734] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 734] chdir("./file0") = 0 [pid 734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 734] ioctl(6, LOOP_CLR_FD) = 0 [pid 734] close(6) = 0 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] write(6, "#! ./file1\n", 11) = 11 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 734] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 734] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = 0 [pid 734] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 733] <... futex resumed>) = ? [pid 734] +++ killed by SIGBUS +++ [pid 733] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=733, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 36.182062][ T734] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.216031][ T735] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-734: bg 0: block 234: padding at end of block bitmap is not set umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 739 ./strace-static-x86_64: Process 739 attached [pid 739] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 739] chdir("./66") = 0 [pid 739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 739] setpgid(0, 0) = 0 [pid 739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 739] write(3, "1000", 4) = 4 [pid 739] close(3) = 0 [pid 739] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 739] write(1, "executing program\n", 18) = 18 [pid 739] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 739] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 739] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[740]}, 88) = 740 [pid 739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 740 attached [pid 740] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 740] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 740] memfd_create("syzkaller", 0) = 5 [pid 740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 740] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 740] munmap(0x7f676585d000, 138412032) = 0 [pid 740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 740] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 740] close(5) = 0 [pid 740] close(6) = 0 [pid 740] mkdir("./file0", 0777) = 0 [pid 740] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 740] chdir("./file0") = 0 [pid 740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 740] ioctl(6, LOOP_CLR_FD) = 0 [pid 740] close(6) = 0 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] write(6, "#! ./file1\n", 11) = 11 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 740] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 740] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 0 [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 739] <... futex resumed>) = ? [pid 740] +++ killed by SIGBUS +++ [pid 739] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=739, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 [ 36.366663][ T740] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.401603][ T741] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-740: bg 0: block 234: padding at end of block bitmap is not set umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 745 attached [pid 745] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 745 [pid 745] chdir("./67") = 0 [pid 745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 745] setpgid(0, 0) = 0 [pid 745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 745] write(3, "1000", 4) = 4 [pid 745] close(3) = 0 [pid 745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 745] write(1, "executing program\n", 18executing program ) = 18 [pid 745] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 745] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 746 attached [pid 746] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 746] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] <... clone3 resumed> => {parent_tid=[746]}, 88) = 746 [pid 745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] <... futex resumed>) = 0 [pid 746] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... openat resumed>) = 3 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 746] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] <... futex resumed>) = 0 [pid 746] ioctl(3, VHOST_SET_OWNER [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... ioctl resumed>, 0) = 0 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 746] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 746] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 746] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 746] memfd_create("syzkaller", 0) = 5 [pid 746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 746] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 746] munmap(0x7f676585d000, 138412032) = 0 [pid 746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 746] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 746] close(5) = 0 [pid 746] close(6) = 0 [pid 746] mkdir("./file0", 0777) = 0 [pid 746] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 746] chdir("./file0") = 0 [pid 746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 746] ioctl(6, LOOP_CLR_FD) = 0 [pid 746] close(6) = 0 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] write(6, "#! ./file1\n", 11) = 11 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 746] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... futex resumed>) = 0 [pid 746] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 745] <... futex resumed>) = ? [pid 746] +++ killed by SIGBUS +++ [pid 745] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=745, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 36.545827][ T746] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.578955][ T747] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-746: bg 0: block 234: padding at end of block bitmap is not set umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 751 ./strace-static-x86_64: Process 751 attached [pid 751] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 751] chdir("./68") = 0 [pid 751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 751] setpgid(0, 0) = 0 [pid 751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 751] write(3, "1000", 4) = 4 [pid 751] close(3) = 0 [pid 751] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 751] write(1, "executing program\n", 18) = 18 [pid 751] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 751] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 751] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[752]}, 88) = 752 [pid 751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 752 attached [pid 752] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 752] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 752] memfd_create("syzkaller", 0) = 5 [pid 752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 752] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 752] munmap(0x7f676585d000, 138412032) = 0 [pid 752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 752] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 752] close(5) = 0 [pid 752] close(6) = 0 [pid 752] mkdir("./file0", 0777) = 0 [pid 752] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 752] chdir("./file0") = 0 [pid 752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 752] ioctl(6, LOOP_CLR_FD) = 0 [pid 752] close(6) = 0 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] write(6, "#! ./file1\n", 11) = 11 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 752] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 752] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... futex resumed>) = 0 [pid 752] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 751] <... futex resumed>) = ? [pid 752] +++ killed by SIGBUS +++ [pid 751] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=751, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 [ 36.736685][ T752] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.770585][ T753] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-752: bg 0: block 234: padding at end of block bitmap is not set umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 757 ./strace-static-x86_64: Process 757 attached [pid 757] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 757] chdir("./69") = 0 [pid 757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 757] setpgid(0, 0) = 0 [pid 757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 757] write(3, "1000", 4) = 4 [pid 757] close(3) = 0 [pid 757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 757] write(1, "executing program\n", 18executing program ) = 18 [pid 757] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 757] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 757] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[758]}, 88) = 758 [pid 757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 758 attached [pid 758] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 758] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 758] memfd_create("syzkaller", 0) = 5 [pid 758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 758] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 758] munmap(0x7f676585d000, 138412032) = 0 [pid 758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 758] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 758] close(5) = 0 [pid 758] close(6) = 0 [pid 758] mkdir("./file0", 0777) = 0 [pid 758] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 758] chdir("./file0") = 0 [pid 758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 758] ioctl(6, LOOP_CLR_FD) = 0 [pid 758] close(6) = 0 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] write(6, "#! ./file1\n", 11) = 11 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 758] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... futex resumed>) = 0 [pid 758] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 757] <... futex resumed>) = ? [pid 758] +++ killed by SIGBUS +++ [pid 757] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=757, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 [ 36.906538][ T758] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.939483][ T759] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-758: bg 0: block 234: padding at end of block bitmap is not set umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 763 ./strace-static-x86_64: Process 763 attached [pid 763] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 763] chdir("./70") = 0 [pid 763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 763] setpgid(0, 0) = 0 [pid 763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 763] write(3, "1000", 4) = 4 [pid 763] close(3) = 0 [pid 763] symlink("/dev/binderfs", "./binderfs") = 0 [pid 763] write(1, "executing program\n", 18executing program ) = 18 [pid 763] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 763] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 763] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 764 attached => {parent_tid=[764]}, 88) = 764 [pid 764] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 764] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 764] <... futex resumed>) = 0 [pid 764] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 764] <... futex resumed>) = 0 [pid 764] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 764] <... futex resumed>) = 0 [pid 764] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 764] <... futex resumed>) = 0 [pid 764] ioctl(3, VHOST_SET_MEM_TABLE [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] <... ioctl resumed>, 0x200000003380) = 0 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 764] eventfd2(118, EFD_SEMAPHORE [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 764] <... eventfd2 resumed>) = 4 [pid 763] <... futex resumed>) = 0 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] <... futex resumed>) = 0 [pid 763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 764] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 764] ioctl(3, VHOST_SET_VRING_ERR [pid 763] <... futex resumed>) = 0 [pid 764] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 764] ioctl(3, VHOST_SET_VRING_ADDR [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] <... ioctl resumed>, 0x200000000240) = 0 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 764] ioctl(3, VHOST_SET_VRING_KICK [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 764] <... ioctl resumed>, 0x200000000000) = 0 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 764] <... futex resumed>) = 0 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 764] <... futex resumed>) = 0 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 764] memfd_create("syzkaller", 0 [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 764] <... memfd_create resumed>) = 5 [pid 763] <... futex resumed>) = 0 [pid 764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 764] <... mmap resumed>) = 0x7f676585d000 [pid 764] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 764] munmap(0x7f676585d000, 138412032) = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 764] close(5) = 0 [pid 764] close(6) = 0 [pid 764] mkdir("./file0", 0777) = 0 [pid 764] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 764] chdir("./file0") = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_CLR_FD) = 0 [pid 764] close(6) = 0 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] <... futex resumed>) = 1 [pid 764] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 764] write(6, "#! ./file1\n", 11 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] <... write resumed>) = 11 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 764] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] <... futex resumed>) = 1 [pid 764] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 763] <... futex resumed>) = ? [pid 764] +++ killed by SIGBUS +++ [pid 763] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=763, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 37.116733][ T764] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.148637][ T765] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-764: bg 0: block 234: padding at end of block bitmap is not set umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 769 ./strace-static-x86_64: Process 769 attached [pid 769] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 769] chdir("./71") = 0 [pid 769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 769] setpgid(0, 0) = 0 [pid 769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 769] write(3, "1000", 4) = 4 [pid 769] close(3) = 0 [pid 769] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 769] write(1, "executing program\n", 18) = 18 [pid 769] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 769] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[770]}, 88) = 770 [pid 769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 770 attached [pid 770] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 770] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 770] ioctl(3, VHOST_SET_OWNER [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] <... ioctl resumed>, 0) = 0 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 770] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] <... ioctl resumed>, 0x200000000140) = 0 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 770] memfd_create("syzkaller", 0 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 770] <... memfd_create resumed>) = 5 [pid 770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 770] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 770] munmap(0x7f676585d000, 138412032) = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 770] close(5) = 0 [pid 770] close(6) = 0 [pid 770] mkdir("./file0", 0777) = 0 [pid 770] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 770] chdir("./file0") = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_CLR_FD) = 0 [pid 770] close(6) = 0 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] write(6, "#! ./file1\n", 11) = 11 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 770] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 769] <... futex resumed>) = ? [pid 770] +++ killed by SIGBUS +++ [pid 769] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=769, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 37.285906][ T770] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.319211][ T771] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-770: bg 0: block 234: padding at end of block bitmap is not set umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 775 ./strace-static-x86_64: Process 775 attached [pid 775] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 775] chdir("./72") = 0 [pid 775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 775] setpgid(0, 0) = 0 [pid 775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 775] write(3, "1000", 4) = 4 [pid 775] close(3) = 0 [pid 775] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 775] write(1, "executing program\n", 18) = 18 [pid 775] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 775] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 775] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 776 attached => {parent_tid=[776]}, 88) = 776 [pid 776] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 776] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 776] <... futex resumed>) = 0 [pid 775] <... futex resumed>) = 1 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 776] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 776] <... futex resumed>) = 0 [pid 775] <... futex resumed>) = 1 [pid 776] ioctl(3, VHOST_SET_OWNER [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] <... ioctl resumed>, 0) = 0 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 776] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 776] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 776] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 776] memfd_create("syzkaller", 0) = 5 [pid 776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 776] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 776] munmap(0x7f676585d000, 138412032) = 0 [pid 776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 776] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 776] close(5) = 0 [pid 776] close(6) = 0 [pid 776] mkdir("./file0", 0777) = 0 [pid 776] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 776] chdir("./file0") = 0 [pid 776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 776] ioctl(6, LOOP_CLR_FD) = 0 [pid 776] close(6) = 0 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 776] write(6, "#! ./file1\n", 11 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] <... write resumed>) = 11 [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 37.465844][ T776] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 776] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] <... futex resumed>) = 1 [pid 776] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 775] <... futex resumed>) = ? [pid 776] +++ killed by SIGBUS +++ [pid 775] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=775, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 [ 37.511279][ T777] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-776: bg 0: block 234: padding at end of block bitmap is not set getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 781 ./strace-static-x86_64: Process 781 attached [pid 781] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 781] chdir("./73") = 0 [pid 781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 781] setpgid(0, 0) = 0 [pid 781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 781] write(3, "1000", 4) = 4 [pid 781] close(3) = 0 [pid 781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 781] write(1, "executing program\n", 18executing program ) = 18 [pid 781] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 781] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[782]}, 88) = 782 [pid 781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 782 attached [pid 782] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 782] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 782] memfd_create("syzkaller", 0) = 5 [pid 782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 782] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 782] munmap(0x7f676585d000, 138412032) = 0 [pid 782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 782] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 782] close(5) = 0 [pid 782] close(6) = 0 [pid 782] mkdir("./file0", 0777) = 0 [pid 782] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 782] chdir("./file0") = 0 [pid 782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 782] ioctl(6, LOOP_CLR_FD) = 0 [pid 782] close(6) = 0 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] write(6, "#! ./file1\n", 11) = 11 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 782] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 782] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] <... futex resumed>) = 0 [pid 782] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 781] <... futex resumed>) = ? [pid 782] +++ killed by SIGBUS +++ [pid 781] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=781, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 37.626515][ T782] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.660921][ T783] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-782: bg 0: block 234: padding at end of block bitmap is not set umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 787 attached , child_tidptr=0x55557cd2c690) = 787 [pid 787] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 787] chdir("./74") = 0 [pid 787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 787] setpgid(0, 0) = 0 [pid 787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 787] write(3, "1000", 4) = 4 [pid 787] close(3) = 0 [pid 787] symlink("/dev/binderfs", "./binderfs") = 0 [pid 787] write(1, "executing program\n", 18executing program ) = 18 [pid 787] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 787] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 787] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 787] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 787] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 788 attached [pid 788] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 788] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] <... clone3 resumed> => {parent_tid=[788]}, 88) = 788 [pid 787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 788] <... futex resumed>) = 0 [pid 788] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] <... futex resumed>) = 0 [pid 787] <... futex resumed>) = 1 [pid 788] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 788] <... futex resumed>) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 788] <... futex resumed>) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 788] eventfd2(118, EFD_SEMAPHORE [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] <... eventfd2 resumed>) = 4 [pid 787] <... futex resumed>) = 0 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] ioctl(3, VHOST_SET_VRING_ERR [pid 787] <... futex resumed>) = 0 [pid 788] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 788] ioctl(3, VHOST_SET_VRING_ADDR [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] <... ioctl resumed>, 0x200000000240) = 0 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 788] <... futex resumed>) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] <... futex resumed>) = 0 [pid 787] <... futex resumed>) = 1 [pid 788] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 788] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] <... ioctl resumed>, 0x200000000140) = 0 [pid 787] <... futex resumed>) = 0 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... futex resumed>) = 0 [pid 787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 788] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 787] <... futex resumed>) = 0 [pid 788] memfd_create("syzkaller", 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 788] <... memfd_create resumed>) = 5 [pid 788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 788] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 788] munmap(0x7f676585d000, 138412032) = 0 [pid 788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 788] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 788] close(5) = 0 [pid 788] close(6) = 0 [pid 788] mkdir("./file0", 0777) = 0 [pid 788] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 788] chdir("./file0") = 0 [pid 788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 788] ioctl(6, LOOP_CLR_FD) = 0 [pid 788] close(6) = 0 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... futex resumed>) = 1 [pid 788] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... futex resumed>) = 1 [pid 788] write(6, "#! ./file1\n", 11) = 11 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... futex resumed>) = 1 [pid 788] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 788] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... futex resumed>) = 1 [pid 788] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 787] <... futex resumed>) = ? [pid 788] +++ killed by SIGBUS +++ [pid 787] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=787, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 37.766764][ T788] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.798590][ T789] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-788: bg 0: block 234: padding at end of block bitmap is not set umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 793 ./strace-static-x86_64: Process 793 attached [pid 793] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 793] chdir("./75") = 0 [pid 793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 793] setpgid(0, 0) = 0 [pid 793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 793] write(3, "1000", 4) = 4 [pid 793] close(3) = 0 [pid 793] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 793] write(1, "executing program\n", 18) = 18 [pid 793] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 793] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 793] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[794]}, 88) = 794 [pid 793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 794 attached [pid 794] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 794] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... futex resumed>) = 0 [pid 794] <... futex resumed>) = 1 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 794] <... futex resumed>) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 794] memfd_create("syzkaller", 0) = 5 [pid 794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 794] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 794] munmap(0x7f676585d000, 138412032) = 0 [pid 794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 794] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 794] close(5) = 0 [pid 794] close(6) = 0 [pid 794] mkdir("./file0", 0777) = 0 [pid 794] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 794] chdir("./file0") = 0 [pid 794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 794] ioctl(6, LOOP_CLR_FD) = 0 [pid 794] close(6) = 0 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] <... futex resumed>) = 1 [pid 794] write(6, "#! ./file1\n", 11) = 11 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 794] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 794] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] <... futex resumed>) = 0 [pid 794] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 793] <... futex resumed>) = ? [pid 794] +++ killed by SIGBUS +++ [pid 793] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=793, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 [ 37.976513][ T794] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.009943][ T795] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-794: bg 0: block 234: padding at end of block bitmap is not set umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 799 ./strace-static-x86_64: Process 799 attached [pid 799] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 799] chdir("./76") = 0 [pid 799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 799] setpgid(0, 0) = 0 [pid 799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 799] write(3, "1000", 4) = 4 [pid 799] close(3) = 0 [pid 799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 799] write(1, "executing program\n", 18executing program ) = 18 [pid 799] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 799] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 799] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 799] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[800]}, 88) = 800 [pid 799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 800 attached [pid 800] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 800] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 800] memfd_create("syzkaller", 0) = 5 [pid 800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 800] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 800] munmap(0x7f676585d000, 138412032) = 0 [pid 800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 800] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 800] close(5) = 0 [pid 800] close(6) = 0 [pid 800] mkdir("./file0", 0777) = 0 [pid 800] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 800] chdir("./file0") = 0 [pid 800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 800] ioctl(6, LOOP_CLR_FD) = 0 [pid 800] close(6) = 0 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] write(6, "#! ./file1\n", 11) = 11 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 800] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 800] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... futex resumed>) = 0 [pid 800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 799] <... futex resumed>) = ? [pid 800] +++ killed by SIGBUS +++ [pid 799] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=799, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 [ 38.155409][ T800] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.188250][ T801] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-800: bg 0: block 234: padding at end of block bitmap is not set umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 805 ./strace-static-x86_64: Process 805 attached [pid 805] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 805] chdir("./77") = 0 [pid 805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 805] setpgid(0, 0) = 0 [pid 805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 805] write(3, "1000", 4) = 4 [pid 805] close(3) = 0 [pid 805] symlink("/dev/binderfs", "./binderfs") = 0 [pid 805] write(1, "executing program\n", 18executing program ) = 18 [pid 805] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 805] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 805] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 805] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 805] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[806]}, 88) = 806 [pid 805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 806 attached [pid 806] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 806] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 806] memfd_create("syzkaller", 0) = 5 [pid 806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 806] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 806] munmap(0x7f676585d000, 138412032) = 0 [pid 806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 806] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 806] close(5) = 0 [pid 806] close(6) = 0 [pid 806] mkdir("./file0", 0777) = 0 [pid 806] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 806] chdir("./file0") = 0 [pid 806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 806] ioctl(6, LOOP_CLR_FD) = 0 [pid 806] close(6) = 0 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 806] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] <... openat resumed>) = 6 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] write(6, "#! ./file1\n", 11) = 11 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 806] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 805] <... futex resumed>) = ? [pid 806] +++ killed by SIGBUS +++ [pid 805] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=805, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 38.321281][ T806] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.354461][ T807] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-806: bg 0: block 234: padding at end of block bitmap is not set umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 811 attached [pid 811] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 811] chdir("./78") = 0 [pid 811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 811] setpgid(0, 0) = 0 [pid 811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 811] write(3, "1000", 4) = 4 [pid 811] close(3) = 0 [pid 811] symlink("/dev/binderfs", "./binderfs"executing program [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 811 [pid 811] <... symlink resumed>) = 0 [pid 811] write(1, "executing program\n", 18) = 18 [pid 811] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 811] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 811] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 811] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 811] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[812]}, 88) = 812 [pid 811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 812 attached [pid 812] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 812] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 812] memfd_create("syzkaller", 0) = 5 [pid 812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 812] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 812] munmap(0x7f676585d000, 138412032) = 0 [pid 812] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 812] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 812] close(5) = 0 [pid 812] close(6) = 0 [pid 812] mkdir("./file0", 0777) = 0 [pid 812] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 812] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 812] chdir("./file0") = 0 [pid 812] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 812] ioctl(6, LOOP_CLR_FD) = 0 [pid 812] close(6) = 0 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] write(6, "#! ./file1\n", 11) = 11 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 812] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 812] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 811] <... futex resumed>) = 0 [pid 811] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 811] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] <... futex resumed>) = 0 [pid 812] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 811] <... futex resumed>) = ? [pid 812] +++ killed by SIGBUS +++ [pid 811] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=811, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 38.496666][ T812] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.529406][ T813] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-812: bg 0: block 234: padding at end of block bitmap is not set umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 817 ./strace-static-x86_64: Process 817 attached [pid 817] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 817] chdir("./79") = 0 [pid 817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 817] setpgid(0, 0) = 0 [pid 817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 817] write(3, "1000", 4) = 4 [pid 817] close(3) = 0 [pid 817] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 817] write(1, "executing program\n", 18) = 18 [pid 817] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 817] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 817] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[818]}, 88) = 818 [pid 817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 818 attached [pid 818] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 818] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 818] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 818] memfd_create("syzkaller", 0) = 5 [pid 818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 818] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 818] munmap(0x7f676585d000, 138412032) = 0 [pid 818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 818] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 818] close(5) = 0 [pid 818] close(6) = 0 [pid 818] mkdir("./file0", 0777) = 0 [pid 818] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 818] chdir("./file0") = 0 [pid 818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 818] ioctl(6, LOOP_CLR_FD) = 0 [pid 818] close(6) = 0 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] write(6, "#! ./file1\n", 11) = 11 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 818] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 818] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 817] <... futex resumed>) = 0 [pid 817] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] <... futex resumed>) = 0 [pid 818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 817] <... futex resumed>) = ? [pid 818] +++ killed by SIGBUS +++ [pid 817] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=817, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 [ 38.656455][ T818] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.689904][ T819] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-818: bg 0: block 234: padding at end of block bitmap is not set umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 823 ./strace-static-x86_64: Process 823 attached [pid 823] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 823] chdir("./80") = 0 [pid 823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 823] setpgid(0, 0) = 0 [pid 823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 823] write(3, "1000", 4) = 4 [pid 823] close(3) = 0 [pid 823] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 823] write(1, "executing program\n", 18) = 18 [pid 823] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 823] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 823] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 823] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 823] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[824]}, 88) = 824 [pid 823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 824 attached [pid 824] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 824] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 824] memfd_create("syzkaller", 0) = 5 [pid 824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 824] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 824] munmap(0x7f676585d000, 138412032) = 0 [pid 824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 824] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 824] close(5) = 0 [pid 824] close(6) = 0 [pid 824] mkdir("./file0", 0777) = 0 [pid 824] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 824] chdir("./file0") = 0 [pid 824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 824] ioctl(6, LOOP_CLR_FD) = 0 [pid 824] close(6) = 0 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] write(6, "#! ./file1\n", 11) = 11 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 824] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 824] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 823] <... futex resumed>) = 0 [pid 823] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 823] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] <... futex resumed>) = 0 [pid 824] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 823] <... futex resumed>) = ? [pid 824] +++ killed by SIGBUS +++ [pid 823] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=823, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 [ 38.826437][ T824] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.858924][ T825] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-824: bg 0: block 234: padding at end of block bitmap is not set umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 829 ./strace-static-x86_64: Process 829 attached [pid 829] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 829] chdir("./81") = 0 [pid 829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 829] setpgid(0, 0) = 0 [pid 829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 829] write(3, "1000", 4) = 4 [pid 829] close(3) = 0 [pid 829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 829] write(1, "executing program\n", 18executing program ) = 18 [pid 829] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 829] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 829] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 830 attached [pid 830] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] <... clone3 resumed> => {parent_tid=[830]}, 88) = 830 [pid 829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 830] <... futex resumed>) = 0 [pid 830] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 830] <... futex resumed>) = 0 [pid 830] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 830] <... futex resumed>) = 0 [pid 830] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 830] <... futex resumed>) = 0 [pid 830] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 830] <... futex resumed>) = 0 [pid 830] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 830] <... futex resumed>) = 0 [pid 830] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 830] <... futex resumed>) = 0 [pid 830] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 830] <... futex resumed>) = 0 [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 830] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 829] <... futex resumed>) = 1 [pid 830] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 829] <... futex resumed>) = 1 [pid 830] memfd_create("syzkaller", 0 [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 830] <... memfd_create resumed>) = 5 [pid 830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 830] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 830] munmap(0x7f676585d000, 138412032) = 0 [pid 830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 830] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 830] close(5) = 0 [pid 830] close(6) = 0 [pid 830] mkdir("./file0", 0777) = 0 [pid 830] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 830] chdir("./file0") = 0 [pid 830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 830] ioctl(6, LOOP_CLR_FD) = 0 [pid 830] close(6) = 0 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 829] <... futex resumed>) = 0 [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 830] <... futex resumed>) = 1 [pid 830] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 829] <... futex resumed>) = 0 [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 830] <... futex resumed>) = 1 [pid 830] write(6, "#! ./file1\n", 11) = 11 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 829] <... futex resumed>) = 0 [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 830] <... futex resumed>) = 1 [pid 830] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 830] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 829] <... futex resumed>) = 0 [pid 829] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 829] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 830] <... futex resumed>) = 1 [pid 830] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 829] <... futex resumed>) = ? [pid 830] +++ killed by SIGBUS +++ [pid 829] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=829, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 38.996502][ T830] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.027447][ T831] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-830: bg 0: block 234: padding at end of block bitmap is not set umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 835 ./strace-static-x86_64: Process 835 attached [pid 835] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 835] chdir("./82") = 0 [pid 835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 835] setpgid(0, 0) = 0 [pid 835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 835] write(3, "1000", 4) = 4 [pid 835] close(3) = 0 [pid 835] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 