./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1680968320 <...> Warning: Permanently added '10.128.0.176' (ED25519) to the list of known hosts. execve("./syz-executor1680968320", ["./syz-executor1680968320"], 0x7ffe05efc040 /* 10 vars */) = 0 brk(NULL) = 0x55555bd90000 brk(0x55555bd90d00) = 0x55555bd90d00 arch_prctl(ARCH_SET_FS, 0x55555bd90380) = 0 set_tid_address(0x55555bd90650) = 296 set_robust_list(0x55555bd90660, 24) = 0 rseq(0x55555bd90ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1680968320", 4096) = 28 getrandom("\xfd\x85\xf7\x89\x67\x95\x00\x63", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555bd90d00 brk(0x55555bdb1d00) = 0x55555bdb1d00 brk(0x55555bdb2000) = 0x55555bdb2000 mprotect(0x7fb97ca14000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 297 ./strace-static-x86_64: Process 297 attached [pid 296] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC [pid 297] set_robust_list(0x55555bd90660, 24) = 0 [pid 296] <... openat resumed>) = 3 [pid 296] write(3, "10000000000", 11) = 11 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "20", 2) = 2 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1", 1) = 1 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "0", 1) = 1 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "0", 1) = 1 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1", 1) = 1 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "100", 3) = 3 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "0", 1) = 1 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "0", 1) = 1 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "7 4 1 3", 7) = 7 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1", 1) = 1 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1", 1) = 1 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "0", 1) = 1 [pid 296] close(3) = 0 [pid 296] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "297", 3) = 3 [pid 296] close(3) = 0 [pid 296] kill(297, SIGKILL) = 0 [pid 297] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=297, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- mkdir("./syzkaller.KAJhmf", 0700) = 0 chmod("./syzkaller.KAJhmf", 0777) = 0 chdir("./syzkaller.KAJhmf") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 23.745648][ T28] audit: type=1400 audit(1744585662.525:66): avc: denied { execmem } for pid=296 comm="syz-executor168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 298 executing program ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x55555bd90660, 24) = 0 [pid 298] chdir("./0") = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 298] write(1, "executing program\n", 18) = 18 [pid 298] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 298] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 298] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 298] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 298] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 298] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 298] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 298] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 298] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 298] memfd_create("syzkaller", 0) = 5 [pid 298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 298] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 23.776481][ T28] audit: type=1400 audit(1744585662.555:67): avc: denied { read write } for pid=296 comm="syz-executor168" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.801243][ T28] audit: type=1400 audit(1744585662.565:68): avc: denied { open } for pid=296 comm="syz-executor168" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 298] munmap(0x7fb974560000, 138412032) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 298] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 298] close(5) = 0 [pid 298] close(6) = 0 [pid 298] mkdir("./file0", 0777) = 0 [ 23.825749][ T28] audit: type=1400 audit(1744585662.565:69): avc: denied { ioctl } for pid=296 comm="syz-executor168" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.850513][ T298] loop0: detected capacity change from 0 to 2048 [ 23.852090][ T28] audit: type=1400 audit(1744585662.585:70): avc: denied { read write } for pid=298 comm="syz-executor168" name="vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.885038][ T28] audit: type=1400 audit(1744585662.585:71): avc: denied { open } for pid=298 comm="syz-executor168" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.909222][ T28] audit: type=1400 audit(1744585662.585:72): avc: denied { ioctl } for pid=298 comm="syz-executor168" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 298] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 298] chdir("./file0") = 0 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 298] ioctl(6, LOOP_CLR_FD) = 0 [pid 298] close(6) = 0 [pid 298] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 298] write(6, "#! ./file1\n", 11) = 11 [pid 298] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 23.934395][ T28] audit: type=1400 audit(1744585662.645:73): avc: denied { mounton } for pid=298 comm="syz-executor168" path="/root/syzkaller.KAJhmf/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.960928][ T298] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.970097][ T28] audit: type=1400 audit(1744585662.755:74): avc: denied { mount } for pid=298 comm="syz-executor168" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 298] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 298] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=298, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 23.992387][ T298] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [ 24.006996][ T28] audit: type=1400 audit(1744585662.755:75): avc: denied { write } for pid=298 comm="syz-executor168" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x55555bd90660, 24) = 0 [pid 304] chdir("./1") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] write(1, "executing program\n", 18executing program ) = 18 [pid 304] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 304] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 304] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 304] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 304] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 304] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 304] memfd_create("syzkaller", 0) = 5 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 304] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 304] munmap(0x7fb974560000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.042594][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 304] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 304] close(5) = 0 [pid 304] close(6) = 0 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 304] chdir("./file0") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 304] ioctl(6, LOOP_CLR_FD) = 0 [pid 304] close(6) = 0 [pid 304] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 304] write(6, "#! ./file1\n", 11) = 11 [pid 304] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.073314][ T304] loop0: detected capacity change from 0 to 2048 [ 24.100987][ T304] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 304] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 310 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x55555bd90660, 24) = 0 [pid 310] chdir("./2") = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 310] write(1, "executing program\n", 18) = 18 [pid 310] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 310] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 310] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 310] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 310] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 310] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 310] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 310] memfd_create("syzkaller", 0) = 5 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 310] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 310] munmap(0x7fb974560000, 138412032) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.117731][ T305] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-304: bg 0: block 234: padding at end of block bitmap is not set [ 24.145588][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 310] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 310] close(5) = 0 [pid 310] close(6) = 0 [pid 310] mkdir("./file0", 0777) = 0 [pid 310] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 310] chdir("./file0") = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_CLR_FD) = 0 [pid 310] close(6) = 0 [pid 310] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 310] write(6, "#! ./file1\n", 11) = 11 [pid 310] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 310] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=310, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [ 24.172186][ T310] loop0: detected capacity change from 0 to 2048 [ 24.190307][ T310] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.201817][ T310] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2"executing program ) = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 314 ./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x55555bd90660, 24) = 0 [pid 314] chdir("./3") = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 314] write(1, "executing program\n", 18) = 18 [pid 314] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 314] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 314] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 314] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 314] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 314] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 314] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 314] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 314] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 