./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2580385831 <...> syzkaller syzkaller login: [ 12.583659][ T23] kauditd_printk_skb: 39 callbacks suppressed [ 12.583670][ T23] audit: type=1400 audit(1746229276.380:75): avc: denied { transition } for pid=279 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.593563][ T23] audit: type=1400 audit(1746229276.380:76): avc: denied { noatsecure } for pid=279 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.600941][ T23] audit: type=1400 audit(1746229276.380:77): avc: denied { write } for pid=279 comm="sh" path="pipe:[11280]" dev="pipefs" ino=11280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.606212][ T23] audit: type=1400 audit(1746229276.380:78): avc: denied { rlimitinh } for pid=279 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.611350][ T23] audit: type=1400 audit(1746229276.380:79): avc: denied { siginh } for pid=279 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.243847][ T23] audit: type=1400 audit(1746229278.040:80): avc: denied { read } for pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.0.134' (ED25519) to the list of known hosts. execve("./syz-executor2580385831", ["./syz-executor2580385831"], 0x7ffc1df9f630 /* 10 vars */) = 0 brk(NULL) = 0x55558c358000 brk(0x55558c358d40) = 0x55558c358d40 arch_prctl(ARCH_SET_FS, 0x55558c3583c0) = 0 set_tid_address(0x55558c358690) = 341 set_robust_list(0x55558c3586a0, 24) = 0 rseq(0x55558c358ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2580385831", 4096) = 28 getrandom("\x4b\x9e\xf9\xab\x85\x38\x53\x5d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558c358d40 brk(0x55558c379d40) = 0x55558c379d40 brk(0x55558c37a000) = 0x55558c37a000 mprotect(0x7fc6d8b63000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.Z7Mdyl", 0700) = 0 chmod("./syzkaller.Z7Mdyl", 0777) = 0 chdir("./syzkaller.Z7Mdyl") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x55558c3586a0, 24) = 0 [ 22.728761][ T23] audit: type=1400 audit(1746229286.530:81): avc: denied { execmem } for pid=341 comm="syz-executor258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.754693][ T23] audit: type=1400 audit(1746229286.550:82): avc: denied { read write } for pid=341 comm="syz-executor258" name="loop0" dev="devtmpfs" ino=150 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 342] chdir("./0") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 342] write(1, "executing program\n", 18) = 18 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 342] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[344]}, 88) = 344 [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 344] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x200000000300) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_SET_MEM_TABLE [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... ioctl resumed>, 0x200000003380) = 0 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 344] eventfd2(118, EFD_SEMAPHORE [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... eventfd2 resumed>) = 4 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_SET_VRING_ERR [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_SET_VRING_ADDR [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x200000000240) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_SET_VRING_KICK [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x200000000000) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... ioctl resumed>, 0x200000000140) = 0 [pid 342] <... futex resumed>) = 0 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 344] memfd_create("syzkaller", 0 [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... memfd_create resumed>) = 5 [pid 342] <... futex resumed>) = 0 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 344] <... mmap resumed>) = 0x7fc6d067d000 [pid 344] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 344] munmap(0x7fc6d067d000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 22.780080][ T23] audit: type=1400 audit(1746229286.550:83): avc: denied { open } for pid=341 comm="syz-executor258" path="/dev/loop0" dev="devtmpfs" ino=150 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 344] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 344] close(5) = 0 [pid 344] close(6) = 0 [pid 344] mkdir("./file0", 0777) = 0 [ 22.805795][ T23] audit: type=1400 audit(1746229286.570:84): avc: denied { ioctl } for pid=341 comm="syz-executor258" path="/dev/loop0" dev="devtmpfs" ino=150 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.832725][ T23] audit: type=1400 audit(1746229286.580:85): avc: denied { read write } for pid=342 comm="syz-executor258" name="vhost-vsock" dev="devtmpfs" ino=490 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.861572][ T23] audit: type=1400 audit(1746229286.580:86): avc: denied { open } for pid=342 comm="syz-executor258" path="/dev/vhost-vsock" dev="devtmpfs" ino=490 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.886087][ T23] audit: type=1400 audit(1746229286.580:87): avc: denied { ioctl } for pid=342 comm="syz-executor258" path="/dev/vhost-vsock" dev="devtmpfs" ino=490 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.911754][ T23] audit: type=1400 audit(1746229286.630:88): avc: denied { mounton } for pid=342 comm="syz-executor258" path="/root/syzkaller.Z7Mdyl/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.948845][ T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 344] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 344] chdir("./file0") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 344] ioctl(6, LOOP_CLR_FD) = 0 [pid 344] close(6) = 0 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] write(6, "#! ./file1\n", 11 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... write resumed>) = 11 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 344] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.971468][ T23] audit: type=1400 audit(1746229286.770:89): avc: denied { mount } for pid=342 comm="syz-executor258" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.007283][ T345] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-344: bg 0: block 234: padding at end of block bitmap is not set [pid 342] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 342] <... futex resumed>) = ? [pid 344] +++ killed by SIGBUS +++ [pid 342] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=342, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 23.007773][ T23] audit: type=1400 audit(1746229286.800:90): avc: denied { write } for pid=342 comm="syz-executor258" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.044982][ T344] syz-executor258 (344) used greatest stack depth: 23648 bytes left umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 349 attached , child_tidptr=0x55558c358690) = 349 [pid 349] set_robust_list(0x55558c3586a0, 24) = 0 [pid 349] chdir("./1") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 349] write(1, "executing program\n", 18) = 18 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 349] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[350]}, 88) = 350 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 350] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 350] memfd_create("syzkaller", 0) = 5 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 350] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 350] munmap(0x7fc6d067d000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 350] close(5) = 0 [pid 350] close(6) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 350] chdir("./file0") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_CLR_FD) = 0 [pid 350] close(6) = 0 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] write(6, "#! ./file1\n", 11) = 11 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 350] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 0 [pid 350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 349] <... futex resumed>) = ? [pid 350] +++ killed by SIGBUS +++ [pid 349] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=349, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 23.178440][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.212900][ T351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-350: bg 0: block 234: padding at end of block bitmap is not set umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 355 attached , child_tidptr=0x55558c358690) = 355 [pid 355] set_robust_list(0x55558c3586a0, 24) = 0 [pid 355] chdir("./2") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 355] write(1, "executing program\n", 18) = 18 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 355] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 356 attached => {parent_tid=[356]}, 88) = 356 [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 356] memfd_create("syzkaller", 0) = 5 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 356] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 356] munmap(0x7fc6d067d000, 138412032) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 356] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 356] close(5) = 0 [pid 356] close(6) = 0 [pid 356] mkdir("./file0", 0777) = 0 [pid 356] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 356] chdir("./file0") = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 356] ioctl(6, LOOP_CLR_FD) = 0 [pid 356] close(6) = 0 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] write(6, "#! ./file1\n", 11) = 11 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 356] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 0 [pid 356] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 355] <... futex resumed>) = ? [pid 356] +++ killed by SIGBUS +++ [pid 355] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 23.356683][ T356] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.389806][ T357] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-356: bg 0: block 234: padding at end of block bitmap is not set umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 361 ./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x55558c3586a0, 24) = 0 [pid 361] chdir("./3") = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 361] write(1, "executing program\n", 18) = 18 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 361] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[362]}, 88) = 362 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 362] memfd_create("syzkaller", 0) = 5 [pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 362] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 362] munmap(0x7fc6d067d000, 138412032) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 362] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 362] close(5) = 0 [pid 362] close(6) = 0 [pid 362] mkdir("./file0", 0777) = 0 [pid 362] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 362] chdir("./file0") = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 362] ioctl(6, LOOP_CLR_FD) = 0 [pid 362] close(6) = 0 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] write(6, "#! ./file1\n", 11) = 11 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 362] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... futex resumed>) = 0 [pid 362] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 361] <... futex resumed>) = ? [pid 362] +++ killed by SIGBUS +++ [pid 361] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=361, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 23.558220][ T362] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.591553][ T363] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-362: bg 0: block 234: padding at end of block bitmap is not set umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x55558c3586a0, 24) = 0 [pid 367] chdir("./4") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] write(1, "executing program\n", 18executing program ) = 18 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 367] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... clone3 resumed> => {parent_tid=[368]}, 88) = 368 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] ioctl(3, VHOST_SET_OWNER [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... ioctl resumed>, 0) = 0 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 368] memfd_create("syzkaller", 0) = 5 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 368] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7fc6d067d000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 368] close(5) = 0 [pid 368] close(6) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_CLR_FD) = 0 [pid 368] close(6) = 0 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 368] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... openat resumed>) = 6 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] write(6, "#! ./file1\n", 11) = 11 [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... mmap resumed>) = 0x200000000000 [ 23.728504][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 368] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 367] <... futex resumed>) = ? [pid 368] +++ killed by SIGBUS +++ [pid 367] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 23.771388][ T369] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-368: bg 0: block 234: padding at end of block bitmap is not set umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x55558c3586a0, 24) = 0 [pid 373] chdir("./5") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 373] write(1, "executing program\n", 18) = 18 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 373] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[374]}, 88) = 374 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 374] memfd_create("syzkaller", 0) = 5 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 374] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 374] munmap(0x7fc6d067d000, 138412032) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 374] close(5) = 0 [pid 374] close(6) = 0 [pid 374] mkdir("./file0", 0777) = 0 [pid 374] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 374] chdir("./file0") = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_CLR_FD) = 0 [pid 374] close(6) = 0 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] write(6, "#! ./file1\n", 11) = 11 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 374] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 0 [pid 374] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 373] <... futex resumed>) = ? [pid 374] +++ killed by SIGBUS +++ [pid 373] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=373, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 23.957862][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.991728][ T375] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-374: bg 0: block 234: padding at end of block bitmap is not set umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x55558c3586a0, 24) = 0 [pid 379] chdir("./6") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18executing program ) = 18 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 379] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[380]}, 88) = 380 [pid 379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 380] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 380] memfd_create("syzkaller", 0) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 380] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 380] munmap(0x7fc6d067d000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] write(6, "#! ./file1\n", 11) = 11 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 380] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 379] <... futex resumed>) = ? [pid 380] +++ killed by SIGBUS +++ [pid 379] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=379, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 24.158335][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.193216][ T381] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-380: bg 0: block 234: padding at end of block bitmap is not set umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x55558c3586a0, 24) = 0 [pid 385] chdir("./7") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18executing program ) = 18 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 385] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[386]}, 88) = 386 [pid 385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 386] memfd_create("syzkaller", 0) = 5 [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 386] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 386] munmap(0x7fc6d067d000, 138412032) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 386] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 386] close(5) = 0 [pid 386] close(6) = 0 [pid 386] mkdir("./file0", 0777) = 0 [pid 386] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 386] chdir("./file0") = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 386] ioctl(6, LOOP_CLR_FD) = 0 [pid 386] close(6) = 0 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] write(6, "#! ./file1\n", 11) = 11 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 386] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 386] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 0 [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 385] <... futex resumed>) = ? [pid 386] +++ killed by SIGBUS +++ [pid 385] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=385, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 24.368288][ T386] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.402385][ T387] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-386: bg 0: block 234: padding at end of block bitmap is not set umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x55558c3586a0, 24) = 0 [pid 391] chdir("./8") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] write(1, "executing program\n", 18executing program ) = 18 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 391] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[392]}, 88) = 392 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 392] memfd_create("syzkaller", 0) = 5 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 392] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 392] munmap(0x7fc6d067d000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 392] close(5) = 0 [pid 392] close(6) = 0 [pid 392] mkdir("./file0", 0777) = 0 [pid 392] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 392] chdir("./file0") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_CLR_FD) = 0 [pid 392] close(6) = 0 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] write(6, "#! ./file1\n", 11) = 11 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 392] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 0 [pid 392] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 391] <... futex resumed>) = ? [pid 392] +++ killed by SIGBUS +++ [pid 391] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=391, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 24.528308][ T392] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.561651][ T393] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-392: bg 0: block 234: padding at end of block bitmap is not set umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 397 ./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x55558c3586a0, 24) = 0 [pid 397] chdir("./9") = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 397] write(1, "executing program\n", 18executing program ) = 18 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 397] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[398]}, 88) = 398 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 398] memfd_create("syzkaller", 0) = 5 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 398] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 398] munmap(0x7fc6d067d000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 398] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 398] close(5) = 0 [pid 398] close(6) = 0 [pid 398] mkdir("./file0", 0777) = 0 [pid 398] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 398] chdir("./file0") = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 398] ioctl(6, LOOP_CLR_FD) = 0 [pid 398] close(6) = 0 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] write(6, "#! ./file1\n", 11) = 11 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 398] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 0 [pid 398] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 397] <... futex resumed>) = ? [pid 398] +++ killed by SIGBUS +++ [pid 397] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=397, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 24.712314][ T398] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 24.746017][ T399] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-398: bg 0: block 234: padding at end of block bitmap is not set umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 403 ./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x55558c3586a0, 