835] write(1, "executing program\n", 18) = 18 [pid 835] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 835] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 835] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 836 attached [pid 836] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 836] rt_sigprocmask(SIG_SETMASK, [], [pid 835] <... clone3 resumed> => {parent_tid=[836]}, 88) = 836 [pid 836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 836] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] <... futex resumed>) = 0 [pid 835] <... futex resumed>) = 1 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] eventfd2(118, EFD_SEMAPHORE [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] <... eventfd2 resumed>) = 4 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 836] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 836] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 836] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] <... futex resumed>) = 0 [pid 835] <... futex resumed>) = 1 [pid 836] ioctl(3, VHOST_SET_VRING_KICK [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] <... ioctl resumed>, 0x200000000000) = 0 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 836] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] <... ioctl resumed>, 0x200000000140) = 0 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 836] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 836] memfd_create("syzkaller", 0) = 5 [pid 836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 836] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 836] munmap(0x7f676585d000, 138412032) = 0 [pid 836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 836] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 836] close(5) = 0 [pid 836] close(6) = 0 [pid 836] mkdir("./file0", 0777) = 0 [pid 836] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 836] chdir("./file0") = 0 [pid 836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 836] ioctl(6, LOOP_CLR_FD) = 0 [pid 836] close(6) = 0 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] <... futex resumed>) = 1 [pid 836] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] write(6, "#! ./file1\n", 11) = 11 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 836] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 39.216467][ T836] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 836] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 835] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] <... futex resumed>) = 0 [pid 836] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 835] <... futex resumed>) = ? [pid 836] +++ killed by SIGBUS +++ [pid 835] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=835, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 [ 39.260491][ T837] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-836: bg 0: block 234: padding at end of block bitmap is not set umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 841 ./strace-static-x86_64: Process 841 attached [pid 841] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 841] chdir("./83") = 0 [pid 841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 841] setpgid(0, 0) = 0 [pid 841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 841] write(3, "1000", 4) = 4 [pid 841] close(3) = 0 [pid 841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 841] write(1, "executing program\n", 18executing program ) = 18 [pid 841] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 841] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 842 attached => {parent_tid=[842]}, 88) = 842 [pid 842] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 842] <... futex resumed>) = 0 [pid 842] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 842] <... futex resumed>) = 0 [pid 842] ioctl(3, VHOST_SET_OWNER [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] <... ioctl resumed>, 0) = 0 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 842] <... futex resumed>) = 0 [pid 842] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 842] <... futex resumed>) = 0 [pid 842] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 842] <... futex resumed>) = 0 [pid 842] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 842] <... futex resumed>) = 0 [pid 842] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 842] <... futex resumed>) = 0 [pid 842] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 842] <... futex resumed>) = 0 [pid 842] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 842] <... futex resumed>) = 0 [pid 841] <... futex resumed>) = 1 [pid 842] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 842] <... futex resumed>) = 0 [pid 841] <... futex resumed>) = 1 [pid 842] memfd_create("syzkaller", 0) = 5 [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 842] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 842] munmap(0x7f676585d000, 138412032) = 0 [pid 842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 842] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 842] close(5) = 0 [pid 842] close(6) = 0 [pid 842] mkdir("./file0", 0777) = 0 [pid 842] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 842] chdir("./file0") = 0 [pid 842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 842] ioctl(6, LOOP_CLR_FD) = 0 [pid 842] close(6) = 0 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 841] <... futex resumed>) = 0 [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] <... futex resumed>) = 1 [pid 842] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 841] <... futex resumed>) = 0 [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] <... futex resumed>) = 1 [pid 842] write(6, "#! ./file1\n", 11) = 11 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 841] <... futex resumed>) = 0 [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] <... futex resumed>) = 1 [pid 842] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 842] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 841] <... futex resumed>) = 0 [pid 841] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] <... futex resumed>) = 1 [ 39.436344][ T842] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 842] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 841] <... futex resumed>) = ? [pid 842] +++ killed by SIGBUS +++ [pid 841] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=841, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 [ 39.480497][ T843] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-842: bg 0: block 234: padding at end of block bitmap is not set umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 847 ./strace-static-x86_64: Process 847 attached [pid 847] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 847] chdir("./84") = 0 [pid 847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 847] setpgid(0, 0) = 0 [pid 847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 847] write(3, "1000", 4) = 4 [pid 847] close(3) = 0 [pid 847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 847] write(1, "executing program\n", 18executing program ) = 18 [pid 847] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 847] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[848]}, 88) = 848 [pid 847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 848 attached [pid 848] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 848] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 848] ioctl(3, VHOST_SET_VRING_KICK [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] <... ioctl resumed>, 0x200000000000) = 0 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] memfd_create("syzkaller", 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 848] <... memfd_create resumed>) = 5 [pid 848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 848] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 848] munmap(0x7f676585d000, 138412032) = 0 [pid 848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 848] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 848] close(5) = 0 [pid 848] close(6) = 0 [pid 848] mkdir("./file0", 0777) = 0 [pid 848] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 848] chdir("./file0") = 0 [pid 848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 848] ioctl(6, LOOP_CLR_FD) = 0 [pid 848] close(6) = 0 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 848] write(6, "#! ./file1\n", 11 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] <... write resumed>) = 11 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 848] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 847] <... futex resumed>) = 0 [pid 847] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 847] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] <... futex resumed>) = 0 [pid 848] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 847] <... futex resumed>) = ? [pid 848] +++ killed by SIGBUS +++ [pid 847] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=847, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 [ 39.646494][ T848] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.678450][ T849] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-848: bg 0: block 234: padding at end of block bitmap is not set umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 853 ./strace-static-x86_64: Process 853 attached [pid 853] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 853] chdir("./85") = 0 [pid 853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 853] setpgid(0, 0) = 0 [pid 853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 853] write(3, "1000", 4) = 4 [pid 853] close(3) = 0 [pid 853] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 853] write(1, "executing program\n", 18) = 18 [pid 853] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 853] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 853] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 853] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 853] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 854 attached => {parent_tid=[854]}, 88) = 854 [pid 853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 854] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 854] memfd_create("syzkaller", 0) = 5 [pid 854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 854] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 854] munmap(0x7f676585d000, 138412032) = 0 [pid 854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 854] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 854] close(5) = 0 [pid 854] close(6) = 0 [pid 854] mkdir("./file0", 0777) = 0 [pid 854] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 854] chdir("./file0") = 0 [pid 854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 854] ioctl(6, LOOP_CLR_FD) = 0 [pid 854] close(6) = 0 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 854] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] <... openat resumed>) = 6 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 854] write(6, "#! ./file1\n", 11 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] <... write resumed>) = 11 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 854] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 854] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 853] <... futex resumed>) = 0 [pid 853] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 854] <... futex resumed>) = 0 [pid 853] <... futex resumed>) = 1 [pid 853] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 853] <... futex resumed>) = ? [pid 854] +++ killed by SIGBUS +++ [pid 853] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=853, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 [ 39.793752][ T854] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.822194][ T855] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-854: bg 0: block 234: padding at end of block bitmap is not set umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 859 attached [pid 859] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 859 [pid 859] chdir("./86") = 0 [pid 859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 859] setpgid(0, 0) = 0 [pid 859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 859] write(3, "1000", 4) = 4 [pid 859] close(3) = 0 [pid 859] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 859] write(1, "executing program\n", 18) = 18 [pid 859] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 859] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 859] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 859] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 860 attached [pid 860] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 860] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 859] <... clone3 resumed> => {parent_tid=[860]}, 88) = 860 [pid 859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] <... futex resumed>) = 0 [pid 859] <... futex resumed>) = 1 [pid 860] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 860] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] <... futex resumed>) = 0 [pid 859] <... futex resumed>) = 1 [pid 860] ioctl(3, VHOST_SET_OWNER [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] <... ioctl resumed>, 0) = 0 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 860] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 860] <... futex resumed>) = 0 [pid 860] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 860] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 860] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 859] <... futex resumed>) = 0 [pid 860] eventfd2(118, EFD_SEMAPHORE [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] <... eventfd2 resumed>) = 4 [pid 859] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 859] <... futex resumed>) = 0 [pid 860] ioctl(3, VHOST_SET_VRING_ERR [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 859] <... futex resumed>) = 0 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 860] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 860] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 860] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 859] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 860] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 859] <... futex resumed>) = 0 [pid 860] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] <... ioctl resumed>, 0x200000000140) = 0 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 860] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 859] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] <... futex resumed>) = 0 [pid 859] <... futex resumed>) = 1 [pid 860] memfd_create("syzkaller", 0 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 860] <... memfd_create resumed>) = 5 [pid 860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 860] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 860] munmap(0x7f676585d000, 138412032) = 0 [pid 860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 860] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 860] close(5) = 0 [pid 860] close(6) = 0 [pid 860] mkdir("./file0", 0777) = 0 [pid 860] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 860] chdir("./file0") = 0 [pid 860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 860] ioctl(6, LOOP_CLR_FD) = 0 [pid 860] close(6) = 0 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 859] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 859] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] write(6, "#! ./file1\n", 11) = 11 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 859] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 860] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 860] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 859] <... futex resumed>) = 0 [pid 859] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 859] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] <... futex resumed>) = 0 [pid 860] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 859] <... futex resumed>) = ? [pid 860] +++ killed by SIGBUS +++ [pid 859] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=859, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 [ 39.956409][ T860] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.987519][ T861] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-860: bg 0: block 234: padding at end of block bitmap is not set umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 865 ./strace-static-x86_64: Process 865 attached [pid 865] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 865] chdir("./87") = 0 [pid 865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 865] setpgid(0, 0) = 0 [pid 865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 865] write(3, "1000", 4) = 4 [pid 865] close(3) = 0 [pid 865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 865] write(1, "executing program\n", 18executing program ) = 18 [pid 865] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 865] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 865] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 865] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 866 attached => {parent_tid=[866]}, 88) = 866 [pid 866] set_robust_list(0x7f676dc7d9a0, 24 [pid 865] rt_sigprocmask(SIG_SETMASK, [], [pid 866] <... set_robust_list resumed>) = 0 [pid 866] rt_sigprocmask(SIG_SETMASK, [], [pid 865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 866] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 866] memfd_create("syzkaller", 0) = 5 [pid 866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 866] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 866] munmap(0x7f676585d000, 138412032) = 0 [pid 866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 866] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 866] close(5) = 0 [pid 866] close(6) = 0 [pid 866] mkdir("./file0", 0777) = 0 [pid 866] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 866] chdir("./file0") = 0 [pid 866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 866] ioctl(6, LOOP_CLR_FD) = 0 [pid 866] close(6) = 0 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] write(6, "#! ./file1\n", 11) = 11 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 866] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 866] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 865] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] <... futex resumed>) = 0 [pid 866] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 865] <... futex resumed>) = ? [pid 866] +++ killed by SIGBUS +++ [pid 865] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=865, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 [ 40.166492][ T866] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.199847][ T867] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-866: bg 0: block 234: padding at end of block bitmap is not set umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 871 ./strace-static-x86_64: Process 871 attached [pid 871] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 871] chdir("./88") = 0 [pid 871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 871] setpgid(0, 0) = 0 [pid 871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 871] write(3, "1000", 4) = 4 [pid 871] close(3) = 0 [pid 871] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 871] write(1, "executing program\n", 18) = 18 [pid 871] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 871] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 872 attached => {parent_tid=[872]}, 88) = 872 [pid 872] set_robust_list(0x7f676dc7d9a0, 24 [pid 871] rt_sigprocmask(SIG_SETMASK, [], [pid 872] <... set_robust_list resumed>) = 0 [pid 872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 872] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 872] <... futex resumed>) = 0 [pid 872] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 872] <... futex resumed>) = 0 [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 871] <... futex resumed>) = 0 [pid 872] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] <... futex resumed>) = 0 [pid 871] <... futex resumed>) = 1 [pid 872] ioctl(3, VHOST_SET_VRING_ADDR [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] <... ioctl resumed>, 0x200000000300) = 0 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 872] <... futex resumed>) = 0 [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] ioctl(3, VHOST_SET_MEM_TABLE [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] <... ioctl resumed>, 0x200000003380) = 0 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 871] <... futex resumed>) = 0 [pid 872] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 871] <... futex resumed>) = 0 [pid 872] eventfd2(118, EFD_SEMAPHORE [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] <... eventfd2 resumed>) = 4 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 872] ioctl(3, VHOST_SET_VRING_ERR [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 871] <... futex resumed>) = 0 [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] <... futex resumed>) = 0 [pid 872] ioctl(3, VHOST_SET_VRING_ADDR [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] <... ioctl resumed>, 0x200000000240) = 0 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 872] <... futex resumed>) = 0 [pid 872] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 871] <... futex resumed>) = 0 [pid 872] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 872] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] <... futex resumed>) = 0 [pid 871] <... futex resumed>) = 1 [pid 872] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 871] <... futex resumed>) = 0 [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] memfd_create("syzkaller", 0 [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 872] <... memfd_create resumed>) = 5 [pid 872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 872] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 872] munmap(0x7f676585d000, 138412032) = 0 [pid 872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 872] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 872] close(5) = 0 [pid 872] close(6) = 0 [pid 872] mkdir("./file0", 0777) = 0 [pid 872] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 872] chdir("./file0") = 0 [pid 872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 872] ioctl(6, LOOP_CLR_FD) = 0 [pid 872] close(6) = 0 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 871] <... futex resumed>) = 0 [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 871] <... futex resumed>) = 0 [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] write(6, "#! ./file1\n", 11) = 11 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 871] <... futex resumed>) = 0 [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 872] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 872] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 871] <... futex resumed>) = 0 [pid 871] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 871] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] <... futex resumed>) = 0 [pid 872] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 871] <... futex resumed>) = ? [pid 872] +++ killed by SIGBUS +++ [pid 871] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=871, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 [ 40.406526][ T872] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.439690][ T873] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-872: bg 0: block 234: padding at end of block bitmap is not set umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 877 ./strace-static-x86_64: Process 877 attached [pid 877] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 877] chdir("./89") = 0 [pid 877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 877] setpgid(0, 0) = 0 [pid 877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 877] write(3, "1000", 4) = 4 [pid 877] close(3) = 0 [pid 877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 877] write(1, "executing program\n", 18executing program ) = 18 [pid 877] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 877] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 877] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[878]}, 88) = 878 [pid 877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 878 attached [pid 878] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 878] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 878] ioctl(3, VHOST_SET_MEM_TABLE [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] <... ioctl resumed>, 0x200000003380) = 0 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 878] memfd_create("syzkaller", 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 878] <... memfd_create resumed>) = 5 [pid 878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 878] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 878] munmap(0x7f676585d000, 138412032) = 0 [pid 878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 878] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 878] close(5) = 0 [pid 878] close(6) = 0 [pid 878] mkdir("./file0", 0777) = 0 [pid 878] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 878] chdir("./file0") = 0 [pid 878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 878] ioctl(6, LOOP_CLR_FD) = 0 [pid 878] close(6) = 0 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] write(6, "#! ./file1\n", 11) = 11 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 878] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 878] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] <... futex resumed>) = 0 [pid 878] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 877] <... futex resumed>) = ? [pid 878] +++ killed by SIGBUS +++ [pid 877] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=877, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 40.570764][ T878] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.604315][ T879] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-878: bg 0: block 234: padding at end of block bitmap is not set umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 883 attached , child_tidptr=0x55557cd2c690) = 883 [pid 883] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 883] chdir("./90") = 0 [pid 883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 883] setpgid(0, 0) = 0 [pid 883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 883] write(3, "1000", 4) = 4 [pid 883] close(3) = 0 [pid 883] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 883] write(1, "executing program\n", 18) = 18 [pid 883] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 883] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[884]}, 88) = 884 [pid 883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 884 attached [pid 884] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 884] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 884] memfd_create("syzkaller", 0) = 5 [pid 884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 884] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 884] munmap(0x7f676585d000, 138412032) = 0 [pid 884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 884] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 884] close(5) = 0 [pid 884] close(6) = 0 [pid 884] mkdir("./file0", 0777) = 0 [pid 884] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 884] chdir("./file0") = 0 [pid 884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 884] ioctl(6, LOOP_CLR_FD) = 0 [pid 884] close(6) = 0 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] write(6, "#! ./file1\n", 11) = 11 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 884] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 884] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] <... futex resumed>) = 0 [pid 884] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 883] <... futex resumed>) = ? [pid 884] +++ killed by SIGBUS +++ [pid 883] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=883, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 [ 40.746482][ T884] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.779929][ T885] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-884: bg 0: block 234: padding at end of block bitmap is not set umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 889 ./strace-static-x86_64: Process 889 attached [pid 889] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 889] chdir("./91") = 0 [pid 889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 889] setpgid(0, 0) = 0 [pid 889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 889] write(3, "1000", 4) = 4 [pid 889] close(3) = 0 [pid 889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 889] write(1, "executing program\n", 18executing program ) = 18 [pid 889] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 889] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 890 attached => {parent_tid=[890]}, 88) = 890 [pid 890] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 890] <... futex resumed>) = 0 [pid 890] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 890] <... futex resumed>) = 0 [pid 890] ioctl(3, VHOST_SET_OWNER [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 890] <... ioctl resumed>, 0) = 0 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 890] <... futex resumed>) = 0 [pid 890] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 890] <... futex resumed>) = 0 [pid 890] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 890] <... futex resumed>) = 0 [pid 890] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 890] <... futex resumed>) = 0 [pid 890] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 890] <... futex resumed>) = 0 [pid 889] <... futex resumed>) = 1 [pid 890] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 890] <... futex resumed>) = 0 [pid 889] <... futex resumed>) = 1 [pid 890] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 890] <... futex resumed>) = 0 [pid 889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 889] <... futex resumed>) = 0 [pid 890] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 890] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 890] <... futex resumed>) = 0 [pid 889] <... futex resumed>) = 1 [pid 890] memfd_create("syzkaller", 0) = 5 [pid 890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 890] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 890] <... write resumed>) = 1048576 [pid 890] munmap(0x7f676585d000, 138412032) = 0 [pid 890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 890] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 890] close(5) = 0 [pid 890] close(6) = 0 [pid 890] mkdir("./file0", 0777) = 0 [pid 890] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 890] chdir("./file0") = 0 [pid 890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 890] ioctl(6, LOOP_CLR_FD) = 0 [pid 890] close(6) = 0 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 889] <... futex resumed>) = 0 [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 890] <... futex resumed>) = 1 [pid 890] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 889] <... futex resumed>) = 0 [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 890] <... futex resumed>) = 1 [pid 890] write(6, "#! ./file1\n", 11) = 11 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 889] <... futex resumed>) = 0 [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 890] <... futex resumed>) = 1 [pid 890] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 890] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 889] <... futex resumed>) = 0 [pid 889] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 890] <... futex resumed>) = 1 [pid 890] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 889] <... futex resumed>) = ? [pid 890] +++ killed by SIGBUS +++ [pid 889] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=889, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 [ 40.906745][ T890] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.938877][ T891] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-890: bg 0: block 234: padding at end of block bitmap is not set umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 895 attached , child_tidptr=0x55557cd2c690) = 895 [pid 895] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 895] chdir("./92") = 0 [pid 895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 895] setpgid(0, 0) = 0 [pid 895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 895] write(3, "1000", 4) = 4 [pid 895] close(3) = 0 [pid 895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 895] write(1, "executing program\n", 18executing program ) = 18 [pid 895] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 895] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 895] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[896]}, 88) = 896 [pid 895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 896 attached [pid 896] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 896] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 896] memfd_create("syzkaller", 0) = 5 [pid 896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 896] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 896] munmap(0x7f676585d000, 138412032) = 0 [pid 896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 896] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 896] close(5) = 0 [pid 896] close(6) = 0 [pid 896] mkdir("./file0", 0777) = 0 [pid 896] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 896] chdir("./file0") = 0 [pid 896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 896] ioctl(6, LOOP_CLR_FD) = 0 [pid 896] close(6) = 0 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] <... futex resumed>) = 1 [pid 896] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] write(6, "#! ./file1\n", 11) = 11 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] <... futex resumed>) = 1 [pid 896] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 896] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 895] <... futex resumed>) = ? [pid 896] +++ killed by SIGBUS +++ [pid 895] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=895, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 [ 41.086455][ T896] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.119862][ T897] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-896: bg 0: block 234: padding at end of block bitmap is not set umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 901 attached , child_tidptr=0x55557cd2c690) = 901 [pid 901] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 901] chdir("./93") = 0 [pid 901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 901] setpgid(0, 0) = 0 [pid 901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 901] write(3, "1000", 4) = 4 [pid 901] close(3) = 0 [pid 901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 901] write(1, "executing program\n", 18executing program ) = 18 [pid 901] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 901] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 902 attached [pid 902] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 902] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] <... clone3 resumed> => {parent_tid=[902]}, 88) = 902 [pid 901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 902] <... futex resumed>) = 0 [pid 902] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 902] <... futex resumed>) = 0 [pid 902] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 902] <... futex resumed>) = 0 [pid 902] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 902] <... futex resumed>) = 0 [pid 902] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 902] <... futex resumed>) = 0 [pid 902] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 902] <... futex resumed>) = 0 [pid 902] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 902] <... futex resumed>) = 0 [pid 902] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 902] <... futex resumed>) = 0 [pid 901] <... futex resumed>) = 1 [pid 902] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 902] <... futex resumed>) = 0 [pid 901] <... futex resumed>) = 1 [pid 902] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 902] <... futex resumed>) = 0 [pid 901] <... futex resumed>) = 1 [pid 902] memfd_create("syzkaller", 0) = 5 [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 902] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 902] munmap(0x7f676585d000, 138412032) = 0 [pid 902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 902] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 902] close(5) = 0 [pid 902] close(6) = 0 [pid 902] mkdir("./file0", 0777) = 0 [pid 902] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 902] chdir("./file0") = 0 [pid 902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 902] ioctl(6, LOOP_CLR_FD) = 0 [pid 902] close(6) = 0 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 902] <... futex resumed>) = 0 [pid 902] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 902] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 902] <... futex resumed>) = 0 [pid 902] write(6, "#! ./file1\n", 11) = 11 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 902] <... futex resumed>) = 1 [pid 902] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 902] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 902] <... futex resumed>) = 1 [pid 902] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 901] <... futex resumed>) = ? [pid 902] +++ killed by SIGBUS +++ [pid 901] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=901, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 [ 41.284144][ T902] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.313726][ T902] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 907 ./strace-static-x86_64: Process 907 attached [pid 907] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 907] chdir("./94") = 0 [pid 907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 907] setpgid(0, 0) = 0 [pid 907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 907] write(3, "1000", 4) = 4 [pid 907] close(3) = 0 [pid 907] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 907] write(1, "executing program\n", 18) = 18 [pid 907] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 907] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[908]}, 88) = 908 [pid 907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 908 attached [pid 908] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 908] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 908] memfd_create("syzkaller", 0) = 5 [pid 908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 908] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 908] munmap(0x7f676585d000, 138412032) = 0 [pid 908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 908] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 908] close(5) = 0 [pid 908] close(6) = 0 [pid 908] mkdir("./file0", 0777) = 0 [pid 908] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 908] chdir("./file0") = 0 [pid 908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 908] ioctl(6, LOOP_CLR_FD) = 0 [pid 908] close(6) = 0 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] write(6, "#! ./file1\n", 11) = 11 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 908] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 908] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] <... futex resumed>) = 0 [pid 908] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 907] <... futex resumed>) = ? [pid 908] +++ killed by SIGBUS +++ [pid 907] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=907, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 [ 41.456548][ T908] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.490129][ T909] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-908: bg 0: block 234: padding at end of block bitmap is not set umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 913 attached , child_tidptr=0x55557cd2c690) = 913 [pid 913] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 913] chdir("./95") = 0 [pid 913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 913] setpgid(0, 0) = 0 [pid 913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 913] write(3, "1000", 4) = 4 [pid 913] close(3) = 0 [pid 913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 913] write(1, "executing program\n", 18executing program ) = 18 [pid 913] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 913] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[914]}, 88) = 914 [pid 913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 914 attached [pid 914] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 914] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 914] memfd_create("syzkaller", 0) = 5 [pid 914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 914] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 914] munmap(0x7f676585d000, 138412032) = 0 [pid 914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 914] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 914] close(5) = 0 [pid 914] close(6) = 0 [pid 914] mkdir("./file0", 0777) = 0 [pid 914] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 914] chdir("./file0") = 0 [pid 914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 914] ioctl(6, LOOP_CLR_FD) = 0 [pid 914] close(6) = 0 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] write(6, "#! ./file1\n", 11) = 11 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 914] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 41.706945][ T914] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 914] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 913] <... futex resumed>) = 0 [pid 913] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 913] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] <... futex resumed>) = 0 [pid 914] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 913] <... futex resumed>) = ? [pid 914] +++ killed by SIGBUS +++ [pid 913] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=913, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 [ 41.751801][ T915] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-914: bg 0: block 234: padding at end of block bitmap is not set umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 919 ./strace-static-x86_64: Process 919 attached [pid 919] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 919] chdir("./96") = 0 [pid 919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 919] setpgid(0, 0) = 0 [pid 919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 919] write(3, "1000", 4) = 4 [pid 919] close(3) = 0 [pid 919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 919] write(1, "executing program\n", 18executing program ) = 18 [pid 919] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 919] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 920 attached => {parent_tid=[920]}, 88) = 920 [pid 920] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 920] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 920] <... futex resumed>) = 0 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 920] <... futex resumed>) = 0 [pid 920] ioctl(3, VHOST_SET_OWNER [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... ioctl resumed>, 0) = 0 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 920] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 919] <... futex resumed>) = 0 [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 920] <... futex resumed>) = 0 [pid 920] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 920] <... futex resumed>) = 0 [pid 920] ioctl(3, VHOST_SET_MEM_TABLE [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... ioctl resumed>, 0x200000003380) = 0 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 919] <... futex resumed>) = 0 [pid 920] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 920] <... futex resumed>) = 0 [pid 920] eventfd2(118, EFD_SEMAPHORE [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... eventfd2 resumed>) = 4 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 919] <... futex resumed>) = 0 [pid 920] ioctl(3, VHOST_SET_VRING_ERR [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 919] <... futex resumed>) = 0 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... futex resumed>) = 0 [pid 919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 920] ioctl(3, VHOST_SET_VRING_ADDR [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... ioctl