314] memfd_create("syzkaller", 0) = 5 [pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 314] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 314] munmap(0x7fb974560000, 138412032) = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 314] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 314] close(5) = 0 [pid 314] close(6) = 0 [pid 314] mkdir("./file0", 0777) = 0 [ 24.218085][ T310] syz-executor168 (310) used greatest stack depth: 22344 bytes left [ 24.230057][ T296] EXT4-fs (loop0): unmounting filesystem. [ 24.259430][ T314] loop0: detected capacity change from 0 to 2048 [pid 314] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 314] chdir("./file0") = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 314] ioctl(6, LOOP_CLR_FD) = 0 [pid 314] close(6) = 0 [pid 314] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 314] write(6, "#! ./file1\n", 11) = 11 [pid 314] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 314] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 314] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=314, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 24.290180][ T314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.314372][ T315] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-314: bg 0: block 234: padding at end of block bitmap is not set [ 24.329716][ T315] vhost-314 (315) used greatest stack depth: 21800 bytes left umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 318 ./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x55555bd90660, 24) = 0 [pid 318] chdir("./4") = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 318] write(1, "executing program\n", 18executing program ) = 18 [pid 318] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 318] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 318] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 318] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 318] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 318] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 318] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 318] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 318] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 318] memfd_create("syzkaller", 0) = 5 [pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 318] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 318] munmap(0x7fb974560000, 138412032) = 0 [pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 318] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 318] close(5) = 0 [pid 318] close(6) = 0 [pid 318] mkdir("./file0", 0777) = 0 [pid 318] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 318] chdir("./file0") = 0 [ 24.341731][ T296] EXT4-fs (loop0): unmounting filesystem. [ 24.368494][ T318] loop0: detected capacity change from 0 to 2048 [pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 318] ioctl(6, LOOP_CLR_FD) = 0 [pid 318] close(6) = 0 [pid 318] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 318] write(6, "#! ./file1\n", 11) = 11 [pid 318] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 318] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 318] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=318, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x55555bd90660, 24) = 0 [pid 322] chdir("./5") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 322] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 322] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 322] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 322] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 322] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 322] memfd_create("syzkaller", 0) = 5 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 322] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 322] munmap(0x7fb974560000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.383912][ T318] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.402426][ T319] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-318: bg 0: block 234: padding at end of block bitmap is not set [ 24.429424][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 322] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 322] close(5) = 0 [pid 322] close(6) = 0 [pid 322] mkdir("./file0", 0777) = 0 [pid 322] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 322] chdir("./file0") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 322] ioctl(6, LOOP_CLR_FD) = 0 [pid 322] close(6) = 0 [pid 322] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 322] write(6, "#! ./file1\n", 11) = 11 [pid 322] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.457330][ T322] loop0: detected capacity change from 0 to 2048 [ 24.490147][ T322] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 322] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=322, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55555bd90650) = 326 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x55555bd90660, 24) = 0 [pid 326] chdir("./6") = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [pid 326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 326] write(1, "executing program\n", 18) = 18 [pid 326] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 326] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 326] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 326] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 326] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 326] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 326] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 326] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 326] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 326] memfd_create("syzkaller", 0) = 5 [pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 326] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 326] munmap(0x7fb974560000, 138412032) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.510018][ T323] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-322: bg 0: block 234: padding at end of block bitmap is not set [ 24.537886][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 326] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 326] close(5) = 0 [pid 326] close(6) = 0 [pid 326] mkdir("./file0", 0777) = 0 [pid 326] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 326] chdir("./file0") = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 326] ioctl(6, LOOP_CLR_FD) = 0 [pid 326] close(6) = 0 [pid 326] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 326] write(6, "#! ./file1\n", 11) = 11 [pid 326] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.570332][ T326] loop0: detected capacity change from 0 to 2048 [ 24.600259][ T326] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 326] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 326] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=326, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55555bd90650) = 330 ./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x55555bd90660, 24) = 0 [pid 330] chdir("./7") = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 330] write(1, "executing program\n", 18) = 18 [pid 330] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 330] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 330] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 330] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 330] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 330] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 330] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 330] memfd_create("syzkaller", 0) = 5 [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 330] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 330] munmap(0x7fb974560000, 138412032) = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.617841][ T327] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-326: bg 0: block 234: padding at end of block bitmap is not set [ 24.640892][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 330] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 330] close(5) = 0 [pid 330] close(6) = 0 [pid 330] mkdir("./file0", 0777) = 0 [pid 330] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 330] chdir("./file0") = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 330] ioctl(6, LOOP_CLR_FD) = 0 [pid 330] close(6) = 0 [pid 330] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 330] write(6, "#! ./file1\n", 11) = 11 [pid 330] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 330] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=330, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 24.668067][ T330] loop0: detected capacity change from 0 to 2048 [ 24.683845][ T330] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.697410][ T330] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x55555bd90660, 24) = 0 [pid 334] chdir("./8") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 334] write(1, "executing program\n", 18executing program ) = 18 [pid 334] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 334] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 334] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 334] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 334] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 334] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 334] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 334] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 334] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 334] memfd_create("syzkaller", 0) = 5 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 334] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 334] munmap(0x7fb974560000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 334] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 334] close(5) = 0 [pid 334] close(6) = 0 [pid 334] mkdir("./file0", 0777) = 0 [ 24.725226][ T296] EXT4-fs (loop0): unmounting filesystem. [ 24.757649][ T334] loop0: detected capacity change from 0 to 2048 [pid 334] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 334] chdir("./file0") = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 334] ioctl(6, LOOP_CLR_FD) = 0 [pid 334] close(6) = 0 [pid 334] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 334] write(6, "#! ./file1\n", 11) = 11 [pid 334] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 334] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 334] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=334, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 24.790351][ T334] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.814794][ T335] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-334: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 338 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x55555bd90660, 24) = 0 [pid 338] chdir("./9") = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 338] write(1, "executing program\n", 18) = 18 [pid 338] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 338] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 338] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 338] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 338] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 338] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 338] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 338] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 338] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 338] memfd_create("syzkaller", 0) = 5 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 338] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 338] munmap(0x7fb974560000, 138412032) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 338] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 338] close(5) = 0 [pid 338] close(6) = 0 [pid 338] mkdir("./file0", 0777) = 0 [ 24.842840][ T296] EXT4-fs (loop0): unmounting filesystem. [ 24.872670][ T338] loop0: detected capacity change from 0 to 2048 [pid 338] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 338] chdir("./file0") = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 338] ioctl(6, LOOP_CLR_FD) = 0 [pid 338] close(6) = 0 [pid 338] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 338] write(6, "#! ./file1\n", 11) = 11 [pid 338] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 338] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=338, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x55555bd90660, 24) = 0 [pid 342] chdir("./10") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 342] write(1, "executing program\n", 18executing program ) = 18 [pid 342] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 342] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 342] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 342] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 342] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 342] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 342] memfd_create("syzkaller", 0) = 5 [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 342] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 342] munmap(0x7fb974560000, 138412032) = 0 [pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.900127][ T338] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.912711][ T338] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [ 24.942091][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 342] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 342] close(5) = 0 [pid 342] close(6) = 0 [pid 342] mkdir("./file0", 0777) = 0 [pid 342] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 342] chdir("./file0") = 0 [pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 342] ioctl(6, LOOP_CLR_FD) = 0 [pid 342] close(6) = 0 [pid 342] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 342] write(6, "#! ./file1\n", 11) = 11 [pid 342] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 24.966576][ T342] loop0: detected capacity change from 0 to 2048 [ 24.990026][ T342] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 342] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 342] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=342, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 346 ./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x55555bd90660, 24) = 0 [pid 346] chdir("./11") = 0 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 [pid 346] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 346] write(1, "executing program\n", 18) = 18 [pid 346] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 346] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 346] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 346] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 346] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 346] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 346] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 346] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 346] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 346] memfd_create("syzkaller", 0) = 5 [pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 346] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 346] munmap(0x7fb974560000, 138412032) = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.010236][ T343] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-342: bg 0: block 234: padding at end of block bitmap is not set [ 25.038131][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 346] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 346] close(5) = 0 [pid 346] close(6) = 0 [pid 346] mkdir("./file0", 0777) = 0 [pid 346] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 346] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 346] chdir("./file0") = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 346] ioctl(6, LOOP_CLR_FD) = 0 [pid 346] close(6) = 0 [pid 346] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 346] write(6, "#! ./file1\n", 11) = 11 [pid 346] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 346] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 346] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=346, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 25.065451][ T346] loop0: detected capacity change from 0 to 2048 [ 25.081574][ T346] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.094914][ T346] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 351 ./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x55555bd90660, 24) = 0 [pid 351] chdir("./12") = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [pid 351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 351] write(1, "executing program\n", 18executing program ) = 18 [pid 351] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 351] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 351] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 351] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 351] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 351] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 351] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 351] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 351] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 351] memfd_create("syzkaller", 0) = 5 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 351] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 351] munmap(0x7fb974560000, 138412032) = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 351] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 351] close(5) = 0 [pid 351] close(6) = 0 [pid 351] mkdir("./file0", 0777) = 0 [ 25.124400][ T296] EXT4-fs (loop0): unmounting filesystem. [ 25.156744][ T351] loop0: detected capacity change from 0 to 2048 [pid 351] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 351] chdir("./file0") = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 351] ioctl(6, LOOP_CLR_FD) = 0 [pid 351] close(6) = 0 [pid 351] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 351] write(6, "#! ./file1\n", 11) = 11 [pid 351] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 351] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 351] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=351, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x55555bd90660, 24) = 0 executing program [pid 355] chdir("./13") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18) = 18 [pid 355] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 355] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 355] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 355] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 355] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 355] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 355] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 355] memfd_create("syzkaller", 0) = 5 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 355] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 355] munmap(0x7fb974560000, 138412032) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.190132][ T351] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.203191][ T351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [ 25.230592][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 355] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 355] close(5) = 0 [pid 355] close(6) = 0 [pid 355] mkdir("./file0", 0777) = 0 [pid 355] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 355] chdir("./file0") = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 355] ioctl(6, LOOP_CLR_FD) = 0 [pid 355] close(6) = 0 [pid 355] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 355] write(6, "#! ./file1\n", 11) = 11 [pid 355] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 355] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 25.255192][ T355] loop0: detected capacity change from 0 to 2048 [ 