24) = 0 [pid 403] chdir("./10") = 0 [pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 403] setpgid(0, 0) = 0 [pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 403] write(3, "1000", 4) = 4 [pid 403] close(3) = 0 executing program [pid 403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 403] write(1, "executing program\n", 18) = 18 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 403] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] <... clone3 resumed> => {parent_tid=[404]}, 88) = 404 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 403] <... futex resumed>) = 1 [pid 404] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] <... futex resumed>) = 0 [pid 404] ioctl(3, VHOST_SET_OWNER [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... ioctl resumed>, 0) = 0 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 404] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 404] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] memfd_create("syzkaller", 0) = 5 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 404] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 404] munmap(0x7fc6d067d000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 404] close(5) = 0 [pid 404] close(6) = 0 [pid 404] mkdir("./file0", 0777) = 0 [pid 404] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 404] ioctl(6, LOOP_CLR_FD) = 0 [pid 404] close(6) = 0 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] write(6, "#! ./file1\n", 11) = 11 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 404] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [ 24.877151][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 404] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 403] <... futex resumed>) = ? [pid 404] +++ killed by SIGBUS +++ [pid 403] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=403, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 24.917137][ T405] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-404: bg 0: block 234: padding at end of block bitmap is not set umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 409 ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x55558c3586a0, 24) = 0 [pid 409] chdir("./11") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 409] write(1, "executing program\n", 18) = 18 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 409] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[410]}, 88) = 410 [pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 410] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 410] memfd_create("syzkaller", 0) = 5 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 410] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 410] munmap(0x7fc6d067d000, 138412032) = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 410] close(5) = 0 [pid 410] close(6) = 0 [pid 410] mkdir("./file0", 0777) = 0 [pid 410] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 410] chdir("./file0") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 410] ioctl(6, LOOP_CLR_FD) = 0 [pid 410] close(6) = 0 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] write(6, "#! ./file1\n", 11) = 11 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 410] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 409] <... futex resumed>) = ? [pid 410] +++ killed by SIGBUS +++ [pid 409] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=409, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 25.074381][ T410] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.108309][ T411] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-410: bg 0: block 234: padding at end of block bitmap is not set umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x55558c3586a0, 24) = 0 [pid 415] chdir("./12") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 415] write(1, "executing program\n", 18) = 18 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 415] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 415] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 416] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... clone3 resumed> => {parent_tid=[416]}, 88) = 416 [pid 415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] ioctl(3, VHOST_SET_OWNER [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... ioctl resumed>, 0) = 0 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = 1 [pid 416] ioctl(3, VHOST_SET_VRING_ADDR [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... ioctl resumed>, 0x200000000300) = 0 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... futex resumed>) = 0 [pid 416] ioctl(3, VHOST_SET_MEM_TABLE [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... ioctl resumed>, 0x200000003380) = 0 [pid 415] <... futex resumed>) = 0 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] eventfd2(118, EFD_SEMAPHORE [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... eventfd2 resumed>) = 4 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 416] <... futex resumed>) = 0 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = 1 [pid 416] ioctl(3, VHOST_SET_VRING_ADDR [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... ioctl resumed>, 0x200000000240) = 0 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... futex resumed>) = 0 [pid 416] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] <... futex resumed>) = 0 [pid 416] ioctl(3, VHOST_SET_VRING_KICK [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... ioctl resumed>, 0x200000000000) = 0 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... futex resumed>) = 0 [pid 416] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... ioctl resumed>, 0x200000000140) = 0 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... futex resumed>) = 0 [pid 416] memfd_create("syzkaller", 0 [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... memfd_create resumed>) = 5 [pid 415] <... futex resumed>) = 0 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 416] <... mmap resumed>) = 0x7fc6d067d000 [pid 416] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 416] munmap(0x7fc6d067d000, 138412032) = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 416] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 416] close(5) = 0 [pid 416] close(6) = 0 [pid 416] mkdir("./file0", 0777) = 0 [pid 416] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 416] chdir("./file0") = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 416] ioctl(6, LOOP_CLR_FD) = 0 [pid 416] close(6) = 0 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] write(6, "#! ./file1\n", 11) = 11 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 416] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 415] <... futex resumed>) = ? [pid 416] +++ killed by SIGBUS +++ [pid 415] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=415, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 25.238181][ T416] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.269722][ T417] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-416: bg 0: block 234: padding at end of block bitmap is not set umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x55558c3586a0, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x55558c358690) = 421 [pid 421] chdir("./13") = 0 [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 421] write(1, "executing program\n", 18executing program ) = 18 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 421] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[422]}, 88) = 422 [pid 421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 422] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 422] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 422] memfd_create("syzkaller", 0) = 5 [pid 422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 422] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 422] munmap(0x7fc6d067d000, 138412032) = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 422] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 422] close(5) = 0 [pid 422] close(6) = 0 [pid 422] mkdir("./file0", 0777) = 0 [pid 422] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 422] chdir("./file0") = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 422] ioctl(6, LOOP_CLR_FD) = 0 [pid 422] close(6) = 0 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 422] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] write(6, "#! ./file1\n", 11) = 11 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 422] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 421] <... futex resumed>) = ? [pid 422] +++ killed by SIGBUS +++ [pid 421] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=421, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 25.438262][ T422] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.472165][ T423] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-422: bg 0: block 234: padding at end of block bitmap is not set umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 427 ./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x55558c3586a0, 24) = 0 [pid 427] chdir("./14") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 427] write(1, "executing program\n", 18executing program ) = 18 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 427] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[428]}, 88) = 428 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 428] memfd_create("syzkaller", 0) = 5 [pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 428] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 428] munmap(0x7fc6d067d000, 138412032) = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 428] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 428] close(5) = 0 [pid 428] close(6) = 0 [pid 428] mkdir("./file0", 0777) = 0 [pid 428] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 428] chdir("./file0") = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 428] ioctl(6, LOOP_CLR_FD) = 0 [pid 428] close(6) = 0 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] write(6, "#! ./file1\n", 11) = 11 [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.598301][ T428] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 428] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 427] <... futex resumed>) = ? [pid 428] +++ killed by SIGBUS +++ [pid 427] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=427, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 25.643412][ T429] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-428: bg 0: block 234: padding at end of block bitmap is not set umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x55558c3586a0, 24) = 0 [pid 433] chdir("./15") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] write(1, "executing program\n", 18executing program ) = 18 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 433] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[434]}, 88) = 434 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 434 attached [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... futex resumed>) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] ioctl(3, VHOST_SET_OWNER [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... ioctl resumed>, 0) = 0 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] memfd_create("syzkaller", 0 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 434] <... memfd_create resumed>) = 5 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 434] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 434] munmap(0x7fc6d067d000, 138412032) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 434] close(5) = 0 [pid 434] close(6) = 0 [pid 434] mkdir("./file0", 0777) = 0 [pid 434] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 434] chdir("./file0") = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 434] ioctl(6, LOOP_CLR_FD) = 0 [pid 434] close(6) = 0 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] write(6, "#! ./file1\n", 11) = 11 [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.798259][ T434] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 434] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 0 [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 433] <... futex resumed>) = ? [pid 434] +++ killed by SIGBUS +++ [pid 433] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=433, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 [ 25.841633][ T435] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-434: bg 0: block 234: padding at end of block bitmap is not set mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x55558c3586a0, 24) = 0 [pid 439] chdir("./16") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] write(1, "executing program\n", 18executing program ) = 18 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 439] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[440]}, 88) = 440 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 440] memfd_create("syzkaller", 0) = 5 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 440] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7fc6d067d000, 138412032) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 440] close(5) = 0 [pid 440] close(6) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] write(6, "#! ./file1\n", 11) = 11 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 440] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 0 [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 439] <... futex resumed>) = ? [pid 440] +++ killed by SIGBUS +++ [pid 439] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=439, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 25.954164][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 25.986244][ T441] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-440: bg 0: block 234: padding at end of block bitmap is not set umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x55558c3586a0, 24) = 0 [pid 445] chdir("./17" [pid 341] <... clone resumed>, child_tidptr=0x55558c358690) = 445 [pid 445] <... chdir resumed>) = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18executing program ) = 18 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 445] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[446]}, 88) = 446 [pid 445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 446] memfd_create("syzkaller", 0) = 5 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 446] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 446] munmap(0x7fc6d067d000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 446] close(5) = 0 [pid 446] close(6) = 0 [pid 446] mkdir("./file0", 0777) = 0 [pid 446] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 446] chdir("./file0") = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_CLR_FD) = 0 [pid 446] close(6) = 0 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] write(6, "#! ./file1\n", 11) = 11 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... mmap resumed>) = 0x200000000000 [pid 446] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 445] <... futex resumed>) = ? [pid 446] +++ killed by SIGBUS +++ [pid 445] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=445, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 26.158257][ T446] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.192588][ T447] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-446: bg 0: block 234: padding at end of block bitmap is not set umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x55558c3586a0, 24) = 0 [pid 451] chdir("./18") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 451] write(1, "executing program\n", 18executing program ) = 18 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 451] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 451] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[452]}, 88) = 452 [pid 451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 452] memfd_create("syzkaller", 0) = 5 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 452] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 452] munmap(0x7fc6d067d000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 452] close(5) = 0 [pid 452] close(6) = 0 [pid 452] mkdir("./file0", 0777) = 0 [pid 452] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 452] chdir("./file0") = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_CLR_FD) = 0 [pid 452] close(6) = 0 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] write(6, "#! ./file1\n", 11) = 11 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 452] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 0 [pid 452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 451] <... futex resumed>) = ? [pid 452] +++ killed by SIGBUS +++ [pid 451] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=451, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 26.358219][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.391913][ T453] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-452: bg 0: block 234: padding at end of block bitmap is not set umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 457 attached , child_tidptr=0x55558c358690) = 457 [pid 457] set_robust_list(0x55558c3586a0, 24) = 0 [pid 457] chdir("./19") = 0 [pid 457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 457] setpgid(0, 0) = 0 [pid 457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 457] write(3, "1000", 4) = 4 [pid 457] close(3) = 0 [pid 457] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 457] write(1, "executing program\n", 18) = 18 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 457] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 458] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] <... clone3 resumed> => {parent_tid=[458]}, 88) = 458 [pid 457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 457] <... futex resumed>) = 1 [pid 458] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 457] <... futex resumed>) = 1 [pid 458] ioctl(3, VHOST_SET_VRING_ADDR [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... ioctl resumed>, 0x200000000300) = 0 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] <... futex resumed>) = 0 [pid 458] ioctl(3, VHOST_SET_MEM_TABLE [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... ioctl resumed>, 0x200000003380) = 0 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 458] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 458] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 457] <... futex resumed>) = 0 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 457] <... futex resumed>) = 1 [pid 458] ioctl(3, VHOST_SET_VRING_ADDR [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... ioctl resumed>, 0x200000000240) = 0 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 457] <... futex resumed>) = 1 [pid 458] ioctl(3, VHOST_SET_VRING_KICK [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... ioctl resumed>, 0x200000000000) = 0 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 458] <... futex resumed>) = 0 [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 457] <... futex resumed>) = 0 [pid 458] <... ioctl resumed>, 0x200000000140) = 0 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 0 [pid 457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 458] memfd_create("syzkaller", 0) = 5 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 458] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 458] munmap(0x7fc6d067d000, 138412032) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 458] close(5) = 0 [pid 458] close(6) = 0 [pid 458] mkdir("./file0", 0777) = 0 [pid 458] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 458] chdir("./file0") = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 458] ioctl(6, LOOP_CLR_FD) = 0 [pid 458] close(6) = 0 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] write(6, "#! ./file1\n", 11) = 11 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 458] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 0 [pid 458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 457] <... futex resumed>) = ? [pid 458] +++ killed by SIGBUS +++ [pid 457] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=457, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 26.518309][ T458] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.552116][ T459] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-458: bg 0: block 234: padding at end of block bitmap is not set umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 463 ./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x55558c3586a0, 24) = 0 [pid 463] chdir("./20") = 0 [pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 463] setpgid(0, 0) = 0 [pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 463] write(3, "1000", 4) = 4 [pid 463] close(3) = 0 [pid 463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 463] write(1, "executing program\n", 18executing program ) = 18 [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 463] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 463] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 464 attached => {parent_tid=[464]}, 88) = 464 [pid 464] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 463] <... futex resumed>) = 1 [pid 464] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 463] <... futex resumed>) = 1 [pid 464] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 463] <... futex resumed>) = 1 [pid 464] memfd_create("syzkaller", 0) = 5 [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 464] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 464] munmap(0x7fc6d067d000, 138412032) = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 464] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 464] close(5) = 0 [pid 464] close(6) = 0 [pid 464] mkdir("./file0", 0777) = 0 [pid 464] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 464] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 464] chdir("./file0") = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 464] ioctl(6, LOOP_CLR_FD) = 0 [pid 464] close(6) = 0 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] write(6, "#! ./file1\n", 11) = 11 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 464] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 463] <... futex resumed>) = ? [pid 464] +++ killed by SIGBUS +++ [pid 463] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=463, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 26.668110][ T464] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.698898][ T465] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-464: bg 0: block 234: padding at end of block bitmap is not set umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 469 ./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x55558c3586a0, 24) = 0 [pid 469] chdir("./21") = 0 [pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 469] setpgid(0, 0) = 0 [pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 469] write(3, "1000", 4) = 4 [pid 469] close(3) = 0 [pid 469] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 469] write(1, "executing program\n", 18) = 18 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 469] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 470 attached => {parent_tid=[470]}, 88) = 470 [pid 470] set_robust_list(0x7fc6d8a9d9a0, 24 [pid 469] rt_sigprocmask(SIG_SETMASK, [], [pid 470] <... set_robust_list resumed>) = 0 [pid 469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 470] rt_sigprocmask(SIG_SETMASK, [], [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 470] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 [pid 470] ioctl(3, VHOST_SET_OWNER [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... ioctl resumed>, 0) = 0 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = 1 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... ioctl resumed>, 0x200000000300) = 0 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] ioctl(3, VHOST_SET_MEM_TABLE [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... ioctl resumed>, 0x200000003380) = 0 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 470] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = 1 [pid 470] eventfd2(118, EFD_SEMAPHORE [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... eventfd2 resumed>) = 4 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = 1 [pid 470] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = 1 [pid 470] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = 1 [pid 470] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 470] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = 1 [pid 470] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... ioctl resumed>, 0x200000000140) = 0 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] <... futex resumed>) = 0 [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] memfd_create("syzkaller", 0 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 470] <... memfd_create resumed>) = 5 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 470] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 470] munmap(0x7fc6d067d000, 138412032) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 470] close(5) = 0 [pid 470] close(6) = 0 [pid 470] mkdir("./file0", 0777) = 0 [pid 470] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 470] chdir("./file0") = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 470] ioctl(6, LOOP_CLR_FD) = 0 [pid 470] close(6) = 0 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] write(6, "#! ./file1\n", 11) = 11 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 470] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... futex resumed>) = 0 [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 469] <... futex resumed>) = ? [ 26.875520][ T470] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 26.907283][ T471] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-470: bg 0: block 234: padding at end of block bitmap is not set [pid 470] +++ killed by SIGBUS +++ [pid 469] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=469, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 26.923460][ T471] vhost-470 (471) used greatest stack depth: 23520 bytes left umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 475 ./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x55558c3586a0, 24) = 0 [pid 475] chdir("./22") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 475] write(1, "executing program\n", 18) = 18 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 475] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... clone3 resumed> => {parent_tid=[476]}, 88) = 476 [pid 475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 476] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 475] <... futex resumed>) = 1 [pid 476] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 0 [pid 476] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 476] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] ioctl(3, VHOST_SET_VRING_ADDR [pid 475] <... futex resumed>) = 0 [pid 476] <... ioctl resumed>, 0x200000000240) = 0 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 0 [pid 475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 475] <... futex resumed>) = 1 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 476] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... ioctl resumed>, 0x200000000140) = 0 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] <... futex resumed>) = 0 [pid 476] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 475] <... futex resumed>) = 1 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 476] memfd_create("syzkaller", 0) = 5 [pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 476] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 476] munmap(0x7fc6d067d000, 138412032) = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 476] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 476] close(5) = 0 [pid 476] close(6) = 0 [pid 476] mkdir("./file0", 0777) = 0 [pid 476] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 476] chdir("./file0") = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 476] ioctl(6, LOOP_CLR_FD) = 0 [pid 476] close(6) = 0 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] write(6, "#! ./file1\n", 11) = 11 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 476] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 0 [pid 476] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 475] <... futex resumed>) = ? [pid 476] +++ killed by SIGBUS +++ [pid 475] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=475, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 27.058218][ T476] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.091389][ T477] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-476: bg 0: block 234: padding at end of block bitmap is not set umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 481 attached , child_tidptr=0x55558c358690) = 481 [pid 481] set_robust_list(0x55558c3586a0, 24) = 0 [pid 481] chdir("./23") = 0 [pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 481] setpgid(0, 0) = 0 [pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 481] write(3, "1000", 4) = 4 [pid 481] close(3) = 0 [pid 481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 481] write(1, "executing program\n", 18executing program ) = 18 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 481] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 481] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[482]}, 88) = 482 [pid 481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 482] memfd_create("syzkaller", 0) = 5 [pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 482] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 482] munmap(0x7fc6d067d000, 138412032) = 0 [pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 482] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 482] close(5) = 0 [pid 482] close(6) = 0 [pid 482] mkdir("./file0", 0777) = 0 [pid 482] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 482] chdir("./file0") = 0 [pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 482] ioctl(6, LOOP_CLR_FD) = 0 [pid 482] close(6) = 0 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] write(6, "#! ./file1\n", 11) = 11 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 482] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 481] <... futex resumed>) = ? [pid 482] +++ killed by SIGBUS +++ [pid 481] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=481, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 27.275950][ T482] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.309137][ T483] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-482: bg 0: block 234: padding at end of block bitmap is not set umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 487 attached , child_tidptr=0x55558c358690) = 487 [pid 487] set_robust_list(0x55558c3586a0, 24) = 0 [pid 487] chdir("./24") = 0 [pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 487] setpgid(0, 0) = 0 [pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 487] write(3, "1000", 4) = 4 [pid 487] close(3) = 0 [pid 487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 487] write(1, "executing program\n", 18executing program ) = 18 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 487] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 488 attached => {parent_tid=[488]}, 88) = 488 [pid 488] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] ioctl(3, VHOST_SET_OWNER [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... ioctl resumed>, 0) = 0 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 488] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 488] memfd_create("syzkaller", 0) = 5 [pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 488] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 488] munmap(0x7fc6d067d000, 138412032) = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 488] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 488] close(5) = 0 [pid 488] close(6) = 0 [pid 488] mkdir("./file0", 0777) = 0 [pid 488] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 488] chdir("./file0") = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 488] ioctl(6, LOOP_CLR_FD) = 0 [pid 488] close(6) = 0 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] write(6, "#! ./file1\n", 11) = 11 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 488] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 487] <... futex resumed>) = ? [pid 488] +++ killed by SIGBUS +++ [pid 487] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=487, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 27.505472][ T488] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.529846][ T488] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor258: bg 0: block 234: padding at end of block bitmap is not set umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 493 ./strace-static-x86_64: Process 493 attached [pid 493] set_robust_list(0x55558c3586a0, 24) = 0 [pid 493] chdir("./25") = 0 [pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 493] setpgid(0, 0) = 0 [pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 493] write(3, "1000", 4) = 4 [pid 493] close(3) = 0 [pid 493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 493] write(1, "executing program\n", 18executing program ) = 18 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 493] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[494]}, 88) = 494 [pid 493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 494] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 494] memfd_create("syzkaller", 0) = 5 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 494] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 494] munmap(0x7fc6d067d000, 138412032) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 494] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 494] close(5) = 0 [pid 494] close(6) = 0 [pid 494] mkdir("./file0", 0777) = 0 [pid 494] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 494] chdir("./file0") = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 494] ioctl(6, LOOP_CLR_FD) = 0 [pid 494] close(6) = 0 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] write(6, "#! ./file1\n", 11) = 11 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 494] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] <... futex resumed>) = 0 [pid 494] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 493] <... futex resumed>) = ? [pid 494] +++ killed by SIGBUS +++ [pid 493] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=493, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 27.656746][ T494] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.690753][ T495] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-494: bg 0: block 234: padding at end of block bitmap is not set umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x55558c3586a0, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x55558c358690) = 499 [pid 499] chdir("./26") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 499] write(1, "executing program\n", 18) = 18 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 499] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 500 attached [pid 500] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 500] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] <... clone3 resumed> => {parent_tid=[500]}, 88) = 500 [pid 499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 500] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... openat resumed>) = 3 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 500] ioctl(3, VHOST_SET_OWNER [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... ioctl resumed>, 0) = 0 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 500] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 500] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 500] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 500] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 500] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 500] memfd_create("syzkaller", 0) = 5 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 500] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 500] munmap(0x7fc6d067d000, 138412032) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 500] close(5) = 0 [pid 500] close(6) = 0 [pid 500] mkdir("./file0", 0777) = 0 [pid 500] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 500] chdir("./file0") = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 500] ioctl(6, LOOP_CLR_FD) = 0 [pid 500] close(6) = 0 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 500] write(6, "#! ./file1\n", 11) = 11 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 500] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 0 [pid 500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 499] <... futex resumed>) = ? [pid 500] +++ killed by SIGBUS +++ [pid 499] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=499, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 27.839607][ T500] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 27.872595][ T501] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-500: bg 0: block 234: padding at end of block bitmap is not set umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x55558c3586a0, 24) = 0 [pid 505] chdir("./27") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 505] write(1, "executing program\n", 18executing program ) = 18 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 505] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 506 attached [pid 506] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 506] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] <... clone3 resumed> => {parent_tid=[506]}, 88) = 506 [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 506] <... futex resumed>) = 0 [pid 506] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 506] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 506] memfd_create("syzkaller", 0) = 5 [pid 506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 506] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 506] munmap(0x7fc6d067d000, 138412032) = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 506] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 506] close(5) = 0 [pid 506] close(6) = 0 [pid 506] mkdir("./file0", 0777) = 0 [pid 506] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 506] chdir("./file0") = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 506] ioctl(6, LOOP_CLR_FD) = 0 [pid 506] close(6) = 0 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 506] write(6, "#! ./file1\n", 11 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] <... write resumed>) = 11 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 506] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 505] <... futex resumed>) = ? [pid 506] +++ killed by SIGBUS +++ [pid 505] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=505, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 28.008219][ T506] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.041571][ T507] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-506: bg 0: block 234: padding at end of block bitmap is not set umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 511 attached , child_tidptr=0x55558c358690) = 511 [pid 511] set_robust_list(0x55558c3586a0, 24) = 0 [pid 511] chdir("./28") = 0 [pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 511] setpgid(0, 0) = 0 [pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 511] write(3, "1000", 4) = 4 [pid 511] close(3) = 0 [pid 511] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 511] write(1, "executing program\n", 18) = 18 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 511] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 511] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[512]}, 88) = 512 [pid 511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 512 attached [pid 512] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 512] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 512] memfd_create("syzkaller", 0) = 5 [pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 512] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 512] munmap(0x7fc6d067d000, 138412032) = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 512] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 512] close(5) = 0 [pid 512] close(6) = 0 [pid 512] mkdir("./file0", 0777) = 0 [pid 512] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 512] chdir("./file0") = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 512] ioctl(6, LOOP_CLR_FD) = 0 [pid 512] close(6) = 0 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] write(6, "#! ./file1\n", 11) = 11 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 512] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] <... futex resumed>) = 0 [pid 512] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 511] <... futex resumed>) = ? [pid 512] +++ killed by SIGBUS +++ [pid 511] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=511, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 28.198345][ T512] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.232813][ T513] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-512: bg 0: block 234: padding at end of block bitmap is not set umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 517 ./strace-static-x86_64: Process 517 attached [pid 517] set_robust_list(0x55558c3586a0, 24) = 0 [pid 517] chdir("./29") = 0 [pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 517] setpgid(0, 0) = 0 [pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 517] write(3, "1000", 4) = 4 [pid 517] close(3) = 0 [pid 517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 517] write(1, "executing program\n", 18executing program ) = 18 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 517] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 518 attached [pid 518] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 518] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... clone3 resumed> => {parent_tid=[518]}, 88) = 518 [pid 517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... openat resumed>) = 3 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 518] ioctl(3, VHOST_SET_OWNER [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... ioctl resumed>, 0) = 0 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 518] eventfd2(118, EFD_SEMAPHORE [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... eventfd2 resumed>) = 4 [pid 517] <... futex resumed>) = 0 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = 0 [pid 517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 518] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... futex resumed>) = 0 [pid 518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] ioctl(3, VHOST_SET_VRING_ADDR [pid 517] <... futex resumed>) = 0 [pid 518] <... ioctl resumed>, 0x200000000240) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 518] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] <... futex resumed>) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 518] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... futex resumed>) = 0 [pid 518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 517] <... futex resumed>) = 0 [pid 518] <... ioctl resumed>, 0x200000000140) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] <... futex resumed>) = 0 [pid 518] memfd_create("syzkaller", 0 [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... memfd_create resumed>) = 5 [pid 517] <... futex resumed>) = 0 [pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 518] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 518] munmap(0x7fc6d067d000, 138412032) = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 518] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 518] close(5) = 0 [pid 518] close(6) = 0 [pid 518] mkdir("./file0", 0777) = 0 [pid 518] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 518] chdir("./file0") = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 518] ioctl(6, LOOP_CLR_FD) = 0 [pid 518] close(6) = 0 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = 1 [pid 518] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = 1 [pid 518] write(6, "#! ./file1\n", 11) = 11 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = 1 [pid 518] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 518] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = 1 [pid 518] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 517] <... futex resumed>) = ? [pid 518] +++ killed by SIGBUS +++ [pid 517] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=517, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 28.358247][ T518] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.389998][ T519] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-518: bg 0: block 234: padding at end of block bitmap is not set umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 523 ./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x55558c3586a0, 24) = 0 [pid 523] chdir("./30") = 0 [pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 523] setpgid(0, 0) = 0 [pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 523] write(3, "1000", 4) = 4 [pid 523] close(3) = 0 [pid 523] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 523] write(1, "executing program\n", 18) = 18 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 523] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[524]}, 88) = 524 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 524] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 524] memfd_create("syzkaller", 0) = 5 [pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 524] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 524] munmap(0x7fc6d067d000, 138412032) = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 524] close(5) = 0 [pid 524] close(6) = 0 [pid 524] mkdir("./file0", 0777) = 0 [pid 524] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 524] chdir("./file0") = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_CLR_FD) = 0 [pid 524] close(6) = 0 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] write(6, "#! ./file1\n", 11) = 11 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 524] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 524] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 523] <... futex resumed>) = ? [pid 524] +++ killed by SIGBUS +++ [pid 523] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=523, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 28.554879][ T524] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.588912][ T525] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-524: bg 0: block 234: padding at end of block bitmap is not set umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 529 ./strace-static-x86_64: Process 529 attached [pid 529] set_robust_list(0x55558c3586a0, 24) = 0 [pid 529] chdir("./31") = 0 [pid 529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 529] setpgid(0, 0) = 0 [pid 529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 529] write(3, "1000", 4) = 4 [pid 529] close(3) = 0 [pid 529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 529] write(1, "executing program\n", 18executing program ) = 18 [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 529] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] <... clone3 resumed> => {parent_tid=[530]}, 88) = 530 [pid 529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 529] <... futex resumed>) = 1 [pid 530] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 529] <... futex resumed>) = 1 [pid 530] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 529] <... futex resumed>) = 1 [pid 530] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 530] <... futex resumed>) = 0 [pid 530] memfd_create("syzkaller", 0 [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 530] <... memfd_create resumed>) = 5 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 530] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 530] munmap(0x7fc6d067d000, 138412032) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 530] close(5) = 0 [pid 530] close(6) = 0 [pid 530] mkdir("./file0", 0777) = 0 [pid 530] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 530] chdir("./file0") = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_CLR_FD) = 0 [pid 530] close(6) = 0 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 1 [pid 530] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 1 [pid 530] write(6, "#! ./file1\n", 11) = 11 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 1 [pid 530] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 530] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 1 [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 529] <... futex resumed>) = ? [pid 530] +++ killed by SIGBUS +++ [pid 529] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=529, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 28.718389][ T530] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.751775][ T531] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-530: bg 0: block 234: padding at end of block bitmap is not set umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 535 attached , child_tidptr=0x55558c358690) = 535 [pid 535] set_robust_list(0x55558c3586a0, 24) = 0 [pid 535] chdir("./32") = 0 [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 535] setpgid(0, 0) = 0 [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 535] write(3, "1000", 4) = 4 [pid 535] close(3) = 0 [pid 535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 535] write(1, "executing program\n", 18executing program ) = 18 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 535] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[536]}, 88) = 536 [pid 535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 536] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 536] memfd_create("syzkaller", 0) = 5 [pid 536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 536] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 536] munmap(0x7fc6d067d000, 138412032) = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 536] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 536] close(5) = 0 [pid 536] close(6) = 0 [pid 536] mkdir("./file0", 0777) = 0 [pid 536] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 536] chdir("./file0") = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 536] ioctl(6, LOOP_CLR_FD) = 0 [pid 536] close(6) = 0 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] write(6, "#! ./file1\n", 11) = 11 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 536] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] <... futex resumed>) = 0 [pid 536] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 535] <... futex resumed>) = ? [pid 536] +++ killed by SIGBUS +++ [pid 535] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=535, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 28.918368][ T536] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 28.951886][ T537] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-536: bg 0: block 234: padding at end of block bitmap is not set umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 541 ./strace-static-x86_64: Process 541 attached [pid 541] set_robust_list(0x55558c3586a0, 24) = 0 [pid 541] chdir("./33") = 0 [pid 541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 541] setpgid(0, 0) = 0 [pid 541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "1000", 4) = 4 [pid 541] close(3) = 0 [pid 541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 541] write(1, "executing program\n", 18executing program ) = 18 [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 541] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 541] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 542 attached [pid 542] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] <... clone3 resumed> => {parent_tid=[542]}, 88) = 542 [pid 541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] ioctl(3, VHOST_SET_OWNER [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] <... ioctl resumed>, 0) = 0 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 542] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 541] <... futex resumed>) = 1 [pid 542] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 541] <... futex resumed>) = 1 [pid 