resumed>, 0x200000000240) = 0 [pid 919] <... futex resumed>) = 0 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... futex resumed>) = 0 [pid 919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 919] <... futex resumed>) = 0 [pid 920] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 920] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 919] <... futex resumed>) = 0 [pid 920] <... ioctl resumed>, 0x200000000140) = 0 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... futex resumed>) = 0 [pid 919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 920] memfd_create("syzkaller", 0 [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... memfd_create resumed>) = 5 [pid 919] <... futex resumed>) = 0 [pid 920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 920] <... mmap resumed>) = 0x7f676585d000 [pid 920] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 920] munmap(0x7f676585d000, 138412032) = 0 [pid 920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 920] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 920] close(5) = 0 [pid 920] close(6) = 0 [pid 920] mkdir("./file0", 0777) = 0 [pid 920] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 920] chdir("./file0") = 0 [pid 920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 920] ioctl(6, LOOP_CLR_FD) = 0 [pid 920] close(6) = 0 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 919] <... futex resumed>) = 0 [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... futex resumed>) = 1 [pid 920] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 919] <... futex resumed>) = 0 [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] write(6, "#! ./file1\n", 11 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... write resumed>) = 11 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 919] <... futex resumed>) = 0 [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 920] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 919] <... futex resumed>) = 0 [pid 919] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... futex resumed>) = 1 [pid 920] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 919] <... futex resumed>) = ? [pid 920] +++ killed by SIGBUS +++ [pid 919] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=919, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 [ 41.917365][ T920] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.949616][ T921] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-920: bg 0: block 234: padding at end of block bitmap is not set umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 925 ./strace-static-x86_64: Process 925 attached [pid 925] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 925] chdir("./97") = 0 [pid 925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 925] setpgid(0, 0) = 0 [pid 925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 925] write(3, "1000", 4) = 4 [pid 925] close(3) = 0 [pid 925] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 925] write(1, "executing program\n", 18) = 18 [pid 925] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 925] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 926 attached => {parent_tid=[926]}, 88) = 926 [pid 926] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 926] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 926] <... futex resumed>) = 0 [pid 926] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 926] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 926] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 925] <... futex resumed>) = 0 [pid 926] ioctl(3, VHOST_SET_VRING_ADDR [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] <... ioctl resumed>, 0x200000000300) = 0 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 926] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 925] <... futex resumed>) = 0 [pid 926] ioctl(3, VHOST_SET_MEM_TABLE [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] <... ioctl resumed>, 0x200000003380) = 0 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 926] ioctl(3, VHOST_SET_VRING_ERR [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 926] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 926] memfd_create("syzkaller", 0) = 5 [pid 926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 926] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 926] munmap(0x7f676585d000, 138412032) = 0 [pid 926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 926] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 926] close(5) = 0 [pid 926] close(6) = 0 [pid 926] mkdir("./file0", 0777) = 0 [pid 926] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 926] chdir("./file0") = 0 [pid 926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 926] ioctl(6, LOOP_CLR_FD) = 0 [pid 926] close(6) = 0 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] write(6, "#! ./file1\n", 11) = 11 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 926] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 926] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] <... futex resumed>) = 0 [pid 925] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 926] <... futex resumed>) = 0 [pid 926] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 925] <... futex resumed>) = ? [pid 926] +++ killed by SIGBUS +++ [pid 925] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=925, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 [ 42.096558][ T926] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.130348][ T927] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-926: bg 0: block 234: padding at end of block bitmap is not set umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 931 attached [pid 931] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 931] chdir("./98") = 0 [pid 931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 931] setpgid(0, 0) = 0 [pid 931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 931] write(3, "1000", 4) = 4 [pid 931] close(3) = 0 [pid 931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 931] write(1, "executing program\n", 18) = 18 executing program [pid 931] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 931] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[932]}, 88) = 932 [pid 931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 932 attached [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 931 [pid 932] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 932] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 932] memfd_create("syzkaller", 0) = 5 [pid 932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 932] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 932] munmap(0x7f676585d000, 138412032) = 0 [pid 932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 932] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 932] close(5) = 0 [pid 932] close(6) = 0 [pid 932] mkdir("./file0", 0777) = 0 [pid 932] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 932] chdir("./file0") = 0 [pid 932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 932] ioctl(6, LOOP_CLR_FD) = 0 [pid 932] close(6) = 0 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] write(6, "#! ./file1\n", 11) = 11 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 932] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 932] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 931] <... futex resumed>) = 0 [pid 931] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 931] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 932] <... futex resumed>) = 0 [pid 932] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 931] <... futex resumed>) = ? [pid 932] +++ killed by SIGBUS +++ [pid 931] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=931, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 [ 42.246680][ T932] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.280141][ T933] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-932: bg 0: block 234: padding at end of block bitmap is not set umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 937 ./strace-static-x86_64: Process 937 attached [pid 937] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 937] chdir("./99") = 0 [pid 937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 937] setpgid(0, 0) = 0 [pid 937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 937] write(3, "1000", 4) = 4 [pid 937] close(3) = 0 [pid 937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 937] write(1, "executing program\n", 18executing program ) = 18 [pid 937] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 937] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 937] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 937] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 938 attached => {parent_tid=[938]}, 88) = 938 [pid 938] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 938] <... futex resumed>) = 0 [pid 938] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 938] <... futex resumed>) = 0 [pid 938] ioctl(3, VHOST_SET_OWNER [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 938] <... ioctl resumed>, 0) = 0 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 938] <... futex resumed>) = 0 [pid 938] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 937] <... futex resumed>) = 1 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 938] <... futex resumed>) = 0 [pid 938] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 938] <... futex resumed>) = 0 [pid 938] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 938] <... futex resumed>) = 0 [pid 938] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 938] <... futex resumed>) = 0 [pid 938] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 938] <... futex resumed>) = 0 [pid 938] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 938] <... futex resumed>) = 0 [pid 937] <... futex resumed>) = 1 [pid 938] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 938] <... futex resumed>) = 0 [pid 937] <... futex resumed>) = 1 [pid 938] memfd_create("syzkaller", 0) = 5 [pid 938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 938] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 938] <... write resumed>) = 1048576 [pid 938] munmap(0x7f676585d000, 138412032) = 0 [pid 938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 938] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 938] close(5) = 0 [pid 938] close(6) = 0 [pid 938] mkdir("./file0", 0777) = 0 [pid 938] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 938] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 938] chdir("./file0") = 0 [pid 938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 938] ioctl(6, LOOP_CLR_FD) = 0 [pid 938] close(6) = 0 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 937] <... futex resumed>) = 0 [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 938] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 938] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 937] <... futex resumed>) = 0 [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 938] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 938] write(6, "#! ./file1\n", 11) = 11 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 937] <... futex resumed>) = 0 [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 938] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 938] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 937] <... futex resumed>) = 0 [pid 937] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 938] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 937] <... futex resumed>) = ? [pid 938] +++ killed by SIGBUS +++ [pid 937] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=937, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 [ 42.446408][ T938] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.479066][ T939] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-938: bg 0: block 234: padding at end of block bitmap is not set umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 943 attached [pid 943] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 943] chdir("./100") = 0 [pid 943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 943] setpgid(0, 0) = 0 [pid 943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 943] write(3, "1000", 4) = 4 [pid 943] close(3) = 0 [pid 943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 943 [pid 943] write(1, "executing program\n", 18executing program ) = 18 [pid 943] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 943] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 943] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 943] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[944]}, 88) = 944 [pid 943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 944 attached [pid 944] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 944] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 944] memfd_create("syzkaller", 0) = 5 [pid 944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 944] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 944] munmap(0x7f676585d000, 138412032) = 0 [pid 944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 944] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 944] close(5) = 0 [pid 944] close(6) = 0 [pid 944] mkdir("./file0", 0777) = 0 [pid 944] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 944] chdir("./file0") = 0 [pid 944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 944] ioctl(6, LOOP_CLR_FD) = 0 [pid 944] close(6) = 0 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] write(6, "#! ./file1\n", 11) = 11 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 944] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 943] <... futex resumed>) = 0 [pid 943] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 943] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 943] <... futex resumed>) = ? [pid 944] +++ killed by SIGBUS +++ [pid 943] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=943, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 [ 42.656644][ T944] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.690276][ T945] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-944: bg 0: block 234: padding at end of block bitmap is not set umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 949 attached [pid 949] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 949] chdir("./101") = 0 [pid 949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 949] setpgid(0, 0) = 0 [pid 949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 949] write(3, "1000", 4) = 4 [pid 949] close(3) = 0 [pid 949] symlink("/dev/binderfs", "./binderfs" [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 949 executing program [pid 949] <... symlink resumed>) = 0 [pid 949] write(1, "executing program\n", 18) = 18 [pid 949] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 949] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 949] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[950]}, 88) = 950 [pid 949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 950 attached [pid 950] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 950] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 950] memfd_create("syzkaller", 0) = 5 [pid 950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 950] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 950] munmap(0x7f676585d000, 138412032) = 0 [pid 950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 950] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 950] close(5) = 0 [pid 950] close(6) = 0 [pid 950] mkdir("./file0", 0777) = 0 [pid 950] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 950] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 950] chdir("./file0") = 0 [pid 950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 950] ioctl(6, LOOP_CLR_FD) = 0 [pid 950] close(6) = 0 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] write(6, "#! ./file1\n", 11) = 11 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 950] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 950] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] <... futex resumed>) = 0 [pid 950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 949] <... futex resumed>) = ? [pid 950] +++ killed by SIGBUS +++ [pid 949] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=949, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 [ 42.796609][ T950] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.830138][ T951] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-950: bg 0: block 234: padding at end of block bitmap is not set umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 955 ./strace-static-x86_64: Process 955 attached [pid 955] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 955] chdir("./102") = 0 [pid 955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 955] setpgid(0, 0) = 0 [pid 955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 955] write(3, "1000", 4) = 4 [pid 955] close(3) = 0 [pid 955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 955] write(1, "executing program\n", 18executing program ) = 18 [pid 955] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 955] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 955] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 955] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 956 attached [pid 956] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] <... clone3 resumed> => {parent_tid=[956]}, 88) = 956 [pid 955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 956] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 956] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 956] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 956] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 956] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 956] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 956] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 956] <... futex resumed>) = 0 [pid 955] <... futex resumed>) = 1 [pid 956] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 956] <... futex resumed>) = 0 [pid 955] <... futex resumed>) = 1 [pid 956] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 956] memfd_create("syzkaller", 0) = 5 [pid 956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 956] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 956] munmap(0x7f676585d000, 138412032) = 0 [pid 956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 956] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 956] close(5) = 0 [pid 956] close(6) = 0 [pid 956] mkdir("./file0", 0777) = 0 [pid 956] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 956] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 956] chdir("./file0") = 0 [pid 956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 956] ioctl(6, LOOP_CLR_FD) = 0 [pid 956] close(6) = 0 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 955] <... futex resumed>) = 0 [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 956] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 955] <... futex resumed>) = 0 [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 956] write(6, "#! ./file1\n", 11) = 11 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 955] <... futex resumed>) = 0 [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 956] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 956] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 955] <... futex resumed>) = 0 [pid 955] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 955] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 956] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 955] <... futex resumed>) = ? [pid 956] +++ killed by SIGBUS +++ [pid 955] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=955, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 [ 42.966490][ T956] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.000895][ T957] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-956: bg 0: block 234: padding at end of block bitmap is not set umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 961 attached , child_tidptr=0x55557cd2c690) = 961 [pid 961] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 961] chdir("./103") = 0 [pid 961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 961] setpgid(0, 0) = 0 [pid 961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 961] write(3, "1000", 4) = 4 [pid 961] close(3) = 0 [pid 961] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 961] write(1, "executing program\n", 18) = 18 [pid 961] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 961] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 961] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 961] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[962]}, 88) = 962 [pid 961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 962 attached [pid 962] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 962] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 962] memfd_create("syzkaller", 0) = 5 [pid 962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 962] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 962] munmap(0x7f676585d000, 138412032) = 0 [pid 962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 962] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 962] close(5) = 0 [pid 962] close(6) = 0 [pid 962] mkdir("./file0", 0777) = 0 [pid 962] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 962] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 962] chdir("./file0") = 0 [pid 962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 962] ioctl(6, LOOP_CLR_FD) = 0 [pid 962] close(6) = 0 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] write(6, "#! ./file1\n", 11) = 11 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 962] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 962] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 961] <... futex resumed>) = 0 [pid 961] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 961] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] <... futex resumed>) = 0 [pid 962] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 961] <... futex resumed>) = ? [pid 962] +++ killed by SIGBUS +++ [pid 961] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=961, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 [ 43.146552][ T962] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.179656][ T963] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-962: bg 0: block 234: padding at end of block bitmap is not set umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 967 ./strace-static-x86_64: Process 967 attached [pid 967] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 967] chdir("./104") = 0 [pid 967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 967] setpgid(0, 0) = 0 [pid 967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 967] write(3, "1000", 4) = 4 [pid 967] close(3) = 0 [pid 967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 967] write(1, "executing program\n", 18executing program ) = 18 [pid 967] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 967] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[968]}, 88) = 968 [pid 967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 968 attached [pid 968] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 968] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 968] memfd_create("syzkaller", 0) = 5 [pid 968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 968] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 968] munmap(0x7f676585d000, 138412032) = 0 [pid 968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 968] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 968] close(5) = 0 [pid 968] close(6) = 0 [pid 968] mkdir("./file0", 0777) = 0 [pid 968] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 968] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 968] chdir("./file0") = 0 [pid 968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 968] ioctl(6, LOOP_CLR_FD) = 0 [pid 968] close(6) = 0 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] write(6, "#! ./file1\n", 11) = 11 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 968] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 968] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 967] <... futex resumed>) = 0 [pid 967] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 967] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] <... futex resumed>) = 0 [pid 968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 967] <... futex resumed>) = ? [pid 968] +++ killed by SIGBUS +++ [pid 967] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=967, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 [ 43.366502][ T968] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.400406][ T969] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-968: bg 0: block 234: padding at end of block bitmap is not set umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 973 attached , child_tidptr=0x55557cd2c690) = 973 [pid 973] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 973] chdir("./105") = 0 [pid 973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 973] setpgid(0, 0) = 0 [pid 973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 973] write(3, "1000", 4) = 4 [pid 973] close(3) = 0 [pid 973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 973] write(1, "executing program\n", 18executing program ) = 18 [pid 973] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 973] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[974]}, 88) = 974 [pid 973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 974 attached [pid 974] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 974] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 974] memfd_create("syzkaller", 0) = 5 [pid 974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 974] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 974] munmap(0x7f676585d000, 138412032) = 0 [pid 974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 974] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 974] close(5) = 0 [pid 974] close(6) = 0 [pid 974] mkdir("./file0", 0777) = 0 [pid 974] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 974] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 974] chdir("./file0") = 0 [pid 974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 974] ioctl(6, LOOP_CLR_FD) = 0 [pid 974] close(6) = 0 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] write(6, "#! ./file1\n", 11) = 11 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 974] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 974] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 973] <... futex resumed>) = 0 [pid 973] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 973] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] <... futex resumed>) = 0 [pid 974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 973] <... futex resumed>) = ? [pid 974] +++ killed by SIGBUS +++ [pid 973] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=973, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 [ 43.566478][ T974] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.600066][ T975] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-974: bg 0: block 234: padding at end of block bitmap is not set umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 979 ./strace-static-x86_64: Process 979 attached [pid 979] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 979] chdir("./106") = 0 [pid 979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 979] setpgid(0, 0) = 0 [pid 979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 979] write(3, "1000", 4) = 4 [pid 979] close(3) = 0 [pid 979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 979] write(1, "executing program\n", 18executing program ) = 18 [pid 979] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 979] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 979] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 979] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 979] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 979] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 980 attached [pid 980] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 980] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 979] <... clone3 resumed> => {parent_tid=[980]}, 88) = 980 [pid 979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 980] <... futex resumed>) = 0 [pid 980] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... openat resumed>) = 3 [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 980] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 980] <... futex resumed>) = 0 [pid 980] ioctl(3, VHOST_SET_OWNER [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... ioctl resumed>, 0) = 0 [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 980] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 979] <... futex resumed>) = 0 [pid 980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 979] <... futex resumed>) = 0 [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 979] <... futex resumed>) = 0 [pid 980] ioctl(3, VHOST_SET_MEM_TABLE [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... ioctl resumed>, 0x200000003380) = 0 [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 979] <... futex resumed>) = 0 [pid 980] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... futex resumed>) = 0 [pid 979] <... futex resumed>) = 1 [pid 980] eventfd2(118, EFD_SEMAPHORE [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... eventfd2 resumed>) = 4 [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 979] <... futex resumed>) = 0 [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 980] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... futex resumed>) = 0 [pid 979] <... futex resumed>) = 0 [pid 980] ioctl(3, VHOST_SET_VRING_ADDR [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... ioctl resumed>, 0x200000000240) = 0 [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... futex resumed>) = 0 [pid 980] ioctl(3, VHOST_SET_VRING_KICK [pid 979] <... futex resumed>) = 0 [pid 980] <... ioctl resumed>, 0x200000000000) = 0 [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 980] <... futex resumed>) = 0 [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 980] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 980] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... futex resumed>) = 0 [pid 979] <... futex resumed>) = 1 [pid 980] memfd_create("syzkaller", 0 [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 980] <... memfd_create resumed>) = 5 [pid 980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 980] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 980] munmap(0x7f676585d000, 138412032) = 0 [pid 980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 980] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 980] close(5) = 0 [pid 980] close(6) = 0 [pid 980] mkdir("./file0", 0777) = 0 [pid 980] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 980] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 980] chdir("./file0") = 0 [pid 980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 980] ioctl(6, LOOP_CLR_FD) = 0 [pid 980] close(6) = 0 [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 979] <... futex resumed>) = 0 [pid 980] <... futex resumed>) = 1 [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 979] <... futex resumed>) = 0 [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... openat resumed>) = 6 [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 979] <... futex resumed>) = 0 [pid 980] <... futex resumed>) = 1 [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] write(6, "#! ./file1\n", 11 [pid 979] <... futex resumed>) = 0 [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... write resumed>) = 11 [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 979] <... futex resumed>) = 0 [pid 980] <... futex resumed>) = 1 [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 979] <... futex resumed>) = 0 [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... mmap resumed>) = 0x200000000000 [ 43.796450][ T980] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 980] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 979] <... futex resumed>) = 0 [pid 979] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 979] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... futex resumed>) = 1 [pid 980] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 979] <... futex resumed>) = ? [pid 980] +++ killed by SIGBUS +++ [pid 979] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=979, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 [ 43.841558][ T981] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-980: bg 0: block 234: padding at end of block bitmap is not set umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 985 attached , child_tidptr=0x55557cd2c690) = 985 [pid 985] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 985] chdir("./107") = 0 [pid 985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 985] setpgid(0, 0) = 0 [pid 985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 985] write(3, "1000", 4) = 4 [pid 985] close(3) = 0 [pid 985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 985] write(1, "executing program\n", 18executing program ) = 18 [pid 985] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 985] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 985] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[986]}, 88) = 986 [pid 985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 986 attached [pid 986] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 986] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] <... futex resumed>) = 0 [pid 986] <... futex resumed>) = 1 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 986] memfd_create("syzkaller", 0) = 5 [pid 986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 986] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 986] munmap(0x7f676585d000, 138412032) = 0 [pid 986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 986] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 986] close(5) = 0 [pid 986] close(6) = 0 [pid 986] mkdir("./file0", 0777) = 0 [pid 986] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 986] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 986] chdir("./file0") = 0 [pid 986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 986] ioctl(6, LOOP_CLR_FD) = 0 [pid 986] close(6) = 0 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] write(6, "#! ./file1\n", 11) = 11 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 986] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 43.996584][ T986] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 986] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] <... futex resumed>) = 0 [pid 986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 985] <... futex resumed>) = ? [pid 986] +++ killed by SIGBUS +++ [pid 985] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=985, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 [ 44.032877][ T987] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-986: bg 0: block 234: padding at end of block bitmap is not set umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 991 ./strace-static-x86_64: Process 991 attached [pid 991] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 991] chdir("./108") = 0 [pid 991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 991] setpgid(0, 0) = 0 [pid 991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 991] write(3, "1000", 4) = 4 [pid 991] close(3) = 0 [pid 991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 991] write(1, "executing program\n", 18executing program ) = 18 [pid 991] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 991] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 992 attached => {parent_tid=[992]}, 88) = 992 [pid 992] set_robust_list(0x7f676dc7d9a0, 24 [pid 991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] <... set_robust_list resumed>) = 0 [pid 992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 992] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 992] <... futex resumed>) = 1 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 992] memfd_create("syzkaller", 0) = 5 [pid 992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 992] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 992] munmap(0x7f676585d000, 138412032) = 0 [pid 992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 992] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 992] close(5) = 0 [pid 992] close(6) = 0 [pid 992] mkdir("./file0", 0777) = 0 [pid 992] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 992] chdir("./file0") = 0 [pid 992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 992] ioctl(6, LOOP_CLR_FD) = 0 [pid 992] close(6) = 0 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] write(6, "#! ./file1\n", 11) = 11 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 992] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 992] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 991] <... futex resumed>) = 0 [pid 991] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 991] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] <... futex resumed>) = 0 [pid 992] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 991] <... futex resumed>) = ? [pid 992] +++ killed by SIGBUS +++ [pid 991] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=991, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 [ 44.182598][ T992] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.216486][ T993] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-992: bg 0: block 234: padding at end of block bitmap is not set umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 997 attached , child_tidptr=0x55557cd2c690) = 997 [pid 997] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 997] chdir("./109") = 0 [pid 997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 997] setpgid(0, 0) = 0 [pid 997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 997] write(3, "1000", 4) = 4 [pid 997] close(3) = 0 [pid 997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 997] write(1, "executing program\n", 18executing program ) = 18 [pid 997] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 997] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 997] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 997] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 998 attached [pid 998] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 998] rt_sigprocmask(SIG_SETMASK, [], [pid 997] <... clone3 resumed> => {parent_tid=[998]}, 88) = 998 [pid 998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 998] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 998] <... futex resumed>) = 0 [pid 998] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 998] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 998] <... futex resumed>) = 0 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 998] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] <... futex resumed>) = 0 [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 0 [pid 998] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 998] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] <... futex resumed>) = 0 [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] <... futex resumed>) = 0 [pid 997] <... futex resumed>) = 1 [pid 998] ioctl(3, VHOST_SET_MEM_TABLE [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... ioctl resumed>, 0x200000003380) = 0 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 997] <... futex resumed>) = 0 [pid 998] eventfd2(118, EFD_SEMAPHORE [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] <... eventfd2 resumed>) = 4 [pid 997] <... futex resumed>) = 0 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 997] <... futex resumed>) = 0 [pid 998] ioctl(3, VHOST_SET_VRING_ERR [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 997] <... futex resumed>) = 0 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 997] <... futex resumed>) = 0 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 0 [pid 997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 998] ioctl(3, VHOST_SET_VRING_KICK [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] <... ioctl resumed>, 0x200000000000) = 0 [pid 997] <... futex resumed>) = 0 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 0 [pid 998] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 997] <... futex resumed>) = 0 [pid 998] <... ioctl resumed>, 0x200000000140) = 0 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 997] <... futex resumed>) = 0 [pid 998] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] <... futex resumed>) = 0 [pid 997] <... futex resumed>) = 1 [pid 998] memfd_create("syzkaller", 0 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 998] <... memfd_create resumed>) = 5 [pid 998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 998] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 998] munmap(0x7f676585d000, 138412032) = 0 [pid 998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 998] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 998] close(5) = 0 [pid 998] close(6) = 0 [pid 998] mkdir("./file0", 0777) = 0 [pid 998] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 998] chdir("./file0") = 0 [pid 998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 998] ioctl(6, LOOP_CLR_FD) = 0 [pid 998] close(6) = 0 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] <... futex resumed>) = 0 [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 1 [pid 998] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] <... futex resumed>) = 0 [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 1 [pid 998] write(6, "#! ./file1\n", 11) = 11 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] <... futex resumed>) = 0 [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 1 [pid 998] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 998] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] <... futex resumed>) = 0 [pid 997] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 997] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 1 [pid 998] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 997] <... futex resumed>) = ? [pid 998] +++ killed by SIGBUS +++ [pid 997] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=997, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 [ 44.396340][ T998] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.427659][ T999] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-998: bg 0: block 234: padding at end of block bitmap is not set umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1003 ./strace-static-x86_64: Process 1003 attached [pid 1003] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1003] chdir("./110") = 0 [pid 1003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1003] setpgid(0, 0) = 0 [pid 1003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1003] write(3, "1000", 4) = 4 [pid 1003] close(3) = 0 [pid 1003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1003] write(1, "executing program\n", 18executing program ) = 18 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1003] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1003] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1004 attached [pid 1004] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1004] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] <... clone3 resumed> => {parent_tid=[1004]}, 88) = 1004 [pid 1003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1004] <... futex resumed>) = 0 [pid 1003] <... futex resumed>) = 1 [pid 1004] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1004] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1004] <... futex resumed>) = 0 [pid 1004] ioctl(3, VHOST_SET_OWNER [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... ioctl resumed>, 0) = 0 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1004] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1004] <... futex resumed>) = 0 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1004] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1004] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1004] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1004] <... futex resumed>) = 0 [pid 1003] <... futex resumed>) = 1 [pid 