25.271509][ T355] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.290565][ T356] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-355: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x55555bd90660, 24) = 0 [pid 359] chdir("./14") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 359] write(1, "executing program\n", 18) = 18 [pid 359] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 359] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 359] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 359] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 359] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 359] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 359] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 359] memfd_create("syzkaller", 0) = 5 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 359] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 359] munmap(0x7fb974560000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 359] close(5) = 0 [pid 359] close(6) = 0 [pid 359] mkdir("./file0", 0777) = 0 [pid 359] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [ 25.329033][ T296] EXT4-fs (loop0): unmounting filesystem. [ 25.355710][ T359] loop0: detected capacity change from 0 to 2048 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 359] chdir("./file0") = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_CLR_FD) = 0 [pid 359] close(6) = 0 [pid 359] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 359] write(6, "#! ./file1\n", 11) = 11 [pid 359] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 359] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=359, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 25.371397][ T359] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.384159][ T359] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0"executing program ) = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x55555bd90660, 24) = 0 [pid 363] chdir("./15") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 363] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 363] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 363] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 363] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 363] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 363] memfd_create("syzkaller", 0) = 5 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 363] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 363] munmap(0x7fb974560000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 363] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 363] close(5) = 0 [pid 363] close(6) = 0 [pid 363] mkdir("./file0", 0777) = 0 [ 25.422240][ T296] EXT4-fs (loop0): unmounting filesystem. [ 25.451689][ T363] loop0: detected capacity change from 0 to 2048 [pid 363] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 363] chdir("./file0") = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 363] ioctl(6, LOOP_CLR_FD) = 0 [pid 363] close(6) = 0 [pid 363] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 363] write(6, "#! ./file1\n", 11) = 11 [pid 363] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 363] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 363] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=363, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 25.480148][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.499547][ T364] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-363: bg 0: block 234: padding at end of block bitmap is not set umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x55555bd90660, 24) = 0 [pid 367] chdir("./16") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] write(1, "executing program\n", 18executing program ) = 18 [pid 367] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 367] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 367] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 367] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 367] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 367] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 367] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 367] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 367] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 367] memfd_create("syzkaller", 0) = 5 [pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 367] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 367] munmap(0x7fb974560000, 138412032) = 0 [pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.527393][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 367] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 367] close(5) = 0 [pid 367] close(6) = 0 [pid 367] mkdir("./file0", 0777) = 0 [pid 367] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 367] chdir("./file0") = 0 [pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 367] ioctl(6, LOOP_CLR_FD) = 0 [pid 367] close(6) = 0 [pid 367] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 367] write(6, "#! ./file1\n", 11) = 11 [pid 367] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.555720][ T367] loop0: detected capacity change from 0 to 2048 [ 25.580534][ T367] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 367] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 367] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55555bd90650) = 371 ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x55555bd90660, 24) = 0 [pid 371] chdir("./17") = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 371] write(1, "executing program\n", 18) = 18 [pid 371] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 371] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 371] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 371] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 371] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 371] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 371] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 371] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 371] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 371] memfd_create("syzkaller", 0) = 5 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 371] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 371] munmap(0x7fb974560000, 138412032) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.599613][ T368] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-367: bg 0: block 234: padding at end of block bitmap is not set [ 25.622818][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 371] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 371] close(5) = 0 [pid 371] close(6) = 0 [pid 371] mkdir("./file0", 0777) = 0 [pid 371] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 371] chdir("./file0") = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 371] ioctl(6, LOOP_CLR_FD) = 0 [pid 371] close(6) = 0 [pid 371] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 371] write(6, "#! ./file1\n", 11) = 11 [pid 371] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 371] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=371, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 25.648445][ T371] loop0: detected capacity change from 0 to 2048 [ 25.670526][ T371] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.683544][ T371] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55555bd90650) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x55555bd90660, 24) = 0 [pid 375] chdir("./18") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 375] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 375] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 375] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 375] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 375] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 375] memfd_create("syzkaller", 0) = 5 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 375] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 375] munmap(0x7fb974560000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 375] close(5) = 0 [pid 375] close(6) = 0 [pid 375] mkdir("./file0", 0777) = 0 [ 25.711667][ T296] EXT4-fs (loop0): unmounting filesystem. [ 25.741920][ T375] loop0: detected capacity change from 0 to 2048 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_CLR_FD) = 0 [pid 375] close(6) = 0 [pid 375] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 375] write(6, "#! ./file1\n", 11) = 11 [pid 375] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 375] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=375, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 25.760143][ T375] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.786515][ T376] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-375: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55555bd90650) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x55555bd90660, 24) = 0 [pid 379] chdir("./19") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18) = 18 [pid 379] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 379] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 379] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 379] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 379] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 379] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 379] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 379] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 379] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 379] memfd_create("syzkaller", 0) = 5 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 379] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 379] munmap(0x7fb974560000, 138412032) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 379] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 379] close(5) = 0 [pid 379] close(6) = 0 [pid 379] mkdir("./file0", 0777) = 0 [ 25.814158][ T296] EXT4-fs (loop0): unmounting filesystem. [ 25.844192][ T379] loop0: detected capacity change from 0 to 2048 [pid 379] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 379] chdir("./file0") = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 379] ioctl(6, LOOP_CLR_FD) = 0 [pid 379] close(6) = 0 [pid 379] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 379] write(6, "#! ./file1\n", 11) = 11 [pid 379] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 379] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 379] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=379, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 25.871125][ T379] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.890179][ T380] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-379: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 executing program clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 383 ./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x55555bd90660, 24) = 0 [pid 383] chdir("./20") = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 383] write(1, "executing program\n", 18) = 18 [pid 383] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 383] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 383] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 383] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 383] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 383] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 383] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 383] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 383] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 383] memfd_create("syzkaller", 0) = 5 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 383] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 383] munmap(0x7fb974560000, 138412032) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.918124][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 383] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 383] close(5) = 0 [pid 383] close(6) = 0 [pid 383] mkdir("./file0", 0777) = 0 [pid 383] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 383] chdir("./file0") = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 383] ioctl(6, LOOP_CLR_FD) = 0 [pid 383] close(6) = 0 [pid 383] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 383] write(6, "#! ./file1\n", 11) = 11 [pid 383] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.949458][ T383] loop0: detected capacity change from 0 to 2048 [ 25.970822][ T383] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 383] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 383] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=383, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 387 ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x55555bd90660, 24) = 0 [pid 387] chdir("./21") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] write(1, "executing program\n", 18executing program ) = 18 [pid 387] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 387] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 387] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 387] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 387] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 387] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 387] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 387] memfd_create("syzkaller", 0) = 5 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 387] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 387] munmap(0x7fb974560000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.995635][ T384] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-383: bg 0: block 234: padding at end of block bitmap is not set [ 26.023854][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 387] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 387] close(5) = 0 [pid 387] close(6) = 0 [pid 387] mkdir("./file0", 0777) = 0 [pid 387] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 387] chdir("./file0") = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 387] ioctl(6, LOOP_CLR_FD) = 0 [pid 387] close(6) = 0 [pid 387] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 387] write(6, "#! ./file1\n", 11) = 11 [pid 387] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 387] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 387] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=387, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 26.049826][ T387] loop0: detected capacity change from 0 to 2048 [ 26.065438][ T387] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.080732][ T388] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-387: bg 0: block 234: padding at end of block bitmap is not set umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55555bd90650) = 392 ./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x55555bd90660, 24) = 0 [pid 392] chdir("./22") = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 392] write(1, "executing program\n", 18) = 18 [pid 392] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 392] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 392] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 392] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 392] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 392] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 392] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 392] memfd_create("syzkaller", 0) = 5 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 392] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 392] munmap(0x7fb974560000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 392] close(5) = 0 [pid 392] close(6) = 0 [pid 392] mkdir("./file0", 0777) = 0 [ 26.101221][ T296] EXT4-fs (loop0): unmounting filesystem. [ 26.131509][ T392] loop0: detected capacity change from 0 to 2048 [pid 392] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 392] chdir("./file0") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_CLR_FD) = 0 [pid 392] close(6) = 0 [pid 392] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 392] write(6, "#! ./file1\n", 11) = 11 [pid 392] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 392] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 392] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=392, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 396 ./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x55555bd90660, 24) = 0 [pid 396] chdir("./23") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 396] write(1, "executing program\n", 18) = 18 [pid 396] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 396] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 396] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 396] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 396] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 396] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 396] memfd_create("syzkaller", 0) = 5 [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 396] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 396] munmap(0x7fb974560000, 138412032) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.160682][ T392] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.178137][ T393] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-392: bg 0: block 234: padding at end of block bitmap is not set [ 26.202787][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 396] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 396] close(5) = 0 [pid 396] close(6) = 0 [pid 396] mkdir("./file0", 0777) = 0 [pid 396] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 396] chdir("./file0") = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 396] ioctl(6, LOOP_CLR_FD) = 0 [pid 396] close(6) = 0 [pid 396] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 396] write(6, "#! ./file1\n", 11) = 11 [pid 396] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 396] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=396, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 26.237615][ T396] loop0: detected capacity change from 0 to 2048 [ 26.260009][ T396] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.271036][ T396] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 400 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x55555bd90660, 24) = 0 [pid 400] chdir("./24") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 400] write(1, "executing program\n", 18) = 18 [pid 400] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 400] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 400] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 400] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 400] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 400] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 400] memfd_create("syzkaller", 0) = 5 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 400] munmap(0x7fb974560000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 400] close(5) = 0 [pid 400] close(6) = 0 [pid 400] mkdir("./file0", 0777) = 0 [ 26.299753][ T296] EXT4-fs (loop0): unmounting filesystem. [ 26.327289][ T400] loop0: detected capacity change from 0 to 2048 [pid 400] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_CLR_FD) = 0 [pid 400] close(6) = 0 [pid 400] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 400] write(6, "#! ./file1\n", 11) = 11 [pid 400] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 400] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=400, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55555bd90650) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x55555bd90660, 24) = 0 [pid 404] chdir("./25") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] write(1, "executing program\n", 18) = 18 [pid 404] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 404] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 404] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 404] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 404] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 404] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 404] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 404] memfd_create("syzkaller", 0) = 5 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 404] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 404] munmap(0x7fb974560000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.350097][ T400] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.363878][ T400] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [ 26.383869][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 404] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 404] close(5) = 0 [pid 404] close(6) = 0 [pid 404] mkdir("./file0", 0777) = 0 [pid 404] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_CLR_FD) = 0 [pid 404] close(6) = 0 [pid 404] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 404] write(6, "#! ./file1\n", 11) = 11 [pid 404] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.411521][ T404] loop0: detected capacity change from 0 to 2048 [ 26.446753][ T404] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 404] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 404] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=404, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x55555bd90660, 24) = 0 [pid 408] chdir("./26") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] write(1, "executing program\n", 18) = 18 [pid 408] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 408] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 408] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 408] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 408] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 408] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 408] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 408] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 408] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 408] memfd_create("syzkaller", 0) = 5 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 408] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 408] munmap(0x7fb974560000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.459763][ T404] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [ 26.492295][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 408] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 408] close(5) = 0 [pid 408] close(6) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 408] chdir("./file0") = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 408] ioctl(6, LOOP_CLR_FD) = 0 [pid 408] close(6) = 0 [pid 408] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 408] write(6, "#! ./file1\n", 11) = 11 [pid 408] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 408] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 408] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=408, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 26.524410][ T408] loop0: detected capacity change from 0 to 2048 [ 26.540535][ T408] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.553604][ T408] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 412 ./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x55555bd90660, 24) = 0 [pid 412] chdir("./27") = 0 [pid 412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 412] setpgid(0, 0) = 0 [pid 412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 412] write(3, "1000", 4) = 4 [pid 412] close(3) = 0 [pid 412] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 412] write(1, "executing program\n", 18) = 18 [pid 412] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 412] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 412] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 412] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 412] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 412] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 412] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 412] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 412] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 412] memfd_create("syzkaller", 0) = 5 [pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 412] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 412] munmap(0x7fb974560000, 138412032) = 0 [pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 412] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 412] close(5) = 0 [pid 412] close(6) = 0 [pid 412] mkdir("./file0", 0777) = 0 [ 26.581386][ T296] EXT4-fs (loop0): unmounting filesystem. [ 26.607050][ T412] loop0: detected capacity change from 0 to 2048 [pid 412] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 412] chdir("./file0") = 0 [pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 412] ioctl(6, LOOP_CLR_FD) = 0 [pid 412] close(6) = 0 [pid 412] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 412] write(6, "#! ./file1\n", 11) = 11 [pid 412] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 412] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=412, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 416 ./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x55555bd90660, 24) = 0 [pid 416] chdir("./28") = 0 [pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 416] setpgid(0, 0) = 0 [pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 416] write(3, "1000", 4) = 4 [pid 416] close(3) = 0 [pid 416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 416] write(1, "executing program\n", 18executing program ) = 18 [pid 416] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 416] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 416] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 416] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 416] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 416] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 416] memfd_create("syzkaller", 0) = 5 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 416] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 416] munmap(0x7fb974560000, 138412032) = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.630206][ T412] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.645531][ T412] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [ 26.673156][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 416] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 416] close(5) = 0 [pid 416] close(6) = 0 [pid 416] mkdir("./file0", 0777) = 0 [pid 416] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 416] chdir("./file0") = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 416] ioctl(6, LOOP_CLR_FD) = 0 [pid 416] close(6) = 0 [pid 416] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 416] write(6, "#! ./file1\n", 11) = 11 [pid 416] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 26.706984][ T416] loop0: detected capacity change from 0 to 2048 [ 26.730187][ T416] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 416] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 416] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=416, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x55555bd90660, 24) = 0 [pid 420] chdir("./29") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 420] write(1, "executing program\n", 18) = 18 [pid 420] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 420] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 420] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 420] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 420] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 420] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 420] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 420] memfd_create("syzkaller", 0) = 5 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 420] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 420] munmap(0x7fb974560000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.746805][ T416] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [ 26.774726][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 420] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 420] close(5) = 0 [pid 420] close(6) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 420] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 420] chdir("./file0") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_CLR_FD) = 0 [pid 420] close(6) = 0 [pid 420] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 420] write(6, "#! ./file1\n", 11) = 11 [pid 420] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 420] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=420, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 26.799335][ T420] loop0: detected capacity change from 0 to 2048 [ 26.812458][ T420] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.823055][ T420] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x55555bd90660, 24) = 0 [pid 424] chdir("./30") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 424] write(1, "executing program\n", 18) = 18 [pid 424] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 424] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 424] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 424] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 424] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 424] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 424] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 424] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 424] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 424] memfd_create("syzkaller", 0) = 5 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 424] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 424] munmap(0x7fb974560000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 424] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 424] close(5) = 0 [pid 424] close(6) = 0 [pid 424] mkdir("./file0", 0777) = 0 [pid 424] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [ 26.850344][ T296] EXT4-fs (loop0): unmounting filesystem. [ 26.877262][ T424] loop0: detected capacity change from 0 to 2048 [pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 424] chdir("./file0") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 424] ioctl(6, LOOP_CLR_FD) = 0 [pid 424] close(6) = 0 [pid 424] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 424] write(6, "#! ./file1\n", 11) = 11 [pid 424] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 424] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 424] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=424, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 26.893322][ T424] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.918097][ T425] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-424: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 428 ./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x55555bd90660, 24) = 0 [pid 428] chdir("./31") = 0 [pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 428] setpgid(0, 0) = 0 [pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 428] write(3, "1000", 4) = 4 [pid 428] close(3) = 0 [pid 428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 428] write(1, "executing program\n", 18) = 18 [pid 428] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 428] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 428] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 428] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 428] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 428] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 428] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 428] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 428] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 428] memfd_create("syzkaller", 0) = 5 [pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 428] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 428] munmap(0x7fb974560000, 138412032) = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.945768][ T296] EXT4-fs (loop0): unmounting filesystem. [pid 428] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 428] close(5) = 0 [pid 428] close(6) = 0 [pid 428] mkdir("./file0", 0777) = 0 [pid 428] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 428] chdir("./file0") = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 428] ioctl(6, LOOP_CLR_FD) = 0 [pid 428] close(6) = 0 [pid 428] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 428] write(6, "#! ./file1\n", 11) = 11 [pid 428] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 428] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 428] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=428, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 432 ./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x55555bd90660, 24) = 0 [pid 432] chdir("./32") = 0 [pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 432] setpgid(0, 0) = 0 [pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 432] write(3, "1000", 4) = 4 [pid 432] close(3) = 0 [pid 432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 432] write(1, "executing program\n", 18executing program ) = 18 [pid 432] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 432] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 432] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 432] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 432] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 432] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 432] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 432] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 432] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 432] memfd_create("syzkaller", 0) = 5 [pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [ 26.974471][ T428] loop0: detected capacity change from 0 to 2048 [ 26.990715][ T428] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 27.001300][ T428] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [pid 432] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 432] munmap(0x7fb974560000, 138412032) = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 432] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 432] close(5) = 0 [pid 432] close(6) = 0 [pid 432] mkdir("./file0", 0777) = 0 [pid 432] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 432] chdir("./file0") = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 432] ioctl(6, LOOP_CLR_FD) = 0 [pid 432] close(6) = 0 [pid 432] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 432] write(6, "#! ./file1\n", 11) = 11 [pid 432] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.058398][ T432] loop0: detected capacity change from 0 to 2048 [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 432] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=432, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 437 ./strace-static-x86_64: Process 437 attached [pid 437] set_robust_list(0x55555bd90660, 24) = 0 [pid 437] chdir("./33") = 0 [pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 437] setpgid(0, 0) = 0 [pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 437] write(3, "1000", 4) = 4 [pid 437] close(3) = 0 [pid 437] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 437] write(1, "executing program\n", 18) = 18 [pid 437] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 437] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 437] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 437] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 437] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 437] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 437] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 437] memfd_create("syzkaller", 0) = 5 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 437] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 437] munmap(0x7fb974560000, 138412032) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.097858][ T432] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [pid 437] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 437] close(5) = 0 [pid 437] close(6) = 0 [pid 437] mkdir("./file0", 0777) = 0 [pid 437] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 437] chdir("./file0") = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 437] ioctl(6, LOOP_CLR_FD) = 0 [pid 437] close(6) = 0 [pid 437] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 437] write(6, "#! ./file1\n", 11) = 11 [pid 437] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 437] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 437] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=437, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x55555bd90660, 24) = 0 [pid 441] chdir("./34") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 441] write(1, "executing program\n", 18executing program ) = 18 [pid 441] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 441] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 441] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 441] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 441] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 441] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 441] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 441] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 441] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 441] memfd_create("syzkaller", 0) = 5 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [ 27.149992][ T437] loop0: detected capacity change from 0 to 2048 [ 27.181087][ T437] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [pid 441] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 441] munmap(0x7fb974560000, 138412032) = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 441] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 441] close(5) = 0 [pid 441] close(6) = 0 [pid 441] mkdir("./file0", 0777) = 0 [pid 441] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 441] chdir("./file0") = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 441] ioctl(6, LOOP_CLR_FD) = 0 [pid 441] close(6) = 0 [pid 441] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 441] write(6, "#! ./file1\n", 11) = 11 [pid 441] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 441] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 441] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=441, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 27.234027][ T441] loop0: detected capacity change from 0 to 2048 [ 27.270131][ T442] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-441: bg 0: block 234: padding at end of block bitmap is not set umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x55555bd90660, 24) = 0 [pid 445] chdir("./35") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 445] write(1, "executing program\n", 18) = 18 [pid 445] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 445] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 445] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 445] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 445] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 445] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 445] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 445] memfd_create("syzkaller", 0) = 5 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 445] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 445] munmap(0x7fb974560000, 138412032) = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 445] close(5) = 0 [pid 445] close(6) = 0 [pid 445] mkdir("./file0", 0777) = 0 [pid 445] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 445] chdir("./file0") = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_CLR_FD) = 0 [pid 445] close(6) = 0 [pid 445] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 445] write(6, "#! ./file1\n", 11) = 11 [pid 445] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 445] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=445, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 449 ./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x55555bd90660, 24) = 0 [pid 449] chdir("./36") = 0 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 449] setpgid(0, 0) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 449] write(3, "1000", 4) = 4 [pid 449] close(3) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 449] write(1, "executing program\n", 18) = 18 [pid 449] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 449] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 449] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 449] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 449] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 449] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 449] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 449] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 449] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 449] memfd_create("syzkaller", 0) = 5 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 449] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 449] munmap(0x7fb974560000, 138412032) = 0 [ 27.316532][ T445] loop0: detected capacity change from 0 to 2048 [ 27.343070][ T445] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 449] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 449] close(5) = 0 [pid 449] close(6) = 0 [pid 449] mkdir("./file0", 0777) = 0 [pid 449] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 449] chdir("./file0") = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 449] ioctl(6, LOOP_CLR_FD) = 0 [pid 449] close(6) = 0 [pid 449] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 449] write(6, "#! ./file1\n", 11) = 11 [pid 449] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 449] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 449] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=449, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555bd99730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555bd99730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55555bd916f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555bd90650) = 453 ./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x55555bd90660, 24) = 0 [pid 453] chdir("./37") = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 453] setpgid(0, 0) = 0 [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 453] write(3, "1000", 4) = 4 [pid 453] close(3) = 0 [pid 453] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 453] write(1, "executing program\n", 18) = 18 [pid 453] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 453] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 453] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 453] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 453] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 453] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 453] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 453] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 453] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 453] memfd_create("syzkaller", 0) = 5 [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb974560000 [pid 453] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 27.398416][ T449] loop0: detected capacity change from 0 to 2048 [ 27.424931][ T449] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [pid 453] munmap(0x7fb974560000, 138412032) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 453] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 453] close(5) = 0 [pid 453] close(6) = 0 [pid 453] mkdir("./file0", 0777) = 0 [pid 453] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"...) = 0 [pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 453] chdir("./file0") = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 453] ioctl(6, LOOP_CLR_FD) = 0 [pid 453] close(6) = 0 [pid 453] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 453] write(6, "#! ./file1\n", 11) = 11 [pid 453] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 27.481263][ T453] loop0: detected capacity change from 0 to 2048 [pid 453] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000001c0} --- [pid 453] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=453, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555bd916f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 27.520532][ T453] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor168: bg 0: block 234: padding at end of block bitmap is not set [ 27.548216][ T43] ------------[ cut here ]------------ [ 27.553551][ T43] kernel BUG at fs/ext4/inode.c:2760! [ 27.558754][ T43] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 27.564604][ T43] CPU: 0 PID: 43 Comm: kworker/u4:2 Not tainted 6.1.129-syzkaller-00005-g19a0fb1d3513 #0 [ 27.574241][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 27.584133][ T43] Workqueue: writeback wb_workfn (flush-7:0) [ 27.589948][ T43] RIP: 0010:ext4_writepages+0x3fab/0x3fd0 [ 27.595508][ T43] Code: ca 7f ff 31 ff 89 de e8 e3 ca 7f ff 45 84 f6 75 2a e8 49 c8 7f ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 35 c8 7f ff <0f> 0b e8 2e c8 7f ff e8 b5 b7 0a ff e9 46 c3 ff ff e8 1f c8 7f ff [ 27.615072][ T43] RSP: 0018:ffffc900002cf000 EFLAGS: 00010293 [ 27.621004][ T43] RAX: ffffffff81f5cffb RBX: 0000008000000000 RCX: ffff8881008ad100 [ 27.628778][ T43] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 27.636589][ T43] RBP: ffffc900002cf410 R08: ffffffff81f5975b R09: ffffed10200cc50c [ 27.644400][ T43] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881188b8000 [ 27.652211][ T43] R13: ffff888100662998 R14: 0000008410000000 R15: ffffc900002cf2e0 [ 27.660025][ T43] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 27.668791][ T43] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.675905][ T43] CR2: 00007ffdd05ddb88 CR3: 000000011060d000 CR4: 00000000003506b0 [ 27.683727][ T43] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.691547][ T43] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.699341][ T43] Call Trace: [ 27.702600][ T43] [ 27.705376][ T43] ? __die_body+0x62/0xb0 [ 27.709540][ T43] ? die+0x88/0xb0 [ 27.713098][ T43] ? do_trap+0x103/0x330 [ 27.717178][ T43] ? ext4_writepages+0x3fab/0x3fd0 [ 27.722131][ T43] ? handle_invalid_op+0x95/0xc0 [ 27.726899][ T43] ? ext4_writepages+0x3fab/0x3fd0 [ 27.731863][ T43] ? exc_invalid_op+0x32/0x50 [ 27.736365][ T43] ? asm_exc_invalid_op+0x1b/0x20 [ 27.741319][ T43] ? ext4_writepages+0x70b/0x3fd0 [ 27.746164][ T43] ? ext4_writepages+0x3fab/0x3fd0 [ 27.751118][ T43] ? ext4_writepages+0x3fab/0x3fd0 [ 27.756067][ T43] ? sched_group_set_idle+0x710/0x710 [ 27.761271][ T43] ? psi_task_change+0x1c0/0x350 [ 27.766041][ T43] ? ext4_read_folio+0x240/0x240 [ 27.770836][ T43] ? xas_load+0x39d/0x3b0 [ 27.774981][ T43] ? __kasan_check_write+0x14/0x20 [ 27.779930][ T43] ? __filemap_get_folio+0x95e/0xae0 [ 27.785057][ T43] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 27.790518][ T43] ? __kasan_check_read+0x11/0x20 [ 27.795378][ T43] ? folio_mark_accessed+0x211/0x650 [ 27.800500][ T43] ? enqueue_task_fair+0xe82/0x2260 [ 27.805534][ T43] ? ext4_read_folio+0x240/0x240 [ 27.810329][ T43] do_writepages+0x385/0x620 [ 27.814771][ T43] ? __writepage+0x130/0x130 [ 27.819163][ T43] ? enqueue_task_fair+0xe82/0x2260 [ 27.824204][ T43] __writeback_single_inode+0xdc/0xb80 [ 27.829490][ T43] writeback_sb_inodes+0xb32/0x1910 [ 27.834529][ T43] ? _raw_spin_lock+0xa4/0x1b0 [ 27.839124][ T43] ? queue_io+0x520/0x520 [ 27.843404][ T43] ? __writeback_inodes_wb+0x3f0/0x3f0 [ 27.848697][ T43] ? queue_io+0x3d0/0x520 [ 27.852883][ T43] ? memset+0x35/0x40 [ 27.856677][ T43] wb_writeback+0x3c8/0xa00 [ 27.861017][ T43] ? inode_cgwb_move_to_attached+0x3c0/0x3c0 [ 27.866829][ T43] ? set_worker_desc+0x158/0x1c0 [ 27.871689][ T43] ? __kasan_check_write+0x14/0x20 [ 27.876641][ T43] wb_workfn+0x399/0x1030 [ 27.880822][ T43] ? inode_wait_for_writeback+0x280/0x280 [ 27.886357][ T43] ? kthread_data+0x53/0xc0 [ 27.890695][ T43] ? _raw_spin_unlock+0x4c/0x70 [ 27.895383][ T43] ? finish_task_switch+0x167/0x7b0 [ 27.900417][ T43] ? __kasan_check_read+0x11/0x20 [ 27.905277][ T43] ? read_word_at_a_time+0x12/0x20 [ 27.910228][ T43] ? strscpy+0x9c/0x260 [ 27.914217][ T43] process_one_work+0x73d/0xcb0 [ 27.918910][ T43] worker_thread+0xa60/0x1260 [ 27.923444][ T43] kthread+0x26d/0x300 [ 27.927320][ T43] ? worker_clr_flags+0x1a0/0x1a0 [ 27.932195][ T43] ? kthread_blkcg+0xd0/0xd0 [ 27.936614][ T43] ret_from_fork+0x1f/0x30 [ 27.940878][ T43] [ 27.943726][ T43] Modules linked in: [ 27.947558][ T43] ---[ end trace 0000000000000000 ]--- [ 27.952790][ T43] RIP: 0010:ext4_writepages+0x3fab/0x3fd0 [ 27.958315][ T43] Code: ca 7f ff 31 ff 89 de e8 e3 ca 7f ff 45 84 f6 75 2a e8 49 c8 7f ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 35 c8 7f ff <0f> 0b e8 2e c8 7f ff e8 b5 b7 0a ff e9 46 c3 ff ff e8 1f c8 7f ff [ 27.977828][ T43] RSP: 0018:ffffc900002cf000 EFLAGS: 00010293 [ 27.983682][ T43] RAX: ffffffff81f5cffb RBX: 0000008000000000 RCX: ffff8881008ad100 [ 27.991517][ T43] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 27.999302][ T43] RBP: ffffc900002cf410 R08: ffffffff81f5975b R09: ffffed10200cc50c [ 28.007101][ T43] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881188b8000 [ 28.014960][ T43] R13: ffff888100662998 R14: 0000008410000000 R15: ffffc900002cf2e0 [ 28.022725][ T43] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 28.031625][ T43] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.038005][ T43] CR2: 00007ffdd05ddb88 CR3: 000000011060d000 CR4: 00000000003506b0 [ 28.045851][ T43] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.053641][ T43] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.061487][ T43] Kernel panic - not syncing: Fatal exception [ 28.067789][ T43] Kernel Offset: disabled [ 28.071934][ T43] Rebooting in 86400 seconds..