1004] eventfd2(118, EFD_SEMAPHORE [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... eventfd2 resumed>) = 4 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1003] <... futex resumed>) = 0 [pid 1004] ioctl(3, VHOST_SET_VRING_ERR [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1004] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] <... futex resumed>) = 0 [pid 1004] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1004] <... futex resumed>) = 0 [pid 1003] <... futex resumed>) = 1 [pid 1004] ioctl(3, VHOST_SET_VRING_ADDR [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... ioctl resumed>, 0x200000000240) = 0 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1003] <... futex resumed>) = 0 [pid 1004] ioctl(3, VHOST_SET_VRING_KICK [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1004] <... ioctl resumed>, 0x200000000000) = 0 [pid 1003] <... futex resumed>) = 0 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1004] <... futex resumed>) = 0 [pid 1003] <... futex resumed>) = 1 [pid 1004] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... ioctl resumed>, 0x200000000140) = 0 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1003] <... futex resumed>) = 0 [pid 1004] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1004] <... futex resumed>) = 0 [pid 1003] <... futex resumed>) = 1 [pid 1004] memfd_create("syzkaller", 0 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1004] <... memfd_create resumed>) = 5 [pid 1004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1004] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1004] munmap(0x7f676585d000, 138412032) = 0 [pid 1004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1004] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1004] close(5) = 0 [pid 1004] close(6) = 0 [pid 1004] mkdir("./file0", 0777) = 0 [pid 1004] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1004] chdir("./file0") = 0 [pid 1004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1004] ioctl(6, LOOP_CLR_FD) = 0 [pid 1004] close(6) = 0 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1004] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1004] <... futex resumed>) = 0 [pid 1004] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... openat resumed>) = 6 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... futex resumed>) = 1 [pid 1004] write(6, "#! ./file1\n", 11) = 11 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... futex resumed>) = 1 [pid 1004] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1004] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... futex resumed>) = 1 [pid 1004] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1003] <... futex resumed>) = ? [pid 1004] +++ killed by SIGBUS +++ [pid 1003] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1003, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 [ 44.616381][ T1004] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.645602][ T1004] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1009 attached , child_tidptr=0x55557cd2c690) = 1009 [pid 1009] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1009] chdir("./111") = 0 [pid 1009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1009] setpgid(0, 0) = 0 [pid 1009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1009] write(3, "1000", 4) = 4 [pid 1009] close(3) = 0 [pid 1009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1009] write(1, "executing program\n", 18executing program ) = 18 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1009] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1010]}, 88) = 1010 [pid 1009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1010 attached [pid 1010] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1010] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1010] memfd_create("syzkaller", 0) = 5 [pid 1010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1010] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1010] munmap(0x7f676585d000, 138412032) = 0 [pid 1010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1010] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1010] close(5) = 0 [pid 1010] close(6) = 0 [pid 1010] mkdir("./file0", 0777) = 0 [pid 1010] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1010] chdir("./file0") = 0 [pid 1010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1010] ioctl(6, LOOP_CLR_FD) = 0 [pid 1010] close(6) = 0 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] write(6, "#! ./file1\n", 11) = 11 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1010] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1009] <... futex resumed>) = ? [pid 1010] +++ killed by SIGBUS +++ [pid 1009] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1009, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 [ 44.803492][ T1010] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.837061][ T1011] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1010: bg 0: block 234: padding at end of block bitmap is not set umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55557cd2c690) = 1015 ./strace-static-x86_64: Process 1015 attached [pid 1015] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1015] chdir("./112") = 0 [pid 1015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1015] setpgid(0, 0) = 0 [pid 1015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1015] write(3, "1000", 4) = 4 [pid 1015] close(3) = 0 [pid 1015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1015] write(1, "executing program\n", 18) = 18 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1015] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1016]}, 88) = 1016 [pid 1015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1016 attached [pid 1016] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1016] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] <... futex resumed>) = 0 [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 1 [pid 1016] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1015] <... futex resumed>) = 0 [pid 1016] ioctl(3, VHOST_SET_VRING_ADDR [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... ioctl resumed>, 0x200000000300) = 0 [pid 1015] <... futex resumed>) = 0 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1016] ioctl(3, VHOST_SET_MEM_TABLE [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... ioctl resumed>, 0x200000003380) = 0 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1015] <... futex resumed>) = 0 [pid 1016] eventfd2(118, EFD_SEMAPHORE [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... eventfd2 resumed>) = 4 [pid 1015] <... futex resumed>) = 0 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1016] ioctl(3, VHOST_SET_VRING_ERR [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1015] <... futex resumed>) = 0 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1016] ioctl(3, VHOST_SET_VRING_ADDR [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... ioctl resumed>, 0x200000000240) = 0 [pid 1015] <... futex resumed>) = 0 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1016] ioctl(3, VHOST_SET_VRING_KICK [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... ioctl resumed>, 0x200000000000) = 0 [pid 1015] <... futex resumed>) = 0 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1016] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... ioctl resumed>, 0x200000000140) = 0 [pid 1015] <... futex resumed>) = 0 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1016] memfd_create("syzkaller", 0 [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... memfd_create resumed>) = 5 [pid 1015] <... futex resumed>) = 0 [pid 1016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1016] <... mmap resumed>) = 0x7f676585d000 [pid 1016] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1016] munmap(0x7f676585d000, 138412032) = 0 [pid 1016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1016] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1016] close(5) = 0 [pid 1016] close(6) = 0 [pid 1016] mkdir("./file0", 0777) = 0 [pid 1016] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1016] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1016] chdir("./file0") = 0 [pid 1016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1016] ioctl(6, LOOP_CLR_FD) = 0 [pid 1016] close(6) = 0 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] <... futex resumed>) = 0 [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 1 [pid 1016] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1015] <... futex resumed>) = 0 [pid 1016] write(6, "#! ./file1\n", 11 [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... write resumed>) = 11 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1015] <... futex resumed>) = 0 [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1016] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1015] <... futex resumed>) = 0 [pid 1015] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1015] <... futex resumed>) = ? [pid 1016] +++ killed by SIGBUS +++ [pid 1015] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1015, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 [ 45.045990][ T1016] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.078712][ T1017] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1016: bg 0: block 234: padding at end of block bitmap is not set umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1022 attached , child_tidptr=0x55557cd2c690) = 1022 [pid 1022] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1022] chdir("./113") = 0 [pid 1022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1022] setpgid(0, 0) = 0 [pid 1022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1022] write(3, "1000", 4) = 4 [pid 1022] close(3) = 0 [pid 1022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1022] write(1, "executing program\n", 18) = 18 executing program [pid 1022] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1022] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1022] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1022] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1022] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1023]}, 88) = 1023 [pid 1022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1023 attached [pid 1023] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1023] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1023] memfd_create("syzkaller", 0) = 5 [pid 1023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1023] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1023] munmap(0x7f676585d000, 138412032) = 0 [pid 1023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1023] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1023] close(5) = 0 [pid 1023] close(6) = 0 [pid 1023] mkdir("./file0", 0777) = 0 [pid 1023] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1023] chdir("./file0") = 0 [pid 1023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1023] ioctl(6, LOOP_CLR_FD) = 0 [pid 1023] close(6) = 0 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] write(6, "#! ./file1\n", 11) = 11 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1023] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1022] <... futex resumed>) = 0 [pid 1022] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 45.226528][ T1023] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 1022] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] <... futex resumed>) = 1 [pid 1023] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1022] <... futex resumed>) = ? [pid 1023] +++ killed by SIGBUS +++ [pid 1022] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1022, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 45.271466][ T1024] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1023: bg 0: block 234: padding at end of block bitmap is not set getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1028 attached , child_tidptr=0x55557cd2c690) = 1028 [pid 1028] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1028] chdir("./114") = 0 [pid 1028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1028] setpgid(0, 0) = 0 [pid 1028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1028] write(3, "1000", 4) = 4 [pid 1028] close(3) = 0 [pid 1028] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1028] write(1, "executing program\n", 18) = 18 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1028] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1028] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1029 attached [pid 1029] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1028] <... clone3 resumed> => {parent_tid=[1029]}, 88) = 1029 [pid 1028] rt_sigprocmask(SIG_SETMASK, [], [pid 1029] rt_sigprocmask(SIG_SETMASK, [], [pid 1028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1029] ioctl(3, VHOST_SET_OWNER [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] <... ioctl resumed>, 0) = 0 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1029] memfd_create("syzkaller", 0) = 5 [pid 1029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1029] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1029] munmap(0x7f676585d000, 138412032) = 0 [pid 1029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1029] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1029] close(5) = 0 [pid 1029] close(6) = 0 [pid 1029] mkdir("./file0", 0777) = 0 [pid 1029] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1029] chdir("./file0") = 0 [pid 1029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1029] ioctl(6, LOOP_CLR_FD) = 0 [pid 1029] close(6) = 0 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] <... futex resumed>) = 1 [pid 1029] write(6, "#! ./file1\n", 11) = 11 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] <... futex resumed>) = 1 [pid 1029] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1029] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1028] <... futex resumed>) = 0 [pid 1028] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 45.526436][ T1029] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 1028] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] <... futex resumed>) = 1 [pid 1029] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1028] <... futex resumed>) = ? [pid 1029] +++ killed by SIGBUS +++ [pid 1028] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1028, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 [ 45.570622][ T1030] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1029: bg 0: block 234: padding at end of block bitmap is not set umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1034 attached , child_tidptr=0x55557cd2c690) = 1034 [pid 1034] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1034] chdir("./115") = 0 [pid 1034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1034] setpgid(0, 0) = 0 [pid 1034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1034] write(3, "1000", 4) = 4 [pid 1034] close(3) = 0 [pid 1034] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1034] write(1, "executing program\n", 18) = 18 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1034] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1035 attached => {parent_tid=[1035]}, 88) = 1035 [pid 1035] set_robust_list(0x7f676dc7d9a0, 24 [pid 1034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] <... set_robust_list resumed>) = 0 [pid 1035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1035] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] <... futex resumed>) = 1 [pid 1035] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1035] memfd_create("syzkaller", 0) = 5 [pid 1035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1035] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1035] munmap(0x7f676585d000, 138412032) = 0 [pid 1035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1035] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1035] close(5) = 0 [pid 1035] close(6) = 0 [pid 1035] mkdir("./file0", 0777) = 0 [pid 1035] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1035] chdir("./file0") = 0 [pid 1035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1035] ioctl(6, LOOP_CLR_FD) = 0 [pid 1035] close(6) = 0 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] write(6, "#! ./file1\n", 11) = 11 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1035] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1035] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] <... futex resumed>) = 0 [pid 1035] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1034] <... futex resumed>) = ? [pid 1035] +++ killed by SIGBUS +++ [pid 1034] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1034, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 [ 45.721074][ T1035] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.754433][ T1036] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1035: bg 0: block 234: padding at end of block bitmap is not set umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1040 ./strace-static-x86_64: Process 1040 attached [pid 1040] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1040] chdir("./116") = 0 [pid 1040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1040] setpgid(0, 0) = 0 [pid 1040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1040] write(3, "1000", 4) = 4 [pid 1040] close(3) = 0 [pid 1040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1040] write(1, "executing program\n", 18executing program ) = 18 [pid 1040] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1040] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1040] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1040] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1041 attached [pid 1041] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] <... clone3 resumed> => {parent_tid=[1041]}, 88) = 1041 [pid 1040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1041] <... futex resumed>) = 0 [pid 1041] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1041] <... futex resumed>) = 0 [pid 1041] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1041] <... futex resumed>) = 0 [pid 1041] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1041] <... futex resumed>) = 0 [pid 1041] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1041] <... futex resumed>) = 0 [pid 1041] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1041] <... futex resumed>) = 0 [pid 1041] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1041] <... futex resumed>) = 0 [pid 1041] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1041] <... futex resumed>) = 0 [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1041] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 1040] <... futex resumed>) = 1 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1041] <... futex resumed>) = 0 [pid 1040] <... futex resumed>) = 1 [pid 1041] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] <... futex resumed>) = 0 [pid 1041] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1041] <... futex resumed>) = 0 [pid 1040] <... futex resumed>) = 1 [pid 1041] memfd_create("syzkaller", 0) = 5 [pid 1041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1041] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1041] <... write resumed>) = 1048576 [pid 1041] munmap(0x7f676585d000, 138412032) = 0 [pid 1041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1041] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1041] close(5) = 0 [pid 1041] close(6) = 0 [pid 1041] mkdir("./file0", 0777) = 0 [pid 1041] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1041] chdir("./file0") = 0 [pid 1041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1041] ioctl(6, LOOP_CLR_FD) = 0 [pid 1041] close(6) = 0 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1040] <... futex resumed>) = 0 [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1040] <... futex resumed>) = 0 [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] write(6, "#! ./file1\n", 11) = 11 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1040] <... futex resumed>) = 0 [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1041] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1040] <... futex resumed>) = 0 [pid 1040] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1040] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1040] <... futex resumed>) = ? [pid 1041] +++ killed by SIGBUS +++ [pid 1040] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1040, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 [ 45.905411][ T1042] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1041: bg 0: block 234: padding at end of block bitmap is not set umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1046 attached [pid 1046] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1046] chdir("./117") = 0 [pid 1046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1046] setpgid(0, 0) = 0 [pid 1046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1046] write(3, "1000", 4) = 4 [pid 1046] close(3) = 0 [pid 1046] symlink("/dev/binderfs", "./binderfs"executing program [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 1046 [pid 1046] <... symlink resumed>) = 0 [pid 1046] write(1, "executing program\n", 18) = 18 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1046] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1047 attached [pid 1047] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1047] rt_sigprocmask(SIG_SETMASK, [], [pid 1046] <... clone3 resumed> => {parent_tid=[1047]}, 88) = 1047 [pid 1047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1047] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1047] <... futex resumed>) = 0 [pid 1047] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1047] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1047] <... futex resumed>) = 0 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] <... futex resumed>) = 0 [pid 1047] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1046] <... futex resumed>) = 0 [pid 1047] ioctl(3, VHOST_SET_VRING_ADDR [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] <... ioctl resumed>, 0x200000000300) = 0 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] <... futex resumed>) = 0 [pid 1047] ioctl(3, VHOST_SET_MEM_TABLE [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] <... ioctl resumed>, 0x200000003380) = 0 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] <... futex resumed>) = 0 [pid 1047] eventfd2(118, EFD_SEMAPHORE [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1047] <... eventfd2 resumed>) = 4 [pid 1046] <... futex resumed>) = 0 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] <... futex resumed>) = 0 [pid 1046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1047] ioctl(3, VHOST_SET_VRING_ERR [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1047] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] <... futex resumed>) = 0 [pid 1047] ioctl(3, VHOST_SET_VRING_ADDR [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1047] <... ioctl resumed>, 0x200000000240) = 0 [pid 1046] <... futex resumed>) = 0 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] <... futex resumed>) = 0 [pid 1046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1047] ioctl(3, VHOST_SET_VRING_KICK [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1047] <... ioctl resumed>, 0x200000000000) = 0 [pid 1046] <... futex resumed>) = 0 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] <... futex resumed>) = 0 [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1047] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1046] <... futex resumed>) = 0 [pid 1047] <... ioctl resumed>, 0x200000000140) = 0 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] <... futex resumed>) = 0 [pid 1047] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1046] <... futex resumed>) = 0 [pid 1047] memfd_create("syzkaller", 0 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1047] <... memfd_create resumed>) = 5 [pid 1047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1047] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1047] munmap(0x7f676585d000, 138412032) = 0 [pid 1047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1047] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1047] close(5) = 0 [pid 1047] close(6) = 0 [pid 1047] mkdir("./file0", 0777) = 0 [pid 1047] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1047] chdir("./file0") = 0 [pid 1047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1047] ioctl(6, LOOP_CLR_FD) = 0 [pid 1047] close(6) = 0 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1047] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1046] <... futex resumed>) = 0 [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] <... futex resumed>) = 0 [pid 1047] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] <... futex resumed>) = 0 [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1047] write(6, "#! ./file1\n", 11 [pid 1046] <... futex resumed>) = 0 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] <... write resumed>) = 11 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] <... futex resumed>) = 0 [pid 1047] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1047] <... futex resumed>) = 0 [pid 1046] <... futex resumed>) = 1 [pid 1047] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] <... mmap resumed>) = 0x200000000000 [pid 1047] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1046] <... futex resumed>) = 0 [pid 1046] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1047] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1046] <... futex resumed>) = ? [pid 1047] +++ killed by SIGBUS +++ [pid 1046] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1046, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 [ 46.046048][ T1048] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1047: bg 0: block 234: padding at end of block bitmap is not set umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1052 attached , child_tidptr=0x55557cd2c690) = 1052 [pid 1052] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1052] chdir("./118") = 0 [pid 1052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1052] setpgid(0, 0) = 0 [pid 1052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1052] write(3, "1000", 4) = 4 [pid 1052] close(3) = 0 [pid 1052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1052] write(1, "executing program\n", 18executing program ) = 18 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1052] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1053]}, 88) = 1053 [pid 1052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1053 attached [pid 1053] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1053] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1053] memfd_create("syzkaller", 0) = 5 [pid 1053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1053] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1053] munmap(0x7f676585d000, 138412032) = 0 [pid 1053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1053] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1053] close(5) = 0 [pid 1053] close(6) = 0 [pid 1053] mkdir("./file0", 0777) = 0 [pid 1053] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1053] chdir("./file0") = 0 [pid 1053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1053] ioctl(6, LOOP_CLR_FD) = 0 [pid 1053] close(6) = 0 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1053] write(6, "#! ./file1\n", 11 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] <... write resumed>) = 11 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1053] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1052] <... futex resumed>) = ? [pid 1053] +++ killed by SIGBUS +++ [pid 1052] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1052, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 [ 46.226750][ T1054] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1053: bg 0: block 234: padding at end of block bitmap is not set umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1058 ./strace-static-x86_64: Process 1058 attached [pid 1058] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1058] chdir("./119") = 0 [pid 1058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1058] setpgid(0, 0) = 0 [pid 1058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1058] write(3, "1000", 4) = 4 [pid 1058] close(3) = 0 [pid 1058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1058] write(1, "executing program\n", 18executing program ) = 18 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1058] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1059]}, 88) = 1059 ./strace-static-x86_64: Process 1059 attached [pid 1059] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1059] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1059] <... futex resumed>) = 0 [pid 1059] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1059] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1059] <... futex resumed>) = 0 [pid 1059] ioctl(3, VHOST_SET_OWNER [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] <... ioctl resumed>, 0) = 0 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1059] <... futex resumed>) = 0 [pid 1059] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1059] <... futex resumed>) = 0 [pid 1059] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1059] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1059] <... futex resumed>) = 0 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1059] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1059] <... futex resumed>) = 0 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1059] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1059] <... futex resumed>) = 0 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1059] ioctl(3, VHOST_SET_VRING_ADDR [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1059] <... ioctl resumed>, 0x200000000240) = 0 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... futex resumed>) = 0 [pid 1059] <... futex resumed>) = 0 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1059] ioctl(3, VHOST_SET_VRING_KICK [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] <... ioctl resumed>, 0x200000000000) = 0 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1059] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1059] <... ioctl resumed>, 0x200000000140) = 0 [pid 1058] <... futex resumed>) = 0 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] <... futex resumed>) = 0 [pid 1058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1059] memfd_create("syzkaller", 0 [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1059] <... memfd_create resumed>) = 5 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1059] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1059] munmap(0x7f676585d000, 138412032) = 0 [pid 1059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1059] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1059] close(5) = 0 [pid 1059] close(6) = 0 [pid 1059] mkdir("./file0", 0777) = 0 [pid 1059] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1059] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1059] chdir("./file0") = 0 [pid 1059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1059] ioctl(6, LOOP_CLR_FD) = 0 [pid 1059] close(6) = 0 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] write(6, "#! ./file1\n", 11) = 11 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1059] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1059] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1058] <... futex resumed>) = ? [pid 1059] +++ killed by SIGBUS +++ [pid 1058] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1058, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 [ 46.404051][ T1060] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1059: bg 0: block 234: padding at end of block bitmap is not set umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1064 ./strace-static-x86_64: Process 1064 attached [pid 1064] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1064] chdir("./120") = 0 [pid 1064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1064] setpgid(0, 0) = 0 [pid 1064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1064] write(3, "1000", 4) = 4 [pid 1064] close(3) = 0 [pid 1064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1064] write(1, "executing program\n", 18executing program ) = 18 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1064] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1065]}, 88) = 1065 [pid 1064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1065 attached [pid 1065] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1065] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1065] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1065] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1065] memfd_create("syzkaller", 0) = 5 [pid 1065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1065] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1065] munmap(0x7f676585d000, 138412032) = 0 [pid 1065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1065] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1065] close(5) = 0 [pid 1065] close(6) = 0 [pid 1065] mkdir("./file0", 0777) = 0 [pid 1065] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1065] chdir("./file0") = 0 [pid 1065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1065] ioctl(6, LOOP_CLR_FD) = 0 [pid 1065] close(6) = 0 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] write(6, "#! ./file1\n", 11) = 11 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1065] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1065] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] <... futex resumed>) = 0 [pid 1065] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1064] <... futex resumed>) = ? [pid 1065] +++ killed by SIGBUS +++ [pid 1064] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1064, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 [ 46.578843][ T1066] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1065: bg 0: block 234: padding at end of block bitmap is not set umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1070 attached , child_tidptr=0x55557cd2c690) = 1070 [pid 1070] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1070] chdir("./121") = 0 [pid 1070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1070] setpgid(0, 0) = 0 [pid 1070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1070] write(3, "1000", 4) = 4 [pid 1070] close(3) = 0 [pid 1070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1070] write(1, "executing program\n", 18executing program ) = 18 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1070] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1071]}, 88) = 1071 [pid 1070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1071 attached [pid 1071] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1071] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1071] memfd_create("syzkaller", 0) = 5 [pid 1071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1071] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1071] munmap(0x7f676585d000, 138412032) = 0 [pid 1071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1071] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1071] close(5) = 0 [pid 1071] close(6) = 0 [pid 1071] mkdir("./file0", 0777) = 0 [pid 1071] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1071] chdir("./file0") = 0 [pid 1071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1071] ioctl(6, LOOP_CLR_FD) = 0 [pid 1071] close(6) = 0 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1071] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] <... openat resumed>) = 6 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1071] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1071] write(6, "#! ./file1\n", 11) = 11 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] <... futex resumed>) = 0 [pid 1071] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] <... mmap resumed>) = 0x200000000000 [pid 1071] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1071] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1070] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] <... futex resumed>) = 0 [pid 1071] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1070] <... futex resumed>) = ? [pid 1071] +++ killed by SIGBUS +++ [pid 1070] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1070, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 [ 46.737994][ T1072] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1071: bg 0: block 234: padding at end of block bitmap is not set umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1076 ./strace-static-x86_64: Process 1076 attached [pid 1076] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1076] chdir("./122") = 0 [pid 1076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1076] setpgid(0, 0) = 0 [pid 1076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1076] write(3, "1000", 4) = 4 [pid 1076] close(3) = 0 [pid 1076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1076] write(1, "executing program\n", 18executing program ) = 18 [pid 1076] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1076] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1077 attached => {parent_tid=[1077]}, 88) = 1077 [pid 1077] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1077] <... futex resumed>) = 0 [pid 1077] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1077] <... futex resumed>) = 0 [pid 1077] ioctl(3, VHOST_SET_OWNER [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1077] <... ioctl resumed>, 0) = 0 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1077] <... futex resumed>) = 0 [pid 1077] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1077] <... futex resumed>) = 0 [pid 1077] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1077] <... futex resumed>) = 0 [pid 1077] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1077] <... futex resumed>) = 0 [pid 1077] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1077] <... futex resumed>) = 0 [pid 1077] ioctl(3, VHOST_SET_VRING_ADDR [pid 1076] <... futex resumed>) = 1 [pid 1077] <... ioctl resumed>, 0x200000000240) = 0 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1077] <... futex resumed>) = 0 [pid 1076] <... futex resumed>) = 1 [pid 1077] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1077] <... futex resumed>) = 0 [pid 1076] <... futex resumed>) = 1 [pid 1077] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1077] <... futex resumed>) = 0 [pid 1076] <... futex resumed>) = 1 [pid 1077] memfd_create("syzkaller", 0) = 5 [pid 1077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1077] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1077] <... write resumed>) = 1048576 [pid 1077] munmap(0x7f676585d000, 138412032) = 0 [pid 1077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1077] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1077] close(5) = 0 [pid 1077] close(6) = 0 [pid 1077] mkdir("./file0", 0777) = 0 [pid 1077] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1077] chdir("./file0") = 0 [pid 1077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1077] ioctl(6, LOOP_CLR_FD) = 0 [pid 1077] close(6) = 0 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1076] <... futex resumed>) = 0 [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1077] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1076] <... futex resumed>) = 0 [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1077] write(6, "#! ./file1\n", 11) = 11 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1076] <... futex resumed>) = 0 [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1077] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1077] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1076] <... futex resumed>) = 0 [pid 1076] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1077] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1076] <... futex resumed>) = ? [pid 1077] +++ killed by SIGBUS +++ [pid 1076] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1076, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 [ 46.887548][ T1078] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1077: bg 0: block 234: padding at end of block bitmap is not set umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1082 attached , child_tidptr=0x55557cd2c690) = 1082 [pid 1082] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1082] chdir("./123") = 0 [pid 1082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1082] setpgid(0, 0) = 0 [pid 1082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1082] write(3, "1000", 4) = 4 [pid 1082] close(3) = 0 [pid 1082] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1082] write(1, "executing program\n", 18) = 18 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1082] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1083]}, 88) = 1083 [pid 1082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1083 attached [pid 1083] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1083] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1083] memfd_create("syzkaller", 0) = 5 [pid 1083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1083] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1083] munmap(0x7f676585d000, 138412032) = 0 [pid 1083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1083] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1083] close(5) = 0 [pid 1083] close(6) = 0 [pid 1083] mkdir("./file0", 0777) = 0 [pid 1083] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1083] chdir("./file0") = 0 [pid 1083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1083] ioctl(6, LOOP_CLR_FD) = 0 [pid 1083] close(6) = 0 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] <... openat resumed>) = 6 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] write(6, "#! ./file1\n", 11) = 11 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1083] <... futex resumed>) = 1 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1083] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1082] <... futex resumed>) = ? [pid 1083] +++ killed by SIGBUS +++ [pid 1082] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1082, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 [ 47.048424][ T1084] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1083: bg 0: block 234: padding at end of block bitmap is not set umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1088 ./strace-static-x86_64: Process 1088 attached [pid 1088] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1088] chdir("./124") = 0 [pid 1088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1088] setpgid(0, 0) = 0 [pid 1088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1088] write(3, "1000", 4) = 4 [pid 1088] close(3) = 0 [pid 1088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1088] write(1, "executing program\n", 18executing program ) = 18 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1088] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1089]}, 88) = 1089 [pid 1088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 1089 attached [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1089] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1089] memfd_create("syzkaller", 0 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1089] <... memfd_create resumed>) = 5 [pid 1089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1089] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1089] munmap(0x7f676585d000, 138412032) = 0 [pid 1089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1089] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1089] close(5) = 0 [pid 1089] close(6) = 0 [pid 1089] mkdir("./file0", 0777) = 0 [pid 1089] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1089] chdir("./file0") = 0 [pid 1089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1089] ioctl(6, LOOP_CLR_FD) = 0 [pid 1089] close(6) = 0 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] write(6, "#! ./file1\n", 11) = 11 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1089] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1089] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] <... futex resumed>) = 0 [pid 1089] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1088] <... futex resumed>) = ? [pid 1089] +++ killed by SIGBUS +++ [pid 1088] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1088, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 [ 47.267421][ T1090] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1089: bg 0: block 234: padding at end of block bitmap is not set umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1094 ./strace-static-x86_64: Process 1094 attached [pid 1094] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1094] chdir("./125") = 0 [pid 1094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1094] setpgid(0, 0) = 0 [pid 1094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1094] write(3, "1000", 4) = 4 [pid 1094] close(3) = 0 [pid 1094] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1094] write(1, "executing program\n", 18) = 18 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1094] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1095]}, 88) = 1095 [pid 1094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1095 attached [pid 1095] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1095] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1095] memfd_create("syzkaller", 0) = 5 [pid 1095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1095] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1095] munmap(0x7f676585d000, 138412032) = 0 [pid 1095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1095] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1095] close(5) = 0 [pid 1095] close(6) = 0 [pid 1095] mkdir("./file0", 0777) = 0 [pid 1095] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1095] chdir("./file0") = 0 [pid 1095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1095] ioctl(6, LOOP_CLR_FD) = 0 [pid 1095] close(6) = 0 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1095] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] <... openat resumed>) = 6 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] write(6, "#! ./file1\n", 11) = 11 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1095] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1094] <... futex resumed>) = 0 [pid 1094] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1094] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1094] <... futex resumed>) = ? [pid 1095] +++ killed by SIGBUS +++ [pid 1094] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1094, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 [ 47.417998][ T1096] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1095: bg 0: block 234: padding at end of block bitmap is not set umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1100 ./strace-static-x86_64: Process 1100 attached [pid 1100] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1100] chdir("./126") = 0 [pid 1100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1100] setpgid(0, 0) = 0 [pid 1100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1100] write(3, "1000", 4) = 4 [pid 1100] close(3) = 0 [pid 1100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1100] write(1, "executing program\n", 18executing program ) = 18 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1100] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1100] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1101 attached => {parent_tid=[1101]}, 88) = 1101 [pid 1101] set_robust_list(0x7f676dc7d9a0, 24 [pid 1100] rt_sigprocmask(SIG_SETMASK, [], [pid 1101] <... set_robust_list resumed>) = 0 [pid 1101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1101] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1101] <... futex resumed>) = 0 [pid 1101] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] <... futex resumed>) = 0 [pid 1100] <... futex resumed>) = 1 [pid 1101] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] <... futex resumed>) = 0 [pid 1101] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1101] <... futex resumed>) = 0 [pid 1101] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1101] <... futex resumed>) = 0 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1100] <... futex resumed>) = 0 [pid 1101] eventfd2(118, EFD_SEMAPHORE [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] <... eventfd2 resumed>) = 4 [pid 1100] <... futex resumed>) = 0 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] <... futex resumed>) = 0 [pid 1100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1101] ioctl(3, VHOST_SET_VRING_ERR [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1100] <... futex resumed>) = 0 [pid 1101] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1101] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1101] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1100] <... futex resumed>) = 0 [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1101] <... futex resumed>) = 0 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1100] <... futex resumed>) = 0 [pid 1101] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] <... ioctl resumed>, 0x200000000140) = 0 [pid 1100] <... futex resumed>) = 0 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] <... futex resumed>) = 0 [pid 1101] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] <... futex resumed>) = 0 [pid 1100] <... futex resumed>) = 1 [pid 1101] memfd_create("syzkaller", 0 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1101] <... memfd_create resumed>) = 5 [pid 1101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1101] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1101] munmap(0x7f676585d000, 138412032) = 0 [pid 1101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1101] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1101] close(5) = 0 [pid 1101] close(6) = 0 [pid 1101] mkdir("./file0", 0777) = 0 [pid 1101] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1101] chdir("./file0") = 0 [pid 1101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1101] ioctl(6, LOOP_CLR_FD) = 0 [pid 1101] close(6) = 0 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1100] <... futex resumed>) = 0 [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1100] <... futex resumed>) = 0 [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] <... futex resumed>) = 1 [pid 1101] write(6, "#! ./file1\n", 11) = 11 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1100] <... futex resumed>) = 0 [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] <... futex resumed>) = 1 [pid 1101] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1101] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1100] <... futex resumed>) = 0 [pid 1100] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1100] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] <... futex resumed>) = 1 [pid 1101] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1100] <... futex resumed>) = ? [pid 1101] +++ killed by SIGBUS +++ [pid 1100] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1100, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 [ 47.606196][ T1102] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1101: bg 0: block 234: padding at end of block bitmap is not set umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1106 ./strace-static-x86_64: Process 1106 attached [pid 1106] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1106] chdir("./127") = 0 [pid 1106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1106] setpgid(0, 0) = 0 [pid 1106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1106] write(3, "1000", 4) = 4 [pid 1106] close(3) = 0 [pid 1106] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1106] write(1, "executing program\n", 18) = 18 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1106] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1107 attached [pid 1107] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1106] <... clone3 resumed> => {parent_tid=[1107]}, 88) = 1107 [pid 1107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1107] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1107] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1107] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1107] ioctl(3, VHOST_SET_VRING_ADDR [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] <... ioctl resumed>, 0x200000000240) = 0 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1107] <... futex resumed>) = 0 [pid 1107] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1106] <... futex resumed>) = 0 [pid 1107] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] <... futex resumed>) = 0 [pid 1107] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] memfd_create("syzkaller", 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1107] <... memfd_create resumed>) = 5 [pid 1107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1107] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1107] munmap(0x7f676585d000, 138412032) = 0 [pid 1107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1107] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1107] close(5) = 0 [pid 1107] close(6) = 0 [pid 1107] mkdir("./file0", 0777) = 0 [pid 1107] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1107] chdir("./file0") = 0 [pid 1107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1107] ioctl(6, LOOP_CLR_FD) = 0 [pid 1107] close(6) = 0 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] <... openat resumed>) = 6 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1107] write(6, "#! ./file1\n", 11 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] <... write resumed>) = 11 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1107] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1106] <... futex resumed>) = 0 [pid 1106] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1106] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1107] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1106] <... futex resumed>) = ? [pid 1107] +++ killed by SIGBUS +++ [pid 1106] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1106, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 [ 47.767034][ T1108] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1107: bg 0: block 234: padding at end of block bitmap is not set umount2("./127/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1112 ./strace-static-x86_64: Process 1112 attached [pid 1112] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1112] chdir("./128") = 0 [pid 1112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1112] setpgid(0, 0) = 0 [pid 1112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1112] write(3, "1000", 4) = 4 [pid 1112] close(3) = 0 [pid 1112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1112] write(1, "executing program\n", 18executing program ) = 18 [pid 1112] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1112] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1112] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1113 attached => {parent_tid=[1113]}, 88) = 1113 [pid 1113] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1113] <... futex resumed>) = 0 [pid 1113] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1113] <... futex resumed>) = 0 [pid 1113] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1113] <... futex resumed>) = 0 [pid 1113] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1113] <... futex resumed>) = 0 [pid 1113] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1113] <... futex resumed>) = 0 [pid 1113] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1113] <... futex resumed>) = 0 [pid 1113] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1113] <... futex resumed>) = 0 [pid 1112] <... futex resumed>) = 1 [pid 1113] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1113] <... futex resumed>) = 0 [pid 1112] <... futex resumed>) = 1 [pid 1113] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1113] <... futex resumed>) = 0 [pid 1112] <... futex resumed>) = 1 [pid 1113] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1113] <... futex resumed>) = 0 [pid 1112] <... futex resumed>) = 1 [pid 1113] memfd_create("syzkaller", 0 [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1113] <... memfd_create resumed>) = 5 [pid 1113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1113] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1113] munmap(0x7f676585d000, 138412032) = 0 [pid 1113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1113] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1113] close(5) = 0 [pid 1113] close(6) = 0 [pid 1113] mkdir("./file0", 0777) = 0 [pid 1113] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1113] chdir("./file0") = 0 [pid 1113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1113] ioctl(6, LOOP_CLR_FD) = 0 [pid 1113] close(6) = 0 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1112] <... futex resumed>) = 0 [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1112] <... futex resumed>) = 0 [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] write(6, "#! ./file1\n", 11) = 11 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1112] <... futex resumed>) = 0 [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1113] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1112] <... futex resumed>) = 0 [pid 1112] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1112] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1112] <... futex resumed>) = ? [pid 1113] +++ killed by SIGBUS +++ [pid 1112] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1112, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 [ 47.957915][ T1114] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1113: bg 0: block 234: padding at end of block bitmap is not set umount2("./128/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1118 ./strace-static-x86_64: Process 1118 attached [pid 1118] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1118] chdir("./129") = 0 [pid 1118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1118] setpgid(0, 0) = 0 [pid 1118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1118] write(3, "1000", 4) = 4 [pid 1118] close(3) = 0 [pid 1118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1118] write(1, "executing program\n", 18executing program ) = 18 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1118] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1119 attached [pid 1119] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1118] <... clone3 resumed> => {parent_tid=[1119]}, 88) = 1119 [pid 1119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1119] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1119] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1119] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] ioctl(3, VHOST_SET_OWNER [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] <... ioctl resumed>, 0) = 0 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1119] eventfd2(118, EFD_SEMAPHORE [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] <... eventfd2 resumed>) = 4 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] ioctl(3, VHOST_SET_VRING_ADDR [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] <... ioctl resumed>, 0x200000000240) = 0 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1119] memfd_create("syzkaller", 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1119] <... memfd_create resumed>) = 5 [pid 1119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1119] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1119] munmap(0x7f676585d000, 138412032) = 0 [pid 1119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1119] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1119] close(5) = 0 [pid 1119] close(6) = 0 [pid 1119] mkdir("./file0", 0777) = 0 [pid 1119] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1119] chdir("./file0") = 0 [pid 1119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1119] ioctl(6, LOOP_CLR_FD) = 0 [pid 1119] close(6) = 0 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1119] write(6, "#! ./file1\n", 11 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] <... write resumed>) = 11 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1119] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1119] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1118] <... futex resumed>) = 0 [pid 1118] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1118] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] <... futex resumed>) = 0 [pid 1119] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1118] <... futex resumed>) = ? [pid 1119] +++ killed by SIGBUS +++ [pid 1118] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1118, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 [ 48.108854][ T1120] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1119: bg 0: block 234: padding at end of block bitmap is not set umount2("./129/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1124 ./strace-static-x86_64: Process 1124 attached [pid 1124] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1124] chdir("./130") = 0 [pid 1124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1124] setpgid(0, 0) = 0 [pid 1124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1124] write(3, "1000", 4) = 4 [pid 1124] close(3) = 0 [pid 1124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1124] write(1, "executing program\n", 18executing program ) = 18 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1124] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1125]}, 88) = 1125 [pid 1124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1125 attached [pid 1125] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1125] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1125] memfd_create("syzkaller", 0) = 5 [pid 1125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1125] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1125] munmap(0x7f676585d000, 138412032) = 0 [pid 1125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1125] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1125] close(5) = 0 [pid 1125] close(6) = 0 [pid 1125] mkdir("./file0", 0777) = 0 [pid 1125] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1125] chdir("./file0") = 0 [pid 1125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1125] ioctl(6, LOOP_CLR_FD) = 0 [pid 1125] close(6) = 0 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] write(6, "#! ./file1\n", 11) = 11 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1125] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] <... futex resumed>) = 0 [pid 1125] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1125] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1125] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1124] <... futex resumed>) = 0 [pid 1124] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1125] <... futex resumed>) = 0 [pid 1125] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1124] <... futex resumed>) = ? [pid 1125] +++ killed by SIGBUS +++ [pid 1124] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1124, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 [ 48.317191][ T1126] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1125: bg 0: block 234: padding at end of block bitmap is not set umount2("./130/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1130 ./strace-static-x86_64: Process 1130 attached [pid 1130] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1130] chdir("./131") = 0 [pid 1130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1130] setpgid(0, 0) = 0 [pid 1130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1130] write(3, "1000", 4) = 4 [pid 1130] close(3) = 0 [pid 1130] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1130] write(1, "executing program\n", 18) = 18 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1130] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1130] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1130] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1131 attached [pid 1131] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1131] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1130] <... clone3 resumed> => {parent_tid=[1131]}, 88) = 1131 [pid 1130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1131] <... futex resumed>) = 0 [pid 1130] <... futex resumed>) = 1 [pid 1131] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1131] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1131] <... futex resumed>) = 0 [pid 1130] <... futex resumed>) = 1 [pid 1131] ioctl(3, VHOST_SET_OWNER [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] <... ioctl resumed>, 0) = 0 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1131] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1131] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1131] memfd_create("syzkaller", 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1131] <... memfd_create resumed>) = 5 [pid 1131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1131] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1131] munmap(0x7f676585d000, 138412032) = 0 [pid 1131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1131] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1131] close(5) = 0 [pid 1131] close(6) = 0 [pid 1131] mkdir("./file0", 0777) = 0 [pid 1131] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1131] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1131] chdir("./file0") = 0 [pid 1131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1131] ioctl(6, LOOP_CLR_FD) = 0 [pid 1131] close(6) = 0 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] write(6, "#! ./file1\n", 11) = 11 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1131] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1131] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1131] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1130] <... futex resumed>) = 0 [pid 1131] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1130] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1130] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1131] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1130] <... futex resumed>) = ? [pid 1131] +++ killed by SIGBUS +++ [pid 1130] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1130, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 [ 48.517371][ T1132] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1131: bg 0: block 234: padding at end of block bitmap is not set umount2("./131/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1136 attached , child_tidptr=0x55557cd2c690) = 1136 [pid 1136] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1136] chdir("./132") = 0 [pid 1136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1136] setpgid(0, 0) = 0 [pid 1136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1136] write(3, "1000", 4) = 4 [pid 1136] close(3) = 0 [pid 1136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1136] write(1, "executing program\n", 18executing program ) = 18 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1136] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1137]}, 88) = 1137 [pid 1136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1137 attached [pid 1137] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1137] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1137] memfd_create("syzkaller", 0) = 5 [pid 1137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1137] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1137] munmap(0x7f676585d000, 138412032) = 0 [pid 1137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1137] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1137] close(5) = 0 [pid 1137] close(6) = 0 [pid 1137] mkdir("./file0", 0777) = 0 [pid 1137] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1137] chdir("./file0") = 0 [pid 1137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1137] ioctl(6, LOOP_CLR_FD) = 0 [pid 1137] close(6) = 0 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1137] write(6, "#! ./file1\n", 11 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] <... write resumed>) = 11 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1137] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1137] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1136] <... futex resumed>) = 0 [pid 1136] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1137] <... futex resumed>) = 0 [pid 1137] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1136] <... futex resumed>) = ? [pid 1137] +++ killed by SIGBUS +++ [pid 1136] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1136, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 48.698011][ T1138] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1137: bg 0: block 234: padding at end of block bitmap is not set umount2("./132/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1142 attached , child_tidptr=0x55557cd2c690) = 1142 [pid 1142] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1142] chdir("./133") = 0 [pid 1142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1142] setpgid(0, 0) = 0 [pid 1142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1142] write(3, "1000", 4) = 4 [pid 1142] close(3) = 0 [pid 1142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1142] write(1, "executing program\n", 18executing program ) = 18 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1142] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1143]}, 88) = 1143 [pid 1142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1143 attached [pid 1143] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1143] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1143] memfd_create("syzkaller", 0) = 5 [pid 1143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1143] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1143] munmap(0x7f676585d000, 138412032) = 0 [pid 1143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1143] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1143] close(5) = 0 [pid 1143] close(6) = 0 [pid 1143] mkdir("./file0", 0777) = 0 [pid 1143] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1143] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1143] chdir("./file0") = 0 [pid 1143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1143] ioctl(6, LOOP_CLR_FD) = 0 [pid 1143] close(6) = 0 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1143] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] <... openat resumed>) = 6 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] write(6, "#! ./file1\n", 11) = 11 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1143] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1142] <... futex resumed>) = 0 [pid 1142] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1142] <... futex resumed>) = ? [pid 1143] +++ killed by SIGBUS +++ [pid 1142] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1142, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 [ 48.828429][ T1144] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1143: bg 0: block 234: padding at end of block bitmap is not set umount2("./133/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1148 attached [pid 1148] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 1148 [pid 1148] chdir("./134") = 0 [pid 1148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1148] setpgid(0, 0) = 0 [pid 1148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1148] write(3, "1000", 4) = 4 [pid 1148] close(3) = 0 [pid 1148] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1148] write(1, "executing program\n", 18) = 18 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1148] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1149 attached => {parent_tid=[1149]}, 88) = 1149 [pid 1149] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1149] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1149] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1149] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1149] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1149] memfd_create("syzkaller", 0) = 5 [pid 1149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1149] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1149] munmap(0x7f676585d000, 138412032) = 0 [pid 1149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1149] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1149] close(5) = 0 [pid 1149] close(6) = 0 [pid 1149] mkdir("./file0", 0777) = 0 [pid 1149] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1149] chdir("./file0") = 0 [pid 1149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1149] ioctl(6, LOOP_CLR_FD) = 0 [pid 1149] close(6) = 0 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] <... futex resumed>) = 1 [pid 1149] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] <... futex resumed>) = 1 [pid 1149] write(6, "#! ./file1\n", 11) = 11 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] <... futex resumed>) = 1 [pid 1149] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1149] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] <... futex resumed>) = 0 [pid 1148] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] <... futex resumed>) = 1 [pid 1149] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1148] <... futex resumed>) = ? [pid 1149] +++ killed by SIGBUS +++ [pid 1148] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1148, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 [ 48.990148][ T1149] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set umount2("./134/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1154 ./strace-static-x86_64: Process 1154 attached [pid 1154] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1154] chdir("./135") = 0 [pid 1154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1154] setpgid(0, 0) = 0 [pid 1154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1154] write(3, "1000", 4) = 4 [pid 1154] close(3) = 0 [pid 1154] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1154] write(1, "executing program\n", 18) = 18 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1154] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1155]}, 88) = 1155 [pid 1154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1155 attached [pid 1155] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1155] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1155] memfd_create("syzkaller", 0) = 5 [pid 1155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1155] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1155] munmap(0x7f676585d000, 138412032) = 0 [pid 1155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1155] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1155] close(5) = 0 [pid 1155] close(6) = 0 [pid 1155] mkdir("./file0", 0777) = 0 [pid 1155] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1155] chdir("./file0") = 0 [pid 1155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1155] ioctl(6, LOOP_CLR_FD) = 0 [pid 1155] close(6) = 0 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] write(6, "#! ./file1\n", 11) = 11 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1155] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1154] <... futex resumed>) = 0 [pid 1154] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1154] <... futex resumed>) = ? [pid 1155] +++ killed by SIGBUS +++ [pid 1154] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1154, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 [ 49.276769][ T1155] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set umount2("./135/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1160 attached [pid 1160] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1160] chdir("./136" [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 1160 [pid 1160] <... chdir resumed>) = 0 [pid 1160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1160] setpgid(0, 0) = 0 [pid 1160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1160] write(3, "1000", 4) = 4 [pid 1160] close(3) = 0 [pid 1160] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1160] write(1, "executing program\n", 18) = 18 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1160] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1160] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1160] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1160] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1161 attached [pid 1161] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1161] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1160] <... clone3 resumed> => {parent_tid=[1161]}, 88) = 1161 [pid 1160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1161] <... futex resumed>) = 0 [pid 1160] <... futex resumed>) = 1 [pid 1161] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1161] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1161] <... futex resumed>) = 0 [pid 1160] <... futex resumed>) = 1 [pid 1161] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1161] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1161] <... futex resumed>) = 0 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1160] <... futex resumed>) = 0 [pid 1161] ioctl(3, VHOST_SET_MEM_TABLE [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] <... ioctl resumed>, 0x200000003380) = 0 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1160] <... futex resumed>) = 0 [pid 1161] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1161] <... futex resumed>) = 0 [pid 1160] <... futex resumed>) = 1 [pid 1161] eventfd2(118, EFD_SEMAPHORE [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] <... eventfd2 resumed>) = 4 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1161] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1160] <... futex resumed>) = 0 [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1161] <... futex resumed>) = 0 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1160] <... futex resumed>) = 0 [pid 1161] ioctl(3, VHOST_SET_VRING_ADDR [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1161] <... ioctl resumed>, 0x200000000240) = 0 [pid 1160] <... futex resumed>) = 0 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1161] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1161] <... futex resumed>) = 0 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1160] <... futex resumed>) = 0 [pid 1161] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1161] <... ioctl resumed>, 0x200000000140) = 0 [pid 1160] <... futex resumed>) = 0 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] <... futex resumed>) = 0 [pid 1160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1161] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1160] <... futex resumed>) = 0 [pid 1161] memfd_create("syzkaller", 0 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1161] <... memfd_create resumed>) = 5 [pid 1161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1161] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1161] munmap(0x7f676585d000, 138412032) = 0 [pid 1161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1161] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1161] close(5) = 0 [pid 1161] close(6) = 0 [pid 1161] mkdir("./file0", 0777) = 0 [pid 1161] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1161] chdir("./file0") = 0 [pid 1161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1161] ioctl(6, LOOP_CLR_FD) = 0 [pid 1161] close(6) = 0 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1160] <... futex resumed>) = 0 [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1160] <... futex resumed>) = 0 [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] write(6, "#! ./file1\n", 11) = 11 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1160] <... futex resumed>) = 0 [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1161] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1160] <... futex resumed>) = 0 [pid 1160] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1160] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1160] <... futex resumed>) = ? [pid 1161] +++ killed by SIGBUS +++ [pid 1160] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1160, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 [ 49.424446][ T1162] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1161: bg 0: block 234: padding at end of block bitmap is not set umount2("./136/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1166 ./strace-static-x86_64: Process 1166 attached [pid 1166] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1166] chdir("./137") = 0 [pid 1166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1166] setpgid(0, 0) = 0 [pid 1166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1166] write(3, "1000", 4) = 4 [pid 1166] close(3) = 0 [pid 1166] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1166] write(1, "executing program\n", 18) = 18 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1166] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1166] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1166] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1166] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1167]}, 88) = 1167 [pid 1166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1167 attached [pid 1167] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1167] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1167] memfd_create("syzkaller", 0) = 5 [pid 1167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1167] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1167] munmap(0x7f676585d000, 138412032) = 0 [pid 1167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1167] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1167] close(5) = 0 [pid 1167] close(6) = 0 [pid 1167] mkdir("./file0", 0777) = 0 [pid 1167] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1167] chdir("./file0") = 0 [pid 1167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1167] ioctl(6, LOOP_CLR_FD) = 0 [pid 1167] close(6) = 0 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1167] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] <... openat resumed>) = 6 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1167] write(6, "#! ./file1\n", 11 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] <... write resumed>) = 11 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1167] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1167] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1167] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1166] <... futex resumed>) = 0 [pid 1166] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1166] <... futex resumed>) = ? [pid 1167] +++ killed by SIGBUS +++ [pid 1166] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1166, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 [ 49.613445][ T1168] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1167: bg 0: block 234: padding at end of block bitmap is not set umount2("./137/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1172 ./strace-static-x86_64: Process 1172 attached [pid 1172] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1172] chdir("./138") = 0 [pid 1172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1172] setpgid(0, 0) = 0 [pid 1172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1172] write(3, "1000", 4) = 4 [pid 1172] close(3) = 0 [pid 1172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1172] write(1, "executing program\n", 18executing program ) = 18 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1172] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1172] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1173]}, 88) = 1173 [pid 1172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1173 attached [pid 1173] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1173] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1173] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1173] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1173] eventfd2(118, EFD_SEMAPHORE [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] <... eventfd2 resumed>) = 4 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1173] memfd_create("syzkaller", 0) = 5 [pid 1173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1173] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1173] munmap(0x7f676585d000, 138412032) = 0 [pid 1173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1173] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1173] close(5) = 0 [pid 1173] close(6) = 0 [pid 1173] mkdir("./file0", 0777) = 0 [pid 1173] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1173] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1173] chdir("./file0") = 0 [pid 1173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1173] ioctl(6, LOOP_CLR_FD) = 0 [pid 1173] close(6) = 0 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1173] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] <... openat resumed>) = 6 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] write(6, "#! ./file1\n", 11) = 11 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1173] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1173] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1173] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1172] <... futex resumed>) = 0 [pid 1172] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1172] <... futex resumed>) = ? [pid 1173] +++ killed by SIGBUS +++ [pid 1172] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1172, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 [ 49.811872][ T1174] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1173: bg 0: block 234: padding at end of block bitmap is not set umount2("./138/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1178 attached , child_tidptr=0x55557cd2c690) = 1178 [pid 1178] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1178] chdir("./139") = 0 [pid 1178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1178] setpgid(0, 0) = 0 [pid 1178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1178] write(3, "1000", 4) = 4 [pid 1178] close(3) = 0 [pid 1178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1178] write(1, "executing program\n", 18executing program ) = 18 [pid 1178] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1178] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1178] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1178] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1179 attached [pid 1179] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] <... clone3 resumed> => {parent_tid=[1179]}, 88) = 1179 [pid 1178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1179] <... futex resumed>) = 0 [pid 1179] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1179] <... futex resumed>) = 0 [pid 1179] ioctl(3, VHOST_SET_OWNER [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1179] <... ioctl resumed>, 0) = 0 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1179] <... futex resumed>) = 0 [pid 1179] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1179] <... futex resumed>) = 0 [pid 1179] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1179] <... futex resumed>) = 0 [pid 1179] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1179] <... futex resumed>) = 0 [pid 1179] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1179] <... futex resumed>) = 0 [pid 1179] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1179] <... futex resumed>) = 0 [pid 1178] <... futex resumed>) = 1 [pid 1179] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1179] <... futex resumed>) = 0 [pid 1178] <... futex resumed>) = 1 [pid 1179] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1179] <... futex resumed>) = 0 [pid 1178] <... futex resumed>) = 1 [pid 1179] memfd_create("syzkaller", 0) = 5 [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1179] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1179] munmap(0x7f676585d000, 138412032) = 0 [pid 1179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1179] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1179] close(5) = 0 [pid 1179] close(6) = 0 [pid 1179] mkdir("./file0", 0777) = 0 [pid 1179] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1179] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1179] chdir("./file0") = 0 [pid 1179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1179] ioctl(6, LOOP_CLR_FD) = 0 [pid 1179] close(6) = 0 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1178] <... futex resumed>) = 0 [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1179] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1179] <... openat resumed>) = 6 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1178] <... futex resumed>) = 0 [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1179] write(6, "#! ./file1\n", 11 [pid 1178] <... futex resumed>) = 0 [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1179] <... write resumed>) = 11 [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1178] <... futex resumed>) = 0 [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1179] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1178] <... futex resumed>) = 0 [pid 1179] <... mmap resumed>) = 0x200000000000 [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1179] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1179] <... futex resumed>) = 0 [pid 1178] <... futex resumed>) = 0 [pid 1178] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1179] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1178] <... futex resumed>) = ? [pid 1179] +++ killed by SIGBUS +++ [pid 1178] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1178, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 [ 50.028586][ T1180] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1179: bg 0: block 234: padding at end of block bitmap is not set umount2("./139/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0"executing program ) = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1184 ./strace-static-x86_64: Process 1184 attached [pid 1184] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1184] chdir("./140") = 0 [pid 1184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1184] setpgid(0, 0) = 0 [pid 1184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1184] write(3, "1000", 4) = 4 [pid 1184] close(3) = 0 [pid 1184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1184] write(1, "executing program\n", 18) = 18 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1184] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1184] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1185]}, 88) = 1185 [pid 1184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1185 attached [pid 1185] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1185] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1185] ioctl(3, VHOST_SET_VRING_ADDR [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] <... ioctl resumed>, 0x200000000300) = 0 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1185] ioctl(3, VHOST_SET_MEM_TABLE [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] <... ioctl resumed>, 0x200000003380) = 0 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1185] eventfd2(118, EFD_SEMAPHORE [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] <... eventfd2 resumed>) = 4 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1185] memfd_create("syzkaller", 0) = 5 [pid 1185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1185] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1185] munmap(0x7f676585d000, 138412032) = 0 [pid 1185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1185] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1185] close(5) = 0 [pid 1185] close(6) = 0 [pid 1185] mkdir("./file0", 0777) = 0 [pid 1185] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1185] chdir("./file0") = 0 [pid 1185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1185] ioctl(6, LOOP_CLR_FD) = 0 [pid 1185] close(6) = 0 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1185] write(6, "#! ./file1\n", 11 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] <... write resumed>) = 11 [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1185] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1185] <... mmap resumed>) = 0x200000000000 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1185] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1184] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] <... futex resumed>) = 0 [pid 1185] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1184] <... futex resumed>) = ? [pid 1185] +++ killed by SIGBUS +++ [pid 1184] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1184, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 [ 50.176246][ T1186] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1185: bg 0: block 234: padding at end of block bitmap is not set umount2("./140/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1190 attached , child_tidptr=0x55557cd2c690) = 1190 [pid 1190] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1190] chdir("./141") = 0 [pid 1190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1190] setpgid(0, 0) = 0 [pid 1190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1190] write(3, "1000", 4) = 4 [pid 1190] close(3) = 0 [pid 1190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1190] write(1, "executing program\n", 18executing program ) = 18 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1190] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1190] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1191]}, 88) = 1191 [pid 1190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1191 attached [pid 1191] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1191] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] ioctl(3, VHOST_SET_VRING_ADDR [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] <... ioctl resumed>, 0x200000000300) = 0 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] ioctl(3, VHOST_SET_MEM_TABLE [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] <... ioctl resumed>, 0x200000003380) = 0 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] memfd_create("syzkaller", 0 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1191] <... memfd_create resumed>) = 5 [pid 1191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1191] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1191] munmap(0x7f676585d000, 138412032) = 0 [pid 1191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1191] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1191] close(5) = 0 [pid 1191] close(6) = 0 [pid 1191] mkdir("./file0", 0777) = 0 [pid 1191] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1191] chdir("./file0") = 0 [pid 1191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1191] ioctl(6, LOOP_CLR_FD) = 0 [pid 1191] close(6) = 0 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] write(6, "#! ./file1\n", 11) = 11 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1191] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1191] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1191] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1191] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1190] <... futex resumed>) = ? [pid 1191] +++ killed by SIGBUS +++ [pid 1190] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1190, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 [ 50.337763][ T1192] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1191: bg 0: block 234: padding at end of block bitmap is not set umount2("./141/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1196 ./strace-static-x86_64: Process 1196 attached [pid 1196] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1196] chdir("./142") = 0 [pid 1196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1196] setpgid(0, 0) = 0 [pid 1196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1196] write(3, "1000", 4) = 4 [pid 1196] close(3) = 0 [pid 1196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1196] write(1, "executing program\n", 18executing program ) = 18 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1196] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1196] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1197]}, 88) = 1197 [pid 1196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1197 attached [pid 1197] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1197] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1197] memfd_create("syzkaller", 0) = 5 [pid 1197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1197] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1197] munmap(0x7f676585d000, 138412032) = 0 [pid 1197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1197] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1197] close(5) = 0 [pid 1197] close(6) = 0 [pid 1197] mkdir("./file0", 0777) = 0 [pid 1197] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1197] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1197] chdir("./file0") = 0 [pid 1197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1197] ioctl(6, LOOP_CLR_FD) = 0 [pid 1197] close(6) = 0 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1197] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] <... openat resumed>) = 6 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1197] write(6, "#! ./file1\n", 11 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] <... write resumed>) = 11 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1197] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1197] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1197] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1197] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1196] <... futex resumed>) = ? [pid 1197] +++ killed by SIGBUS +++ [pid 1196] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1196, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 [ 50.484305][ T1198] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1197: bg 0: block 234: padding at end of block bitmap is not set umount2("./142/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1202 ./strace-static-x86_64: Process 1202 attached [pid 1202] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1202] chdir("./143") = 0 [pid 1202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1202] setpgid(0, 0) = 0 [pid 1202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1202] write(3, "1000", 4) = 4 [pid 1202] close(3) = 0 [pid 1202] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1202] write(1, "executing program\n", 18) = 18 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1202] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1202] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1203 attached [pid 1203] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1203] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1202] <... clone3 resumed> => {parent_tid=[1203]}, 88) = 1203 [pid 1202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1203] <... futex resumed>) = 0 [pid 1202] <... futex resumed>) = 1 [pid 1203] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1203] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1203] <... futex resumed>) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1203] ioctl(3, VHOST_SET_VRING_ADDR [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] <... ioctl resumed>, 0x200000000300) = 0 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1203] ioctl(3, VHOST_SET_VRING_ERR [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1203] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1203] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1203] memfd_create("syzkaller", 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1203] <... memfd_create resumed>) = 5 [pid 1203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1203] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1203] munmap(0x7f676585d000, 138412032) = 0 [pid 1203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1203] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1203] close(5) = 0 [pid 1203] close(6) = 0 [pid 1203] mkdir("./file0", 0777) = 0 [pid 1203] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1203] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1203] chdir("./file0") = 0 [pid 1203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1203] ioctl(6, LOOP_CLR_FD) = 0 [pid 1203] close(6) = 0 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] write(6, "#! ./file1\n", 11) = 11 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] <... futex resumed>) = 0 [pid 1203] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1203] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1203] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1203] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1202] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] <... futex resumed>) = 0 [pid 1203] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1202] <... futex resumed>) = ? [pid 1203] +++ killed by SIGBUS +++ [pid 1202] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1202, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 [ 50.627705][ T1204] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1203: bg 0: block 234: padding at end of block bitmap is not set umount2("./143/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1208 ./strace-static-x86_64: Process 1208 attached [pid 1208] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1208] chdir("./144") = 0 [pid 1208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1208] setpgid(0, 0) = 0 [pid 1208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1208] write(3, "1000", 4) = 4 [pid 1208] close(3) = 0 [pid 1208] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1208] write(1, "executing program\n", 18) = 18 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1208] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1208] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1209 attached [pid 1209] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1209] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] <... clone3 resumed> => {parent_tid=[1209]}, 88) = 1209 [pid 1208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] <... futex resumed>) = 0 [pid 1209] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1209] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] <... futex resumed>) = 0 [pid 1209] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1209] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1209] <... futex resumed>) = 0 [pid 1208] <... futex resumed>) = 1 [pid 1209] ioctl(3, VHOST_SET_VRING_ADDR [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] <... ioctl resumed>, 0x200000000300) = 0 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] <... futex resumed>) = 0 [pid 1209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1209] ioctl(3, VHOST_SET_MEM_TABLE [pid 1208] <... futex resumed>) = 0 [pid 1209] <... ioctl resumed>, 0x200000003380) = 0 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1209] <... futex resumed>) = 0 [pid 1209] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1208] <... futex resumed>) = 0 [pid 1209] eventfd2(118, EFD_SEMAPHORE [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] <... eventfd2 resumed>) = 4 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] <... futex resumed>) = 0 [pid 1209] ioctl(3, VHOST_SET_VRING_ERR [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1209] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1209] <... futex resumed>) = 0 [pid 1208] <... futex resumed>) = 1 [pid 1209] memfd_create("syzkaller", 0 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1209] <... memfd_create resumed>) = 5 [pid 1209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1209] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1209] munmap(0x7f676585d000, 138412032) = 0 [pid 1209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1209] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1209] close(5) = 0 [pid 1209] close(6) = 0 [pid 1209] mkdir("./file0", 0777) = 0 [pid 1209] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1209] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1209] chdir("./file0") = 0 [pid 1209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1209] ioctl(6, LOOP_CLR_FD) = 0 [pid 1209] close(6) = 0 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] write(6, "#! ./file1\n", 11) = 11 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1208] <... futex resumed>) = 0 [pid 1209] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] <... mmap resumed>) = 0x200000000000 [pid 1209] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1209] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1208] <... futex resumed>) = ? [pid 1209] +++ killed by SIGBUS +++ [pid 1208] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1208, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 [ 50.758624][ T1210] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1209: bg 0: block 234: padding at end of block bitmap is not set umount2("./144/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1214 ./strace-static-x86_64: Process 1214 attached [pid 1214] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1214] chdir("./145") = 0 [pid 1214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1214] setpgid(0, 0) = 0 [pid 1214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1214] write(3, "1000", 4) = 4 [pid 1214] close(3) = 0 [pid 1214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1214] write(1, "executing program\n", 18executing program ) = 18 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1214] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1215]}, 88) = 1215 [pid 1214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1215 attached [pid 1215] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1215] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1215] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1215] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1215] memfd_create("syzkaller", 0) = 5 [pid 1215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1215] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1215] munmap(0x7f676585d000, 138412032) = 0 [pid 1215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1215] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1215] close(5) = 0 [pid 1215] close(6) = 0 [pid 1215] mkdir("./file0", 0777) = 0 [pid 1215] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1215] chdir("./file0") = 0 [pid 1215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1215] ioctl(6, LOOP_CLR_FD) = 0 [pid 1215] close(6) = 0 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] write(6, "#! ./file1\n", 11) = 11 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1215] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1215] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1215] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1214] <... futex resumed>) = ? [pid 1215] +++ killed by SIGBUS +++ [pid 1214] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1214, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 [ 50.938985][ T1216] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1215: bg 0: block 234: padding at end of block bitmap is not set umount2("./145/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1220 attached [pid 1220] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1220] chdir("./146") = 0 [pid 1220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1220] setpgid(0, 0) = 0 [pid 1220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1220] write(3, "1000", 4) = 4 [pid 1220] close(3) = 0 [pid 1220] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1220] write(1, "executing program\n", 18) = 18 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1220] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1221]}, 88) = 1221 [pid 1220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 1220 ./strace-static-x86_64: Process 1221 attached [pid 1221] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1221] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1221] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1221] memfd_create("syzkaller", 0) = 5 [pid 1221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1221] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1221] munmap(0x7f676585d000, 138412032) = 0 [pid 1221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1221] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1221] close(5) = 0 [pid 1221] close(6) = 0 [pid 1221] mkdir("./file0", 0777) = 0 [pid 1221] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1221] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1221] chdir("./file0") = 0 [pid 1221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1221] ioctl(6, LOOP_CLR_FD) = 0 [pid 1221] close(6) = 0 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1221] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] <... openat resumed>) = 6 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] write(6, "#! ./file1\n", 11) = 11 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1221] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1221] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] <... futex resumed>) = 0 [pid 1221] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1220] <... futex resumed>) = ? [pid 1221] +++ killed by SIGBUS +++ [pid 1220] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1220, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 [ 51.097788][ T1222] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1221: bg 0: block 234: padding at end of block bitmap is not set umount2("./146/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1226 ./strace-static-x86_64: Process 1226 attached [pid 1226] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1226] chdir("./147") = 0 [pid 1226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1226] setpgid(0, 0) = 0 [pid 1226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1226] write(3, "1000", 4) = 4 [pid 1226] close(3) = 0 [pid 1226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1226] write(1, "executing program\n", 18executing program ) = 18 [pid 1226] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1226] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1226] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1227 attached => {parent_tid=[1227]}, 88) = 1227 [pid 1227] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] ioctl(3, VHOST_SET_OWNER [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] <... ioctl resumed>, 0) = 0 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] <... futex resumed>) = 0 [pid 1226] <... futex resumed>) = 1 [pid 1227] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] <... futex resumed>) = 0 [pid 1226] <... futex resumed>) = 1 [pid 1227] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] memfd_create("syzkaller", 0 [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1227] <... memfd_create resumed>) = 5 [pid 1227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1227] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1227] munmap(0x7f676585d000, 138412032) = 0 [pid 1227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1227] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1227] close(5) = 0 [pid 1227] close(6) = 0 [pid 1227] mkdir("./file0", 0777) = 0 [pid 1227] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1227] chdir("./file0") = 0 [pid 1227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1227] ioctl(6, LOOP_CLR_FD) = 0 [pid 1227] close(6) = 0 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1226] <... futex resumed>) = 0 [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1226] <... futex resumed>) = 0 [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] <... openat resumed>) = 6 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1226] <... futex resumed>) = 0 [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] write(6, "#! ./file1\n", 11) = 11 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1226] <... futex resumed>) = 0 [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1227] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1226] <... futex resumed>) = 0 [pid 1226] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1226] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1226] <... futex resumed>) = ? [pid 1227] +++ killed by SIGBUS +++ [pid 1226] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1226, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 [ 51.338534][ T1228] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1227: bg 0: block 234: padding at end of block bitmap is not set umount2("./147/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1232 attached , child_tidptr=0x55557cd2c690) = 1232 [pid 1232] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1232] chdir("./148") = 0 [pid 1232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1232] setpgid(0, 0) = 0 [pid 1232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1232] write(3, "1000", 4) = 4 [pid 1232] close(3) = 0 [pid 1232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1232] write(1, "executing program\n", 18executing program ) = 18 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1232] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1232] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1233]}, 88) = 1233 [pid 1232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1233 attached [pid 1233] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1233] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1233] memfd_create("syzkaller", 0) = 5 [pid 1233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1233] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1233] munmap(0x7f676585d000, 138412032) = 0 [pid 1233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1233] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1233] close(5) = 0 [pid 1233] close(6) = 0 [pid 1233] mkdir("./file0", 0777) = 0 [pid 1233] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1233] chdir("./file0") = 0 [pid 1233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1233] ioctl(6, LOOP_CLR_FD) = 0 [pid 1233] close(6) = 0 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1233] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] <... openat resumed>) = 6 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1233] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1233] write(6, "#! ./file1\n", 11) = 11 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1233] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1233] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] <... futex resumed>) = 0 [pid 1233] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1232] <... futex resumed>) = ? [pid 1233] +++ killed by SIGBUS +++ [pid 1232] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1232, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 [ 51.478434][ T1234] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1233: bg 0: block 234: padding at end of block bitmap is not set umount2("./148/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1238 attached [pid 1238] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 1238 [pid 1238] chdir("./149") = 0 [pid 1238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1238] setpgid(0, 0) = 0 [pid 1238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1238] write(3, "1000", 4) = 4 [pid 1238] close(3) = 0 [pid 1238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1238] write(1, "executing program\n", 18executing program ) = 18 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1238] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1238] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1238] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1239 attached => {parent_tid=[1239]}, 88) = 1239 [pid 1239] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1238] <... futex resumed>) = 1 [pid 1239] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1239] <... futex resumed>) = 0 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] <... futex resumed>) = 0 [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1238] <... futex resumed>) = 1 [pid 1239] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1239] <... futex resumed>) = 0 [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1238] <... futex resumed>) = 0 [pid 1239] ioctl(3, VHOST_SET_MEM_TABLE [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] <... ioctl resumed>, 0x200000003380) = 0 [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1239] <... futex resumed>) = 0 [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1239] eventfd2(118, EFD_SEMAPHORE [pid 1238] <... futex resumed>) = 0 [pid 1239] <... eventfd2 resumed>) = 4 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1238] <... futex resumed>) = 1 [pid 1239] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1238] <... futex resumed>) = 1 [pid 1239] ioctl(3, VHOST_SET_VRING_ADDR [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] <... ioctl resumed>, 0x200000000240) = 0 [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1239] <... futex resumed>) = 0 [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1238] <... futex resumed>) = 0 [pid 1239] ioctl(3, VHOST_SET_VRING_KICK [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] <... ioctl resumed>, 0x200000000000) = 0 [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] <... futex resumed>) = 0 [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1238] <... futex resumed>) = 1 [pid 1239] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1239] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1238] <... futex resumed>) = 1 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1239] memfd_create("syzkaller", 0) = 5 [pid 1239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1239] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1239] munmap(0x7f676585d000, 138412032) = 0 [pid 1239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1239] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1239] close(5) = 0 [pid 1239] close(6) = 0 [pid 1239] mkdir("./file0", 0777) = 0 [pid 1239] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1239] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1239] chdir("./file0") = 0 [pid 1239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1239] ioctl(6, LOOP_CLR_FD) = 0 [pid 1239] close(6) = 0 [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1238] <... futex resumed>) = 0 [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1238] <... futex resumed>) = 0 [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] write(6, "#! ./file1\n", 11) = 11 [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1238] <... futex resumed>) = 0 [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1239] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1238] <... futex resumed>) = 0 [pid 1238] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1238] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1238] <... futex resumed>) = ? [pid 1239] +++ killed by SIGBUS +++ [pid 1238] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1238, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 [ 51.624423][ T1240] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1239: bg 0: block 234: padding at end of block bitmap is not set umount2("./149/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1244 attached , child_tidptr=0x55557cd2c690) = 1244 [pid 1244] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1244] chdir("./150") = 0 [pid 1244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1244] setpgid(0, 0) = 0 [pid 1244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1244] write(3, "1000", 4) = 4 [pid 1244] close(3) = 0 [pid 1244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1244] write(1, "executing program\n", 18executing program ) = 18 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1244] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1245 attached => {parent_tid=[1245]}, 88) = 1245 [pid 1245] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1245] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1245] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1245] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1245] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1245] memfd_create("syzkaller", 0) = 5 [pid 1245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1245] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1245] munmap(0x7f676585d000, 138412032) = 0 [pid 1245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1245] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1245] close(5) = 0 [pid 1245] close(6) = 0 [pid 1245] mkdir("./file0", 0777) = 0 [pid 1245] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1245] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1245] chdir("./file0") = 0 [pid 1245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1245] ioctl(6, LOOP_CLR_FD) = 0 [pid 1245] close(6) = 0 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1245] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] <... openat resumed>) = 6 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] write(6, "#! ./file1\n", 11 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] <... write resumed>) = 11 [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] <... futex resumed>) = 0 [pid 1245] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] <... mmap resumed>) = 0x200000000000 [pid 1244] <... futex resumed>) = 0 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1245] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1244] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1244] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] <... futex resumed>) = 0 [pid 1245] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1244] <... futex resumed>) = ? [pid 1245] +++ killed by SIGBUS +++ [pid 1244] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1244, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 [ 51.947938][ T1246] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1245: bg 0: block 234: padding at end of block bitmap is not set umount2("./150/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1250 attached , child_tidptr=0x55557cd2c690) = 1250 [pid 1250] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1250] chdir("./151") = 0 [pid 1250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1250] setpgid(0, 0) = 0 [pid 1250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1250] write(3, "1000", 4) = 4 [pid 1250] close(3) = 0 [pid 1250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1250] write(1, "executing program\n", 18executing program ) = 18 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1250] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1251]}, 88) = 1251 [pid 1250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1251 attached [pid 1251] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1251] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1251] memfd_create("syzkaller", 0) = 5 [pid 1251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1251] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1251] munmap(0x7f676585d000, 138412032) = 0 [pid 1251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1251] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1251] close(5) = 0 [pid 1251] close(6) = 0 [pid 1251] mkdir("./file0", 0777) = 0 [pid 1251] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1251] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1251] chdir("./file0") = 0 [pid 1251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1251] ioctl(6, LOOP_CLR_FD) = 0 [pid 1251] close(6) = 0 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1251] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] <... openat resumed>) = 6 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] write(6, "#! ./file1\n", 11) = 11 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] <... futex resumed>) = 0 [pid 1251] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1251] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1251] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1251] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1250] <... futex resumed>) = 0 [pid 1250] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] <... futex resumed>) = 0 [pid 1251] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1250] <... futex resumed>) = ? [pid 1251] +++ killed by SIGBUS +++ [pid 1250] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1250, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 [ 52.148006][ T1252] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1251: bg 0: block 234: padding at end of block bitmap is not set umount2("./151/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1256 ./strace-static-x86_64: Process 1256 attached [pid 1256] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1256] chdir("./152") = 0 [pid 1256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1256] setpgid(0, 0) = 0 [pid 1256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1256] write(3, "1000", 4) = 4 [pid 1256] close(3) = 0 [pid 1256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1256] write(1, "executing program\n", 18executing program ) = 18 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1256] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1257]}, 88) = 1257 [pid 1256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1257 attached [pid 1257] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1257] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1257] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1257] memfd_create("syzkaller", 0) = 5 [pid 1257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1257] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1257] munmap(0x7f676585d000, 138412032) = 0 [pid 1257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1257] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1257] close(5) = 0 [pid 1257] close(6) = 0 [pid 1257] mkdir("./file0", 0777) = 0 [pid 1257] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1257] chdir("./file0") = 0 [pid 1257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1257] ioctl(6, LOOP_CLR_FD) = 0 [pid 1257] close(6) = 0 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] write(6, "#! ./file1\n", 11) = 11 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1257] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1257] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1257] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1257] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1256] <... futex resumed>) = 0 [pid 1256] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] <... futex resumed>) = 0 [pid 1257] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1256] <... futex resumed>) = ? [pid 1257] +++ killed by SIGBUS +++ [pid 1256] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1256, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 [ 52.348635][ T1258] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1257: bg 0: block 234: padding at end of block bitmap is not set umount2("./152/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1262 attached , child_tidptr=0x55557cd2c690) = 1262 [pid 1262] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1262] chdir("./153") = 0 [pid 1262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1262] setpgid(0, 0) = 0 [pid 1262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1262] write(3, "1000", 4) = 4 [pid 1262] close(3) = 0 [pid 1262] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1262] write(1, "executing program\n", 18) = 18 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1262] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1262] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1262] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1262] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1263 attached => {parent_tid=[1263]}, 88) = 1263 [pid 1263] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1263] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] <... futex resumed>) = 0 [pid 1263] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] ioctl(3, VHOST_SET_VRING_ADDR [pid 1262] <... futex resumed>) = 0 [pid 1263] <... ioctl resumed>, 0x200000000240) = 0 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] <... futex resumed>) = 0 [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1263] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1263] <... futex resumed>) = 0 [pid 1263] ioctl(3, VHOST_SET_VRING_KICK [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] <... ioctl resumed>, 0x200000000000) = 0 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1262] <... futex resumed>) = 0 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] <... futex resumed>) = 0 [pid 1263] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] <... futex resumed>) = 0 [pid 1262] <... futex resumed>) = 1 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1263] memfd_create("syzkaller", 0) = 5 [pid 1263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1263] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1263] munmap(0x7f676585d000, 138412032) = 0 [pid 1263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1263] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1263] close(5) = 0 [pid 1263] close(6) = 0 [pid 1263] mkdir("./file0", 0777) = 0 [pid 1263] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1263] chdir("./file0") = 0 [pid 1263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1263] ioctl(6, LOOP_CLR_FD) = 0 [pid 1263] close(6) = 0 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] <... openat resumed>) = 6 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] write(6, "#! ./file1\n", 11) = 11 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1263] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1262] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1262] <... futex resumed>) = ? [pid 1263] +++ killed by SIGBUS +++ [pid 1262] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1262, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 [ 52.477754][ T1264] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1263: bg 0: block 234: padding at end of block bitmap is not set umount2("./153/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1268 attached , child_tidptr=0x55557cd2c690) = 1268 [pid 1268] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1268] chdir("./154") = 0 [pid 1268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1268] setpgid(0, 0) = 0 [pid 1268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1268] write(3, "1000", 4) = 4 [pid 1268] close(3) = 0 [pid 1268] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1268] write(1, "executing program\n", 18) = 18 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1268] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1268] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1269 attached => {parent_tid=[1269]}, 88) = 1269 [pid 1269] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1269] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1269] <... futex resumed>) = 0 [pid 1268] <... futex resumed>) = 1 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1269] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1269] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1269] ioctl(3, VHOST_SET_VRING_ERR [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1269] ioctl(3, VHOST_SET_VRING_KICK [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1269] <... ioctl resumed>, 0x200000000000) = 0 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1269] <... futex resumed>) = 0 [pid 1269] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1268] <... futex resumed>) = 0 [pid 1269] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] <... ioctl resumed>, 0x200000000140) = 0 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1269] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1269] memfd_create("syzkaller", 0) = 5 [pid 1269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1269] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1269] munmap(0x7f676585d000, 138412032) = 0 [pid 1269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1269] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1269] close(5) = 0 [pid 1269] close(6) = 0 [pid 1269] mkdir("./file0", 0777) = 0 [pid 1269] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1269] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1269] chdir("./file0") = 0 [pid 1269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1269] ioctl(6, LOOP_CLR_FD) = 0 [pid 1269] close(6) = 0 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1269] write(6, "#! ./file1\n", 11 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] <... write resumed>) = 11 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1269] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] <... mmap resumed>) = 0x200000000000 [pid 1269] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1268] <... futex resumed>) = 0 [pid 1268] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1268] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1269] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1268] <... futex resumed>) = ? [pid 1269] +++ killed by SIGBUS +++ [pid 1268] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1268, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./154", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 umount2("./154/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 52.626429][ T1270] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1269: bg 0: block 234: padding at end of block bitmap is not set close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1274 attached , child_tidptr=0x55557cd2c690) = 1274 [pid 1274] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1274] chdir("./155") = 0 [pid 1274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1274] setpgid(0, 0) = 0 [pid 1274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1274] write(3, "1000", 4) = 4 [pid 1274] close(3) = 0 [pid 1274] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1274] write(1, "executing program\n", 18) = 18 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1274] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1275 attached => {parent_tid=[1275]}, 88) = 1275 [pid 1275] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1275] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1275] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1275] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1275] ioctl(3, VHOST_SET_VRING_ADDR [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] <... ioctl resumed>, 0x200000000300) = 0 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1275] ioctl(3, VHOST_SET_VRING_ERR [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1275] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1275] <... futex resumed>) = 0 [pid 1274] <... futex resumed>) = 1 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1275] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1274] <... futex resumed>) = 0 [pid 1275] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] <... ioctl resumed>, 0x200000000140) = 0 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1275] memfd_create("syzkaller", 0) = 5 [pid 1275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1275] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1275] munmap(0x7f676585d000, 138412032) = 0 [pid 1275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1275] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1275] close(5) = 0 [pid 1275] close(6) = 0 [pid 1275] mkdir("./file0", 0777) = 0 [pid 1275] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1275] chdir("./file0") = 0 [pid 1275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1275] ioctl(6, LOOP_CLR_FD) = 0 [pid 1275] close(6) = 0 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1275] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] <... openat resumed>) = 6 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] write(6, "#! ./file1\n", 11) = 11 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1275] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1275] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1274] <... futex resumed>) = 0 [pid 1274] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1274] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] <... futex resumed>) = 0 [pid 1275] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1274] <... futex resumed>) = ? [pid 1275] +++ killed by SIGBUS +++ [pid 1274] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1274, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 [ 52.747801][ T1276] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1275: bg 0: block 234: padding at end of block bitmap is not set umount2("./155/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1280 attached , child_tidptr=0x55557cd2c690) = 1280 [pid 1280] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1280] chdir("./156") = 0 [pid 1280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1280] setpgid(0, 0) = 0 [pid 1280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1280] write(3, "1000", 4) = 4 [pid 1280] close(3) = 0 [pid 1280] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1280] write(1, "executing program\n", 18) = 18 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1280] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1280] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1280] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1281]}, 88) = 1281 [pid 1280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1281 attached [pid 1281] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1281] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1281] memfd_create("syzkaller", 0) = 5 [pid 1281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1281] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1281] munmap(0x7f676585d000, 138412032) = 0 [pid 1281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1281] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1281] close(5) = 0 [pid 1281] close(6) = 0 [pid 1281] mkdir("./file0", 0777) = 0 [pid 1281] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1281] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1281] chdir("./file0") = 0 [pid 1281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1281] ioctl(6, LOOP_CLR_FD) = 0 [pid 1281] close(6) = 0 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1281] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] <... openat resumed>) = 6 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1281] write(6, "#! ./file1\n", 11 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] <... write resumed>) = 11 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1281] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1280] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1280] <... futex resumed>) = ? [pid 1281] +++ killed by SIGBUS +++ [pid 1280] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1280, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 [ 52.896459][ T1282] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1281: bg 0: block 234: padding at end of block bitmap is not set umount2("./156/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1286 attached , child_tidptr=0x55557cd2c690) = 1286 [pid 1286] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1286] chdir("./157") = 0 [pid 1286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1286] setpgid(0, 0) = 0 [pid 1286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1286] write(3, "1000", 4) = 4 [pid 1286] close(3) = 0 [pid 1286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1286] write(1, "executing program\n", 18executing program ) = 18 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1286] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1286] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1287]}, 88) = 1287 [pid 1286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1287 attached [pid 1287] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1287] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1287] memfd_create("syzkaller", 0) = 5 [pid 1287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1287] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1287] munmap(0x7f676585d000, 138412032) = 0 [pid 1287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1287] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1287] close(5) = 0 [pid 1287] close(6) = 0 [pid 1287] mkdir("./file0", 0777) = 0 [pid 1287] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1287] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1287] chdir("./file0") = 0 [pid 1287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1287] ioctl(6, LOOP_CLR_FD) = 0 [pid 1287] close(6) = 0 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1287] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] <... openat resumed>) = 6 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1287] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1287] write(6, "#! ./file1\n", 11) = 11 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1287] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1287] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1286] <... futex resumed>) = 0 [pid 1286] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1286] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] <... futex resumed>) = 0 [pid 1287] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1286] <... futex resumed>) = ? [pid 1287] +++ killed by SIGBUS +++ [pid 1286] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1286, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 [ 53.048036][ T1288] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1287: bg 0: block 234: padding at end of block bitmap is not set umount2("./157/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1292 attached [pid 1292] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x55557cd2c690) = 1292 [pid 1292] chdir("./158") = 0 [pid 1292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1292] setpgid(0, 0) = 0 [pid 1292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1292] write(3, "1000", 4) = 4 [pid 1292] close(3) = 0 [pid 1292] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1292] write(1, "executing program\n", 18) = 18 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1292] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1293 attached [pid 1293] set_robust_list(0x7f676dc7d9a0, 24 [pid 1292] <... clone3 resumed> => {parent_tid=[1293]}, 88) = 1293 [pid 1293] <... set_robust_list resumed>) = 0 [pid 1293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1293] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1293] <... futex resumed>) = 0 [pid 1293] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1293] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1293] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1293] eventfd2(118, EFD_SEMAPHORE [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] <... eventfd2 resumed>) = 4 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1293] memfd_create("syzkaller", 0) = 5 [pid 1293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1293] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1293] munmap(0x7f676585d000, 138412032) = 0 [pid 1293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1293] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1293] close(5) = 0 [pid 1293] close(6) = 0 [pid 1293] mkdir("./file0", 0777) = 0 [pid 1293] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1293] chdir("./file0") = 0 [pid 1293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1293] ioctl(6, LOOP_CLR_FD) = 0 [pid 1293] close(6) = 0 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1293] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] <... openat resumed>) = 6 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] write(6, "#! ./file1\n", 11) = 11 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1293] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1293] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1292] <... futex resumed>) = ? [pid 1293] +++ killed by SIGBUS +++ [pid 1292] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1292, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 umount2("./158/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 [ 53.213054][ T1294] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1293: bg 0: block 234: padding at end of block bitmap is not set getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1298 ./strace-static-x86_64: Process 1298 attached [pid 1298] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1298] chdir("./159") = 0 [pid 1298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1298] setpgid(0, 0) = 0 [pid 1298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1298] write(3, "1000", 4) = 4 [pid 1298] close(3) = 0 [pid 1298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1298] write(1, "executing program\n", 18executing program ) = 18 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1298] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1299]}, 88) = 1299 [pid 1298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1299 attached [pid 1299] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1299] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1299] memfd_create("syzkaller", 0) = 5 [pid 1299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1299] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1299] munmap(0x7f676585d000, 138412032) = 0 [pid 1299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1299] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1299] close(5) = 0 [pid 1299] close(6) = 0 [pid 1299] mkdir("./file0", 0777) = 0 [pid 1299] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1299] chdir("./file0") = 0 [pid 1299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1299] ioctl(6, LOOP_CLR_FD) = 0 [pid 1299] close(6) = 0 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] write(6, "#! ./file1\n", 11) = 11 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1299] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1298] <... futex resumed>) = 0 [pid 1298] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1298] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1298] <... futex resumed>) = ? [pid 1299] +++ killed by SIGBUS +++ [pid 1298] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1298, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 [ 53.346875][ T1300] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1299: bg 0: block 234: padding at end of block bitmap is not set umount2("./159/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1304 ./strace-static-x86_64: Process 1304 attached [pid 1304] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1304] chdir("./160") = 0 [pid 1304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1304] setpgid(0, 0) = 0 [pid 1304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1304] write(3, "1000", 4) = 4 [pid 1304] close(3) = 0 [pid 1304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1304] write(1, "executing program\n", 18executing program ) = 18 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1304] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1304] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1305 attached => {parent_tid=[1305]}, 88) = 1305 [pid 1305] set_robust_list(0x7f676dc7d9a0, 24 [pid 1304] rt_sigprocmask(SIG_SETMASK, [], [pid 1305] <... set_robust_list resumed>) = 0 [pid 1305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1305] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1305] <... futex resumed>) = 0 [pid 1305] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1305] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1305] <... futex resumed>) = 0 [pid 1305] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1305] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1305] <... futex resumed>) = 0 [pid 1305] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1305] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1305] <... futex resumed>) = 0 [pid 1305] ioctl(3, VHOST_SET_MEM_TABLE [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] <... ioctl resumed>, 0x200000003380) = 0 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1305] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1304] <... futex resumed>) = 0 [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] <... futex resumed>) = 0 [pid 1305] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1305] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1304] <... futex resumed>) = 0 [pid 1305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1305] ioctl(3, VHOST_SET_VRING_ERR [pid 1304] <... futex resumed>) = 0 [pid 1305] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1304] <... futex resumed>) = 0 [pid 1305] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1305] ioctl(3, VHOST_SET_VRING_ADDR [pid 1304] <... futex resumed>) = 0 [pid 1305] <... ioctl resumed>, 0x200000000240) = 0 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1305] <... futex resumed>) = 0 [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1305] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1304] <... futex resumed>) = 0 [pid 1305] <... futex resumed>) = 0 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1305] <... futex resumed>) = 0 [pid 1305] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] <... ioctl resumed>, 0x200000000140) = 0 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1304] <... futex resumed>) = 0 [pid 1305] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1305] <... futex resumed>) = 0 [pid 1304] <... futex resumed>) = 1 [pid 1305] memfd_create("syzkaller", 0 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1305] <... memfd_create resumed>) = 5 [pid 1305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1305] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1305] munmap(0x7f676585d000, 138412032) = 0 [pid 1305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1305] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1305] close(5) = 0 [pid 1305] close(6) = 0 [pid 1305] mkdir("./file0", 0777) = 0 [pid 1305] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1305] chdir("./file0") = 0 [pid 1305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1305] ioctl(6, LOOP_CLR_FD) = 0 [pid 1305] close(6) = 0 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1304] <... futex resumed>) = 0 [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1304] <... futex resumed>) = 0 [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] write(6, "#! ./file1\n", 11) = 11 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1304] <... futex resumed>) = 0 [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1305] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1304] <... futex resumed>) = 0 [pid 1304] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1304] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1304] <... futex resumed>) = ? [pid 1305] +++ killed by SIGBUS +++ [pid 1304] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 [ 53.484676][ T1306] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1305: bg 0: block 234: padding at end of block bitmap is not set umount2("./160/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1310 attached , child_tidptr=0x55557cd2c690) = 1310 [pid 1310] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1310] chdir("./161") = 0 [pid 1310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1310] setpgid(0, 0) = 0 [pid 1310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1310] write(3, "1000", 4) = 4 [pid 1310] close(3) = 0 [pid 1310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1310] write(1, "executing program\n", 18executing program ) = 18 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1310] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1310] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1311 attached => {parent_tid=[1311]}, 88) = 1311 [pid 1311] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1311] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1311] <... futex resumed>) = 0 [pid 1311] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] <... futex resumed>) = 0 [pid 1311] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1311] <... futex resumed>) = 0 [pid 1311] ioctl(3, VHOST_SET_OWNER [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] <... ioctl resumed>, 0) = 0 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1311] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1310] <... futex resumed>) = 0 [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1311] <... futex resumed>) = 0 [pid 1311] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1311] <... futex resumed>) = 0 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] <... futex resumed>) = 0 [pid 1311] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1310] <... futex resumed>) = 0 [pid 1311] ioctl(3, VHOST_SET_VRING_ERR [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1310] <... futex resumed>) = 0 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] <... futex resumed>) = 0 [pid 1310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1311] ioctl(3, VHOST_SET_VRING_ADDR [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... ioctl resumed>, 0x200000000240) = 0 [pid 1310] <... futex resumed>) = 0 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] <... futex resumed>) = 0 [pid 1310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1311] ioctl(3, VHOST_SET_VRING_KICK [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... ioctl resumed>, 0x200000000000) = 0 [pid 1310] <... futex resumed>) = 0 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] <... futex resumed>) = 0 [pid 1310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1311] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] <... ioctl resumed>, 0x200000000140) = 0 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1310] <... futex resumed>) = 0 [pid 1311] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1310] <... futex resumed>) = 0 [pid 1311] memfd_create("syzkaller", 0 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1311] <... memfd_create resumed>) = 5 [pid 1311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1311] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1311] munmap(0x7f676585d000, 138412032) = 0 [pid 1311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1311] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1311] close(5) = 0 [pid 1311] close(6) = 0 [pid 1311] mkdir("./file0", 0777) = 0 [pid 1311] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1311] chdir("./file0") = 0 [pid 1311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1311] ioctl(6, LOOP_CLR_FD) = 0 [pid 1311] close(6) = 0 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1310] <... futex resumed>) = 0 [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1310] <... futex resumed>) = 0 [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] write(6, "#! ./file1\n", 11) = 11 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1310] <... futex resumed>) = 0 [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1311] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1310] <... futex resumed>) = 0 [pid 1310] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1310] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1310] <... futex resumed>) = ? [pid 1311] +++ killed by SIGBUS +++ [pid 1310] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1310, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 [ 53.722078][ T1312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1311: bg 0: block 234: padding at end of block bitmap is not set umount2("./161/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1316 attached , child_tidptr=0x55557cd2c690) = 1316 [pid 1316] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1316] chdir("./162") = 0 [pid 1316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1316] setpgid(0, 0) = 0 [pid 1316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1316] write(3, "1000", 4) = 4 [pid 1316] close(3) = 0 [pid 1316] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1316] write(1, "executing program\n", 18) = 18 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1316] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1317 attached [pid 1317] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1317] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1316] <... clone3 resumed> => {parent_tid=[1317]}, 88) = 1317 [pid 1316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1317] <... futex resumed>) = 0 [pid 1316] <... futex resumed>) = 1 [pid 1317] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1317] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1317] <... futex resumed>) = 0 [pid 1317] ioctl(3, VHOST_SET_OWNER [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] <... ioctl resumed>, 0) = 0 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1317] eventfd2(118, EFD_SEMAPHORE [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] <... eventfd2 resumed>) = 4 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1317] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1317] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1317] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1317] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1317] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1317] memfd_create("syzkaller", 0) = 5 [pid 1317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1317] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1317] munmap(0x7f676585d000, 138412032) = 0 [pid 1317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1317] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1317] close(5) = 0 [pid 1317] close(6) = 0 [pid 1317] mkdir("./file0", 0777) = 0 [pid 1317] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1317] chdir("./file0") = 0 [pid 1317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1317] ioctl(6, LOOP_CLR_FD) = 0 [pid 1317] close(6) = 0 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] write(6, "#! ./file1\n", 11) = 11 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1317] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1317] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1317] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1316] <... futex resumed>) = ? [pid 1317] +++ killed by SIGBUS +++ [pid 1316] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1316, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 [ 53.909016][ T1318] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1317: bg 0: block 234: padding at end of block bitmap is not set umount2("./162/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1322 attached , child_tidptr=0x55557cd2c690) = 1322 [pid 1322] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1322] chdir("./163") = 0 [pid 1322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1322] setpgid(0, 0) = 0 [pid 1322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1322] write(3, "1000", 4) = 4 [pid 1322] close(3) = 0 [pid 1322] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1322] write(1, "executing program\n", 18) = 18 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1322] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1323]}, 88) = 1323 [pid 1322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1323 attached [pid 1323] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1323] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1323] memfd_create("syzkaller", 0) = 5 [pid 1323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1323] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1323] munmap(0x7f676585d000, 138412032) = 0 [pid 1323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1323] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1323] close(5) = 0 [pid 1323] close(6) = 0 [pid 1323] mkdir("./file0", 0777) = 0 [pid 1323] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1323] chdir("./file0") = 0 [pid 1323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1323] ioctl(6, LOOP_CLR_FD) = 0 [pid 1323] close(6) = 0 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] write(6, "#! ./file1\n", 11) = 11 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1323] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1322] <... futex resumed>) = 0 [pid 1322] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1322] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1323] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1322] <... futex resumed>) = ? [pid 1323] +++ killed by SIGBUS +++ [pid 1322] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1322, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 [ 54.094028][ T1324] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1323: bg 0: block 234: padding at end of block bitmap is not set umount2("./163/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1328 attached , child_tidptr=0x55557cd2c690) = 1328 [pid 1328] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1328] chdir("./164") = 0 [pid 1328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1328] setpgid(0, 0) = 0 [pid 1328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1328] write(3, "1000", 4) = 4 [pid 1328] close(3) = 0 [pid 1328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1328] write(1, "executing program\n", 18executing program ) = 18 [pid 1328] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1328] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1328] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1329 attached => {parent_tid=[1329]}, 88) = 1329 [pid 1329] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1329] <... futex resumed>) = 0 [pid 1329] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1329] <... futex resumed>) = 0 [pid 1329] ioctl(3, VHOST_SET_OWNER [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1329] <... ioctl resumed>, 0) = 0 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1329] <... futex resumed>) = 0 [pid 1329] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1329] <... futex resumed>) = 0 [pid 1329] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1329] <... futex resumed>) = 0 [pid 1329] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1329] <... futex resumed>) = 0 [pid 1329] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1329] <... futex resumed>) = 0 [pid 1329] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1329] <... futex resumed>) = 0 [pid 1328] <... futex resumed>) = 1 [pid 1329] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1329] <... futex resumed>) = 0 [pid 1328] <... futex resumed>) = 1 [pid 1329] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1329] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1329] <... futex resumed>) = 0 [pid 1328] <... futex resumed>) = 1 [pid 1329] memfd_create("syzkaller", 0) = 5 [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1329] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1329] munmap(0x7f676585d000, 138412032) = 0 [pid 1329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1329] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1329] close(5) = 0 [pid 1329] close(6) = 0 [pid 1329] mkdir("./file0", 0777) = 0 [pid 1329] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1329] chdir("./file0") = 0 [pid 1329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1329] ioctl(6, LOOP_CLR_FD) = 0 [pid 1329] close(6) = 0 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1328] <... futex resumed>) = 0 [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1329] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1328] <... futex resumed>) = 0 [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1329] write(6, "#! ./file1\n", 11) = 11 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1328] <... futex resumed>) = 0 [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1329] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1329] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1328] <... futex resumed>) = 0 [pid 1328] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1328] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1329] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1328] <... futex resumed>) = ? [pid 1329] +++ killed by SIGBUS +++ [pid 1328] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1328, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 [ 54.294408][ T1330] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1329: bg 0: block 234: padding at end of block bitmap is not set umount2("./164/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1334 attached , child_tidptr=0x55557cd2c690) = 1334 [pid 1334] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1334] chdir("./165") = 0 [pid 1334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1334] setpgid(0, 0) = 0 [pid 1334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1334] write(3, "1000", 4) = 4 [pid 1334] close(3) = 0 [pid 1334] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1334] write(1, "executing program\n", 18) = 18 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1334] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1335 attached [pid 1335] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1335] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1334] <... clone3 resumed> => {parent_tid=[1335]}, 88) = 1335 [pid 1334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1335] <... futex resumed>) = 0 [pid 1334] <... futex resumed>) = 1 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1335] ioctl(3, VHOST_SET_VRING_ADDR [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] <... ioctl resumed>, 0x200000000300) = 0 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1335] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1335] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1335] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1335] ioctl(3, VHOST_SET_VRING_ADDR [pid 1334] <... futex resumed>) = 0 [pid 1335] <... ioctl resumed>, 0x200000000240) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1335] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1334] <... futex resumed>) = 0 [pid 1335] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1335] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1335] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1334] <... futex resumed>) = 0 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] <... futex resumed>) = 0 [pid 1334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1335] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1335] memfd_create("syzkaller", 0) = 5 [pid 1335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1335] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1335] munmap(0x7f676585d000, 138412032) = 0 [pid 1335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1335] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1335] close(5) = 0 [pid 1335] close(6) = 0 [pid 1335] mkdir("./file0", 0777) = 0 [pid 1335] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1335] chdir("./file0") = 0 [pid 1335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1335] ioctl(6, LOOP_CLR_FD) = 0 [pid 1335] close(6) = 0 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] write(6, "#! ./file1\n", 11) = 11 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1335] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1334] <... futex resumed>) = 0 [pid 1334] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1334] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1334] <... futex resumed>) = ? [pid 1335] +++ killed by SIGBUS +++ [pid 1334] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1334, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 [ 54.456097][ T1336] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1335: bg 0: block 234: padding at end of block bitmap is not set umount2("./165/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1340 ./strace-static-x86_64: Process 1340 attached [pid 1340] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1340] chdir("./166") = 0 [pid 1340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1340] setpgid(0, 0) = 0 [pid 1340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1340] write(3, "1000", 4) = 4 [pid 1340] close(3) = 0 [pid 1340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1340] write(1, "executing program\n", 18executing program ) = 18 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1340] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1341 attached [pid 1341] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1341] rt_sigprocmask(SIG_SETMASK, [], [pid 1340] <... clone3 resumed> => {parent_tid=[1341]}, 88) = 1341 [pid 1341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1341] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1341] <... futex resumed>) = 0 [pid 1341] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1341] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1341] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1341] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1341] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1341] ioctl(3, VHOST_SET_VRING_ERR [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1341] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1341] <... futex resumed>) = 0 [pid 1340] <... futex resumed>) = 1 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1341] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1341] <... futex resumed>) = 0 [pid 1341] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] <... ioctl resumed>, 0x200000000140) = 0 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1341] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1341] memfd_create("syzkaller", 0) = 5 [pid 1341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1341] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1341] munmap(0x7f676585d000, 138412032) = 0 [pid 1341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1341] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1341] close(5) = 0 [pid 1341] close(6) = 0 [pid 1341] mkdir("./file0", 0777) = 0 [pid 1341] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1341] chdir("./file0") = 0 [pid 1341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1341] ioctl(6, LOOP_CLR_FD) = 0 [pid 1341] close(6) = 0 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] write(6, "#! ./file1\n", 11) = 11 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] <... futex resumed>) = 1 [pid 1341] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1341] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1341] <... futex resumed>) = 1 [pid 1341] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1340] <... futex resumed>) = ? [pid 1341] +++ killed by SIGBUS +++ [pid 1340] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1340, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 [ 54.666309][ T1341] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor126: bg 0: block 234: padding at end of block bitmap is not set umount2("./166/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1346 ./strace-static-x86_64: Process 1346 attached [pid 1346] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1346] chdir("./167") = 0 [pid 1346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1346] setpgid(0, 0) = 0 [pid 1346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1346] write(3, "1000", 4) = 4 [pid 1346] close(3) = 0 [pid 1346] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1346] write(1, "executing program\n", 18) = 18 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1346] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1346] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1346] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1347 attached [pid 1347] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1347] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1346] <... clone3 resumed> => {parent_tid=[1347]}, 88) = 1347 [pid 1346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1347] <... futex resumed>) = 0 [pid 1347] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] <... openat resumed>) = 3 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1347] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1346] <... futex resumed>) = 0 [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] <... futex resumed>) = 0 [pid 1347] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1346] <... futex resumed>) = 0 [pid 1347] ioctl(3, VHOST_SET_VRING_ADDR [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1347] <... ioctl resumed>, 0x200000000300) = 0 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1346] <... futex resumed>) = 0 [pid 1347] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1347] <... futex resumed>) = 0 [pid 1346] <... futex resumed>) = 1 [pid 1347] ioctl(3, VHOST_SET_MEM_TABLE [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] <... ioctl resumed>, 0x200000003380) = 0 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1346] <... futex resumed>) = 0 [pid 1347] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1347] eventfd2(118, EFD_SEMAPHORE [pid 1346] <... futex resumed>) = 0 [pid 1347] <... eventfd2 resumed>) = 4 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1346] <... futex resumed>) = 0 [pid 1347] ioctl(3, VHOST_SET_VRING_ERR [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1347] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1346] <... futex resumed>) = 0 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] <... futex resumed>) = 0 [pid 1346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1347] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1346] <... futex resumed>) = 0 [pid 1347] ioctl(3, VHOST_SET_VRING_ADDR [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] <... ioctl resumed>, 0x200000000240) = 0 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1346] <... futex resumed>) = 0 [pid 1347] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1347] ioctl(3, VHOST_SET_VRING_KICK [pid 1346] <... futex resumed>) = 0 [pid 1347] <... ioctl resumed>, 0x200000000000) = 0 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1346] <... futex resumed>) = 0 [pid 1347] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1347] <... ioctl resumed>, 0x200000000140) = 0 [pid 1346] <... futex resumed>) = 0 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1347] memfd_create("syzkaller", 0 [pid 1346] <... futex resumed>) = 0 [pid 1347] <... memfd_create resumed>) = 5 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1347] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1347] munmap(0x7f676585d000, 138412032) = 0 [pid 1347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1347] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1347] close(5) = 0 [pid 1347] close(6) = 0 [pid 1347] mkdir("./file0", 0777) = 0 [pid 1347] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1347] chdir("./file0") = 0 [pid 1347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1347] ioctl(6, LOOP_CLR_FD) = 0 [pid 1347] close(6) = 0 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1346] <... futex resumed>) = 0 [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] <... futex resumed>) = 1 [pid 1347] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1346] <... futex resumed>) = 0 [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] <... futex resumed>) = 1 [pid 1347] write(6, "#! ./file1\n", 11) = 11 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1346] <... futex resumed>) = 0 [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] <... futex resumed>) = 1 [pid 1347] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1347] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1346] <... futex resumed>) = 0 [pid 1346] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1346] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1347] <... futex resumed>) = 1 [pid 1347] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1346] <... futex resumed>) = ? [pid 1347] +++ killed by SIGBUS +++ [pid 1346] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1346, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 [ 54.818144][ T1348] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1347: bg 0: block 234: padding at end of block bitmap is not set umount2("./167/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1352 attached , child_tidptr=0x55557cd2c690) = 1352 [pid 1352] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1352] chdir("./168") = 0 [pid 1352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1352] setpgid(0, 0) = 0 [pid 1352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1352] write(3, "1000", 4) = 4 [pid 1352] close(3) = 0 [pid 1352] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1352] write(1, "executing program\n", 18) = 18 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1352] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1352] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1353 attached [pid 1353] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1353] rt_sigprocmask(SIG_SETMASK, [], [pid 1352] <... clone3 resumed> => {parent_tid=[1353]}, 88) = 1353 [pid 1353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1353] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1353] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1353] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1353] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1353] ioctl(3, VHOST_SET_VRING_ADDR [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] <... ioctl resumed>, 0x200000000300) = 0 [pid 1352] <... futex resumed>) = 0 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] <... futex resumed>) = 0 [pid 1352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1353] ioctl(3, VHOST_SET_MEM_TABLE [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] <... ioctl resumed>, 0x200000003380) = 0 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1353] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1353] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1353] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1353] memfd_create("syzkaller", 0) = 5 [pid 1353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1353] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1353] munmap(0x7f676585d000, 138412032) = 0 [pid 1353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1353] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1353] close(5) = 0 [pid 1353] close(6) = 0 [pid 1353] mkdir("./file0", 0777) = 0 [pid 1353] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1353] chdir("./file0") = 0 [pid 1353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1353] ioctl(6, LOOP_CLR_FD) = 0 [pid 1353] close(6) = 0 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] <... openat resumed>) = 6 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] write(6, "#! ./file1\n", 11) = 11 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] <... mmap resumed>) = 0x200000000000 [pid 1353] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1352] <... futex resumed>) = 0 [pid 1352] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1352] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1352] <... futex resumed>) = ? [pid 1353] +++ killed by SIGBUS +++ [pid 1352] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1352, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 [ 55.028859][ T1354] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1353: bg 0: block 234: padding at end of block bitmap is not set umount2("./168/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1358 ./strace-static-x86_64: Process 1358 attached [pid 1358] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1358] chdir("./169") = 0 [pid 1358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1358] setpgid(0, 0) = 0 [pid 1358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1358] write(3, "1000", 4) = 4 [pid 1358] close(3) = 0 [pid 1358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1358] write(1, "executing program\n", 18executing program ) = 18 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1358] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1358] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1358] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1359 attached => {parent_tid=[1359]}, 88) = 1359 [pid 1359] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1359] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1359] <... futex resumed>) = 0 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1359] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1359] <... futex resumed>) = 0 [pid 1359] ioctl(3, VHOST_SET_OWNER [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] <... ioctl resumed>, 0) = 0 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1359] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1358] <... futex resumed>) = 0 [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1359] <... futex resumed>) = 0 [pid 1358] <... futex resumed>) = 1 [pid 1359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1359] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1359] <... futex resumed>) = 0 [pid 1358] <... futex resumed>) = 1 [pid 1359] ioctl(3, VHOST_SET_MEM_TABLE [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] <... ioctl resumed>, 0x200000003380) = 0 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1359] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1359] <... futex resumed>) = 0 [pid 1359] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1358] <... futex resumed>) = 0 [pid 1359] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1358] <... futex resumed>) = 0 [pid 1359] ioctl(3, VHOST_SET_VRING_ERR [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1359] ioctl(3, VHOST_SET_VRING_ADDR [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1359] <... ioctl resumed>, 0x200000000240) = 0 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1358] <... futex resumed>) = 0 [pid 1359] <... futex resumed>) = 0 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1359] <... futex resumed>) = 0 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1358] <... futex resumed>) = 0 [pid 1359] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1359] <... ioctl resumed>, 0x200000000140) = 0 [pid 1358] <... futex resumed>) = 0 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] <... futex resumed>) = 0 [pid 1358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1359] memfd_create("syzkaller", 0 [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1359] <... memfd_create resumed>) = 5 [pid 1358] <... futex resumed>) = 0 [pid 1359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1359] <... mmap resumed>) = 0x7f676585d000 [pid 1359] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1359] munmap(0x7f676585d000, 138412032) = 0 [pid 1359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1359] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1359] close(5) = 0 [pid 1359] close(6) = 0 [pid 1359] mkdir("./file0", 0777) = 0 [pid 1359] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1359] chdir("./file0") = 0 [pid 1359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1359] ioctl(6, LOOP_CLR_FD) = 0 [pid 1359] close(6) = 0 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1358] <... futex resumed>) = 0 [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1358] <... futex resumed>) = 0 [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] write(6, "#! ./file1\n", 11) = 11 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1358] <... futex resumed>) = 0 [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1359] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1358] <... futex resumed>) = 0 [pid 1358] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1358] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1358] <... futex resumed>) = ? [pid 1359] +++ killed by SIGBUS +++ [pid 1358] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1358, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 [ 55.205440][ T1360] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1359: bg 0: block 234: padding at end of block bitmap is not set umount2("./169/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1364 attached , child_tidptr=0x55557cd2c690) = 1364 [pid 1364] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1364] chdir("./170") = 0 [pid 1364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1364] setpgid(0, 0) = 0 [pid 1364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1364] write(3, "1000", 4) = 4 [pid 1364] close(3) = 0 [pid 1364] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1364] write(1, "executing program\n", 18) = 18 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1364] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1364] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1365 attached [pid 1365] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1364] <... clone3 resumed> => {parent_tid=[1365]}, 88) = 1365 [pid 1365] rt_sigprocmask(SIG_SETMASK, [], [pid 1364] rt_sigprocmask(SIG_SETMASK, [], [pid 1365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1365] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1365] <... futex resumed>) = 0 [pid 1364] <... futex resumed>) = 1 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1365] ioctl(3, VHOST_SET_OWNER [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] <... ioctl resumed>, 0) = 0 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1365] memfd_create("syzkaller", 0) = 5 [pid 1365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1365] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1365] munmap(0x7f676585d000, 138412032) = 0 [pid 1365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1365] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1365] close(5) = 0 [pid 1365] close(6) = 0 [pid 1365] mkdir("./file0", 0777) = 0 [pid 1365] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1365] chdir("./file0") = 0 [pid 1365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1365] ioctl(6, LOOP_CLR_FD) = 0 [pid 1365] close(6) = 0 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1365] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] <... futex resumed>) = 0 [pid 1365] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] <... futex resumed>) = 1 [pid 1365] write(6, "#! ./file1\n", 11) = 11 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] <... futex resumed>) = 1 [pid 1365] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1365] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1365] <... futex resumed>) = 1 [pid 1365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1364] <... futex resumed>) = ? [pid 1365] +++ killed by SIGBUS +++ [pid 1364] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1364, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 [ 55.424800][ T1366] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1365: bg 0: block 234: padding at end of block bitmap is not set umount2("./170/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1370 ./strace-static-x86_64: Process 1370 attached [pid 1370] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1370] chdir("./171") = 0 [pid 1370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1370] setpgid(0, 0) = 0 [pid 1370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1370] write(3, "1000", 4) = 4 [pid 1370] close(3) = 0 [pid 1370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1370] write(1, "executing program\n", 18executing program ) = 18 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1370] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1371]}, 88) = 1371 ./strace-static-x86_64: Process 1371 attached [pid 1370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1371] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1371] memfd_create("syzkaller", 0) = 5 [pid 1371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1371] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1371] munmap(0x7f676585d000, 138412032) = 0 [pid 1371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1371] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1371] close(5) = 0 [pid 1371] close(6) = 0 [pid 1371] mkdir("./file0", 0777) = 0 [pid 1371] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1371] chdir("./file0") = 0 [pid 1371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1371] ioctl(6, LOOP_CLR_FD) = 0 [pid 1371] close(6) = 0 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] write(6, "#! ./file1\n", 11) = 11 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1371] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1371] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1371] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1371] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1370] <... futex resumed>) = 0 [pid 1370] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1370] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1371] <... futex resumed>) = 0 [pid 1371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1370] <... futex resumed>) = ? [pid 1371] +++ killed by SIGBUS +++ [pid 1370] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1370, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 [ 55.587546][ T1372] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1371: bg 0: block 234: padding at end of block bitmap is not set umount2("./171/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1376 attached , child_tidptr=0x55557cd2c690) = 1376 [pid 1376] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1376] chdir("./172") = 0 [pid 1376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1376] setpgid(0, 0) = 0 [pid 1376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1376] write(3, "1000", 4) = 4 [pid 1376] close(3) = 0 [pid 1376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1376] write(1, "executing program\n", 18executing program ) = 18 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1376] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1377]}, 88) = 1377 [pid 1376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1377 attached [pid 1377] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1377] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1377] ioctl(3, VHOST_SET_VRING_ADDR [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] <... ioctl resumed>, 0x200000000300) = 0 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1377] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] <... ioctl resumed>, 0x200000000140) = 0 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1377] memfd_create("syzkaller", 0 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1377] <... memfd_create resumed>) = 5 [pid 1377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1377] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1377] munmap(0x7f676585d000, 138412032) = 0 [pid 1377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1377] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1377] close(5) = 0 [pid 1377] close(6) = 0 [pid 1377] mkdir("./file0", 0777) = 0 [pid 1377] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1377] chdir("./file0") = 0 [pid 1377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1377] ioctl(6, LOOP_CLR_FD) = 0 [pid 1377] close(6) = 0 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1377] write(6, "#! ./file1\n", 11 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] <... write resumed>) = 11 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1377] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1377] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1377] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1376] <... futex resumed>) = 0 [pid 1376] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1376] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1377] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1376] <... futex resumed>) = ? [pid 1377] +++ killed by SIGBUS +++ [pid 1376] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1376, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 [ 55.778272][ T1378] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1377: bg 0: block 234: padding at end of block bitmap is not set umount2("./172/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1382 attached , child_tidptr=0x55557cd2c690) = 1382 [pid 1382] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1382] chdir("./173") = 0 [pid 1382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1382] setpgid(0, 0) = 0 [pid 1382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1382] write(3, "1000", 4) = 4 [pid 1382] close(3) = 0 [pid 1382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1382] write(1, "executing program\n", 18executing program ) = 18 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1382] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1382] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1383]}, 88) = 1383 ./strace-static-x86_64: Process 1383 attached [pid 1383] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1383] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1383] <... futex resumed>) = 0 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1383] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1383] <... futex resumed>) = 0 [pid 1383] ioctl(3, VHOST_SET_OWNER [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] <... ioctl resumed>, 0) = 0 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1383] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1382] <... futex resumed>) = 0 [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1383] <... futex resumed>) = 0 [pid 1383] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1383] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1383] <... futex resumed>) = 0 [pid 1382] <... futex resumed>) = 1 [pid 1383] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1383] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1383] <... futex resumed>) = 0 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1382] <... futex resumed>) = 0 [pid 1383] ioctl(3, VHOST_SET_VRING_ERR [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1383] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1382] <... futex resumed>) = 0 [pid 1383] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] <... futex resumed>) = 0 [pid 1383] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1382] <... futex resumed>) = 0 [pid 1383] ioctl(3, VHOST_SET_VRING_KICK [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1383] <... ioctl resumed>, 0x200000000000) = 0 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1382] <... futex resumed>) = 0 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1383] <... futex resumed>) = 0 [pid 1383] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] <... ioctl resumed>, 0x200000000140) = 0 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1382] <... futex resumed>) = 0 [pid 1383] memfd_create("syzkaller", 0 [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1383] <... memfd_create resumed>) = 5 [pid 1382] <... futex resumed>) = 0 [pid 1383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1383] <... mmap resumed>) = 0x7f676585d000 [pid 1383] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1383] munmap(0x7f676585d000, 138412032) = 0 [pid 1383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1383] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1383] close(5) = 0 [pid 1383] close(6) = 0 [pid 1383] mkdir("./file0", 0777) = 0 [pid 1383] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1383] chdir("./file0") = 0 [pid 1383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1383] ioctl(6, LOOP_CLR_FD) = 0 [pid 1383] close(6) = 0 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1382] <... futex resumed>) = 0 [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1382] <... futex resumed>) = 0 [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] write(6, "#! ./file1\n", 11) = 11 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1382] <... futex resumed>) = 0 [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1383] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1382] <... futex resumed>) = 0 [pid 1382] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1382] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1383] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1382] <... futex resumed>) = ? [pid 1383] +++ killed by SIGBUS +++ [pid 1382] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1382, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 [ 55.964703][ T1384] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1383: bg 0: block 234: padding at end of block bitmap is not set umount2("./173/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1388 ./strace-static-x86_64: Process 1388 attached [pid 1388] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1388] chdir("./174") = 0 [pid 1388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1388] setpgid(0, 0) = 0 [pid 1388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1388] write(3, "1000", 4) = 4 [pid 1388] close(3) = 0 [pid 1388] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1388] write(1, "executing program\n", 18) = 18 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1388] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1388] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1389 attached [pid 1389] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1389] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1388] <... clone3 resumed> => {parent_tid=[1389]}, 88) = 1389 [pid 1388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1389] <... futex resumed>) = 0 [pid 1388] <... futex resumed>) = 1 [pid 1389] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] <... openat resumed>) = 3 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1389] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1389] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1389] ioctl(3, VHOST_SET_VRING_ADDR [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] <... ioctl resumed>, 0x200000000300) = 0 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1389] memfd_create("syzkaller", 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1389] <... memfd_create resumed>) = 5 [pid 1389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1389] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1389] munmap(0x7f676585d000, 138412032) = 0 [pid 1389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1389] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1389] close(5) = 0 [pid 1389] close(6) = 0 [pid 1389] mkdir("./file0", 0777) = 0 [pid 1389] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1389] chdir("./file0") = 0 [pid 1389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1389] ioctl(6, LOOP_CLR_FD) = 0 [pid 1389] close(6) = 0 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] write(6, "#! ./file1\n", 11) = 11 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1389] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1389] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1388] <... futex resumed>) = 0 [pid 1388] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1388] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1389] <... futex resumed>) = 0 [pid 1389] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1388] <... futex resumed>) = ? [pid 1389] +++ killed by SIGBUS +++ [pid 1388] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1388, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 [ 56.128096][ T1390] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1389: bg 0: block 234: padding at end of block bitmap is not set umount2("./174/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1394 ./strace-static-x86_64: Process 1394 attached [pid 1394] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1394] chdir("./175") = 0 [pid 1394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1394] setpgid(0, 0) = 0 [pid 1394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1394] write(3, "1000", 4) = 4 [pid 1394] close(3) = 0 [pid 1394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1394] write(1, "executing program\n", 18executing program ) = 18 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1394] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1394] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0} => {parent_tid=[1395]}, 88) = 1395 [pid 1394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1395 attached [pid 1395] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1395] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1395] memfd_create("syzkaller", 0) = 5 [pid 1395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1395] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1395] munmap(0x7f676585d000, 138412032) = 0 [pid 1395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1395] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1395] close(5) = 0 [pid 1395] close(6) = 0 [pid 1395] mkdir("./file0", 0777) = 0 [pid 1395] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1395] chdir("./file0") = 0 [pid 1395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1395] ioctl(6, LOOP_CLR_FD) = 0 [pid 1395] close(6) = 0 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1395] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] <... openat resumed>) = 6 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] <... futex resumed>) = 1 [pid 1395] write(6, "#! ./file1\n", 11) = 11 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1395] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1394] <... futex resumed>) = ? [pid 1395] +++ killed by SIGBUS +++ [pid 1394] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1394, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 [ 56.338888][ T1396] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1395: bg 0: block 234: padding at end of block bitmap is not set umount2("./175/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1400 ./strace-static-x86_64: Process 1400 attached [pid 1400] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1400] chdir("./176") = 0 [pid 1400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1400] setpgid(0, 0) = 0 [pid 1400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1400] write(3, "1000", 4) = 4 [pid 1400] close(3) = 0 [pid 1400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1400] write(1, "executing program\n", 18executing program ) = 18 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1400] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1400] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1400] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1401 attached [pid 1401] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1401] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1400] <... clone3 resumed> => {parent_tid=[1401]}, 88) = 1401 [pid 1400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1401] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1401] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1401] <... futex resumed>) = 0 [pid 1401] ioctl(3, VHOST_SET_OWNER [pid 1400] <... futex resumed>) = 1 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] <... ioctl resumed>, 0) = 0 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1401] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1401] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1401] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1401] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1401] memfd_create("syzkaller", 0) = 5 [pid 1401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1401] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1401] munmap(0x7f676585d000, 138412032) = 0 [pid 1401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1401] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1401] close(5) = 0 [pid 1401] close(6) = 0 [pid 1401] mkdir("./file0", 0777) = 0 [pid 1401] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1401] chdir("./file0") = 0 [pid 1401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1401] ioctl(6, LOOP_CLR_FD) = 0 [pid 1401] close(6) = 0 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1401] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] <... openat resumed>) = 6 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] write(6, "#! ./file1\n", 11) = 11 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] <... futex resumed>) = 0 [pid 1401] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1401] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1401] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1401] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1400] <... futex resumed>) = 0 [pid 1400] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1401] <... futex resumed>) = 0 [pid 1401] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1400] <... futex resumed>) = ? [pid 1401] +++ killed by SIGBUS +++ [pid 1400] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1400, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 [ 56.498725][ T1402] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1401: bg 0: block 234: padding at end of block bitmap is not set umount2("./176/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1406 ./strace-static-x86_64: Process 1406 attached [pid 1406] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1406] chdir("./177") = 0 [pid 1406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1406] setpgid(0, 0) = 0 [pid 1406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1406] write(3, "1000", 4) = 4 [pid 1406] close(3) = 0 [pid 1406] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1406] write(1, "executing program\n", 18) = 18 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1406] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1406] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1407 attached [pid 1407] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1407] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1406] <... clone3 resumed> => {parent_tid=[1407]}, 88) = 1407 [pid 1406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1407] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1407] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1407] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1407] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1407] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1407] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1407] ioctl(3, VHOST_SET_VRING_ADDR [pid 1406] <... futex resumed>) = 0 [pid 1407] <... ioctl resumed>, 0x200000000240) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1407] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1407] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1407] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] <... ioctl resumed>, 0x200000000140) = 0 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1407] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1406] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1407] memfd_create("syzkaller", 0) = 5 [pid 1407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1407] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1407] munmap(0x7f676585d000, 138412032) = 0 [pid 1407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1407] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1407] close(5) = 0 [pid 1407] close(6) = 0 [pid 1407] mkdir("./file0", 0777) = 0 [pid 1407] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1407] chdir("./file0") = 0 [pid 1407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1407] ioctl(6, LOOP_CLR_FD) = 0 [pid 1407] close(6) = 0 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] write(6, "#! ./file1\n", 11) = 11 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1407] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1406] <... futex resumed>) = 0 [pid 1406] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1406] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1406] <... futex resumed>) = ? [pid 1407] +++ killed by SIGBUS +++ [pid 1406] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1406, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 [ 56.648453][ T1408] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1407: bg 0: block 234: padding at end of block bitmap is not set umount2("./177/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1412 ./strace-static-x86_64: Process 1412 attached [pid 1412] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1412] chdir("./178") = 0 [pid 1412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1412] setpgid(0, 0) = 0 [pid 1412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1412] write(3, "1000", 4) = 4 [pid 1412] close(3) = 0 [pid 1412] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1412] write(1, "executing program\n", 18) = 18 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1412] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1413 attached [pid 1413] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1413] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1412] <... clone3 resumed> => {parent_tid=[1413]}, 88) = 1413 [pid 1412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] <... futex resumed>) = 0 [pid 1412] <... futex resumed>) = 1 [pid 1413] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1413] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1413] <... futex resumed>) = 0 [pid 1413] ioctl(3, VHOST_SET_OWNER [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] <... ioctl resumed>, 0) = 0 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] ioctl(3, VHOST_SET_MEM_TABLE [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] <... ioctl resumed>, 0x200000003380) = 0 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] ioctl(3, VHOST_SET_VRING_ERR [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] ioctl(3, VHOST_SET_VRING_ADDR [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] <... ioctl resumed>, 0x200000000240) = 0 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1413] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1413] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1413] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] <... ioctl resumed>, 0x200000000140) = 0 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1413] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] <... futex resumed>) = 0 [pid 1412] <... futex resumed>) = 1 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1413] memfd_create("syzkaller", 0) = 5 [pid 1413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1413] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1413] munmap(0x7f676585d000, 138412032) = 0 [pid 1413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1413] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1413] close(5) = 0 [pid 1413] close(6) = 0 [pid 1413] mkdir("./file0", 0777) = 0 [pid 1413] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1413] chdir("./file0") = 0 [pid 1413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1413] ioctl(6, LOOP_CLR_FD) = 0 [pid 1413] close(6) = 0 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] <... openat resumed>) = 6 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] write(6, "#! ./file1\n", 11) = 11 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1413] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1413] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1412] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1413] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 1412] <... futex resumed>) = ? [pid 1413] +++ killed by SIGBUS +++ [pid 1412] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1412, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./178", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 [ 56.807527][ T1414] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1413: bg 0: block 234: padding at end of block bitmap is not set umount2("./178/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557cd35770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557cd35770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x55557cd2d730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cd2c690) = 1418 ./strace-static-x86_64: Process 1418 attached [pid 1418] set_robust_list(0x55557cd2c6a0, 24) = 0 [pid 1418] chdir("./179") = 0 [pid 1418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1418] setpgid(0, 0) = 0 [pid 1418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1418] write(3, "1000", 4) = 4 [pid 1418] close(3) = 0 [pid 1418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1418] write(1, "executing program\n", 18executing program ) = 18 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1418] rt_sigaction(SIGRT_1, {sa_handler=0x7f676dce75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f676dcd8760}, NULL, 8) = 0 [pid 1418] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f676dc5d000 [pid 1418] mprotect(0x7f676dc5e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f676dc7d990, parent_tid=0x7f676dc7d990, exit_signal=0, stack=0x7f676dc5d000, stack_size=0x20300, tls=0x7f676dc7d6c0}./strace-static-x86_64: Process 1419 attached => {parent_tid=[1419]}, 88) = 1419 [pid 1419] set_robust_list(0x7f676dc7d9a0, 24) = 0 [pid 1419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1419] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1419] <... futex resumed>) = 0 [pid 1419] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1419] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1419] <... futex resumed>) = 0 [pid 1419] ioctl(3, VHOST_SET_OWNER [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] <... ioctl resumed>, 0) = 0 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1419] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1419] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1419] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1419] <... ioctl resumed>, 0x200000000140) = 0 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1419] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 1418] <... futex resumed>) = 1 [pid 1419] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1419] <... futex resumed>) = 0 [pid 1418] <... futex resumed>) = 1 [pid 1419] memfd_create("syzkaller", 0) = 5 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f676585d000 [pid 1419] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1419] munmap(0x7f676585d000, 138412032) = 0 [pid 1419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1419] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1419] close(5) = 0 [pid 1419] close(6) = 0 [pid 1419] mkdir("./file0", 0777) = 0 [pid 1419] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 1419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1419] chdir("./file0") = 0 [pid 1419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1419] ioctl(6, LOOP_CLR_FD) = 0 [pid 1419] close(6) = 0 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1419] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] <... openat resumed>) = 6 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1419] write(6, "#! ./file1\n", 11 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] <... write resumed>) = 11 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1419] futex(0x7f676dd496c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1419] ioctl(-1, KVM_SET_IRQCHIP, 0x200000000280 [pid 1418] <... futex resumed>) = 0 [pid 1418] futex(0x7f676dd496cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1419] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 1419] futex(0x7f676dd496cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] <... futex resumed>) = 0 [pid 1418] exit_group(0) = ? [pid 1419] +++ exited with 0 +++ [pid 1418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1418, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557cd2d730 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 [ 57.029024][ T1420] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-1419: bg 0: block 234: padding at end of block bitmap is not set [ 57.051563][ T1020] ------------[ cut here ]------------ [ 57.057024][ T1020] kernel BUG at fs/ext4/inode.c:2844! [ 57.062584][ T1020] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 57.068656][ T1020] CPU: 0 PID: 1020 Comm: kworker/u4:3 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0 [ 57.078604][ T1020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 57.088656][ T1020] Workqueue: writeback wb_workfn (flush-7:0) [ 57.094621][ T1020] RIP: 0010:ext4_writepages+0x2f83/0x2fb0 [ 57.100318][ T1020] Code: 0f 94 c6 bf 02 00 00 00 e8 6a 29 a1 ff 84 db 75 2e e8 11 27 a1 ff 49 bc 00 00 00 00 00 fc ff df e9 47 f9 ff ff e8 fd 26 a1 ff <0f> 0b e8 f6 26 a1 ff 0f 0b e8 ef 26 a1 ff e8 ba ef 41 ff eb 9b e8 [ 57.119901][ T1020] RSP: 0018:ffff8881e3a9f1a0 EFLAGS: 00010293 [ 57.125959][ T1020] RAX: ffffffff81be57e3 RBX: 0000010410000000 RCX: ffff8881e5620000 [ 57.133909][ T1020] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 57.141858][ T1020] RBP: ffff8881e3a9f4f0 R08: dffffc0000000000 R09: ffffed103b9745d8 [ 57.149830][ T1020] R10: ffffed103b9745d8 R11: 1ffff1103b9745d7 R12: dffffc0000000000 [ 57.157779][ T1020] R13: ffff8881e3a9f810 R14: 0000010000000000 R15: ffff8881dcba2f90 [ 57.165730][ T1020] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 57.174658][ T1020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.181227][ T1020] CR2: 0000000000000002 CR3: 00000001d9cff000 CR4: 00000000003406b0 [ 57.189237][ T1020] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.197194][ T1020] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.205146][ T1020] Call Trace: [ 57.208424][ T1020] ? __kasan_check_read+0x11/0x20 [ 57.213431][ T1020] ? __find_get_block+0xab4/0xe90 [ 57.218447][ T1020] ? write_boundary_block+0x140/0x140 [ 57.223902][ T1020] ? ext4_readpage+0x310/0x310 [ 57.228646][ T1020] ? __getblk_gfp+0x3b/0x760 [ 57.233215][ T1020] ? ext4_get_group_desc+0x249/0x2a0 [ 57.238480][ T1020] ? debug_smp_processor_id+0x20/0x20 [ 57.243830][ T1020] ? check_preemption_disabled+0x9b/0x300 [ 57.249529][ T1020] ? ext4_readpage+0x310/0x310 [ 57.254268][ T1020] do_writepages+0x127/0x270 [ 57.258850][ T1020] ? __writepage+0x120/0x120 [ 57.263425][ T1020] ? __kasan_check_write+0x14/0x20 [ 57.268515][ T1020] ? _raw_spin_lock+0x8e/0xe0 [ 57.273169][ T1020] ? __kasan_check_write+0x14/0x20 [ 57.278287][ T1020] __writeback_single_inode+0xd9/0xc30 [ 57.283724][ T1020] ? wbc_attach_and_unlock_inode+0x3b3/0x5b0 [ 57.289683][ T1020] writeback_sb_inodes+0x94f/0x1700 [ 57.294869][ T1020] ? _raw_spin_lock+0x8e/0xe0 [ 57.299526][ T1020] ? queue_io+0x4e0/0x4e0 [ 57.303839][ T1020] ? __kasan_check_read+0x11/0x20 [ 57.308848][ T1020] wb_writeback+0x3e1/0xc20 [ 57.313338][ T1020] ? wb_io_lists_depopulated+0x170/0x170 [ 57.318949][ T1020] ? check_preemption_disabled+0x9b/0x300 [ 57.324646][ T1020] ? debug_smp_processor_id+0x20/0x20 [ 57.330020][ T1020] ? __kasan_check_write+0x14/0x20 [ 57.335236][ T1020] wb_workfn+0x375/0xf90 [ 57.339471][ T1020] ? _raw_spin_lock+0x8e/0xe0 [ 57.344137][ T1020] ? inode_wait_for_writeback+0x200/0x200 [ 57.349846][ T1020] ? __kasan_check_read+0x11/0x20 [ 57.354869][ T1020] ? switch_mm_irqs_off+0x681/0x9b0 [ 57.360049][ T1020] ? _raw_spin_unlock_irq+0x4e/0x70 [ 57.365239][ T1020] ? finish_task_switch+0x12e/0x590 [ 57.370418][ T1020] ? __schedule+0xa57/0x12a0 [ 57.374987][ T1020] ? __kasan_check_read+0x11/0x20 [ 57.379990][ T1020] ? read_word_at_a_time+0x12/0x20 [ 57.385094][ T1020] ? strscpy+0x9b/0x290 [ 57.389239][ T1020] process_one_work+0x73b/0xcc0 [ 57.394073][ T1020] worker_thread+0xa5c/0x13b0 [ 57.398750][ T1020] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 57.404202][ T1020] ? __kasan_check_read+0x11/0x20 [ 57.409220][ T1020] kthread+0x31e/0x3a0 [ 57.413272][ T1020] ? worker_clr_flags+0x190/0x190 [ 57.418271][ T1020] ? kthread_blkcg+0xd0/0xd0 [ 57.422858][ T1020] ret_from_fork+0x1f/0x30 [ 57.427340][ T1020] Modules linked in: [ 57.431569][ T1020] ---[ end trace 0a486e17a43b94b8 ]--- [ 57.437096][ T1020] RIP: 0010:ext4_writepages+0x2f83/0x2fb0 [ 57.442799][ T1020] Code: 0f 94 c6 bf 02 00 00 00 e8 6a 29 a1 ff 84 db 75 2e e8 11 27 a1 ff 49 bc 00 00 00 00 00 fc ff df e9 47 f9 ff ff e8 fd 26 a1 ff <0f> 0b e8 f6 26 a1 ff 0f 0b e8 ef 26 a1 ff e8 ba ef 41 ff eb 9b e8 [ 57.462438][ T1020] RSP: 0018:ffff8881e3a9f1a0 EFLAGS: 00010293 [ 57.468542][ T1020] RAX: ffffffff81be57e3 RBX: 0000010410000000 RCX: ffff8881e5620000 [ 57.476537][ T1020] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 57.484507][ T1020] RBP: ffff8881e3a9f4f0 R08: dffffc0000000000 R09: ffffed103b9745d8 [ 57.492553][ T1020] R10: ffffed103b9745d8 R11: 1ffff1103b9745d7 R12: dffffc0000000000 [ 57.500574][ T1020] R13: ffff8881e3a9f810 R14: 0000010000000000 R15: ffff8881dcba2f90 [ 57.508568][ T1020] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 57.517513][ T1020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.524090][ T1020] CR2: 0000000000000002 CR3: 00000001d9cff000 CR4: 00000000003406b0 [ 57.532097][ T1020] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.540084][ T1020] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.548253][ T1020] Kernel panic - not syncing: Fatal exception [ 57.554548][ T1020] Kernel Offset: disabled [ 57.558864][ T1020] Rebooting in 86400 seconds.. umount2("./179/file0", MNT_FORCE|UMOUNT_NOFOLLOW