542] memfd_create("syzkaller", 0) = 5 [pid 542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 542] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 542] <... write resumed>) = 1048576 [pid 542] munmap(0x7fc6d067d000, 138412032) = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 542] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 542] close(5) = 0 [pid 542] close(6) = 0 [pid 542] mkdir("./file0", 0777) = 0 [pid 542] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 542] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 542] chdir("./file0") = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 542] ioctl(6, LOOP_CLR_FD) = 0 [pid 542] close(6) = 0 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] <... futex resumed>) = 1 [pid 542] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] <... futex resumed>) = 1 [pid 542] write(6, "#! ./file1\n", 11) = 11 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] <... futex resumed>) = 1 [pid 542] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 542] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 542] <... futex resumed>) = 1 [pid 542] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 541] <... futex resumed>) = ? [pid 542] +++ killed by SIGBUS +++ [pid 541] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=541, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 29.078497][ T542] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.111431][ T543] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-542: bg 0: block 234: padding at end of block bitmap is not set umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 547 attached , child_tidptr=0x55558c358690) = 547 [pid 547] set_robust_list(0x55558c3586a0, 24) = 0 [pid 547] chdir("./34") = 0 [pid 547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 547] setpgid(0, 0) = 0 [pid 547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 547] write(3, "1000", 4) = 4 [pid 547] close(3) = 0 [pid 547] symlink("/dev/binderfs", "./binderfs") = 0 [pid 547] write(1, "executing program\n", 18executing program ) = 18 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 547] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 547] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 547] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[548]}, 88) = 548 [pid 547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 548] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 548] memfd_create("syzkaller", 0) = 5 [pid 548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 548] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 548] munmap(0x7fc6d067d000, 138412032) = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 548] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 548] close(5) = 0 [pid 548] close(6) = 0 [pid 548] mkdir("./file0", 0777) = 0 [pid 548] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 548] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 548] chdir("./file0") = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 548] ioctl(6, LOOP_CLR_FD) = 0 [pid 548] close(6) = 0 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] <... futex resumed>) = 1 [pid 548] write(6, "#! ./file1\n", 11) = 11 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 548] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 547] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 548] <... futex resumed>) = 0 [ 29.278340][ T548] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 548] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 547] <... futex resumed>) = ? [pid 548] +++ killed by SIGBUS +++ [pid 547] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=547, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 29.313887][ T549] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-548: bg 0: block 234: padding at end of block bitmap is not set [ 29.331869][ T549] vhost-548 (549) used greatest stack depth: 22752 bytes left umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 553 ./strace-static-x86_64: Process 553 attached [pid 553] set_robust_list(0x55558c3586a0, 24) = 0 [pid 553] chdir("./35") = 0 [pid 553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 553] setpgid(0, 0) = 0 [pid 553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 553] write(3, "1000", 4) = 4 [pid 553] close(3) = 0 [pid 553] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 553] write(1, "executing program\n", 18) = 18 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 553] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 553] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 553] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 553] <... clone3 resumed> => {parent_tid=[554]}, 88) = 554 [pid 554] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 [pid 553] <... futex resumed>) = 1 [pid 554] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... openat resumed>) = 3 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 [pid 553] <... futex resumed>) = 1 [pid 554] ioctl(3, VHOST_SET_OWNER [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... ioctl resumed>, 0) = 0 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 554] memfd_create("syzkaller", 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... memfd_create resumed>) = 5 [pid 553] <... futex resumed>) = 0 [pid 554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 554] <... mmap resumed>) = 0x7fc6d067d000 [pid 554] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 554] munmap(0x7fc6d067d000, 138412032) = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 554] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 554] close(5) = 0 [pid 554] close(6) = 0 [pid 554] mkdir("./file0", 0777) = 0 [pid 554] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 554] chdir("./file0") = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 554] ioctl(6, LOOP_CLR_FD) = 0 [pid 554] close(6) = 0 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 554] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... futex resumed>) = 0 [pid 554] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... futex resumed>) = 1 [pid 554] write(6, "#! ./file1\n", 11) = 11 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 554] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... futex resumed>) = 0 [pid 554] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 554] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... futex resumed>) = 1 [ 29.468476][ T554] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 554] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 553] <... futex resumed>) = ? [pid 554] +++ killed by SIGBUS +++ [pid 553] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=553, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 29.509141][ T555] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-554: bg 0: block 234: padding at end of block bitmap is not set umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 559 ./strace-static-x86_64: Process 559 attached [pid 559] set_robust_list(0x55558c3586a0, 24) = 0 [pid 559] chdir("./36") = 0 [pid 559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 559] setpgid(0, 0) = 0 [pid 559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 559] write(3, "1000", 4) = 4 [pid 559] close(3) = 0 [pid 559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 559] write(1, "executing program\n", 18executing program ) = 18 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 559] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 559] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 559] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 560 attached => {parent_tid=[560]}, 88) = 560 [pid 560] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 560] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] <... openat resumed>) = 3 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 560] <... futex resumed>) = 0 [pid 559] <... futex resumed>) = 1 [pid 560] ioctl(3, VHOST_SET_OWNER [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] <... ioctl resumed>, 0) = 0 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 560] memfd_create("syzkaller", 0) = 5 [pid 560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 560] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 560] munmap(0x7fc6d067d000, 138412032) = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 560] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 560] close(5) = 0 [pid 560] close(6) = 0 [pid 560] mkdir("./file0", 0777) = 0 [pid 560] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 560] chdir("./file0") = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 560] ioctl(6, LOOP_CLR_FD) = 0 [pid 560] close(6) = 0 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] write(6, "#! ./file1\n", 11) = 11 [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 29.688438][ T560] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 560] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 559] <... futex resumed>) = ? [pid 560] +++ killed by SIGBUS +++ [pid 559] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=559, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 29.735323][ T561] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-560: bg 0: block 234: padding at end of block bitmap is not set umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 565 ./strace-static-x86_64: Process 565 attached [pid 565] set_robust_list(0x55558c3586a0, 24) = 0 [pid 565] chdir("./37") = 0 [pid 565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 565] setpgid(0, 0) = 0 [pid 565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 565] write(3, "1000", 4) = 4 [pid 565] close(3) = 0 [pid 565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 565] write(1, "executing program\n", 18executing program ) = 18 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 565] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 565] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 565] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 566 attached [pid 566] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] <... clone3 resumed> => {parent_tid=[566]}, 88) = 566 [pid 565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 565] <... futex resumed>) = 1 [pid 566] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] <... futex resumed>) = 0 [pid 566] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] <... futex resumed>) = 0 [pid 566] ioctl(3, VHOST_SET_VRING_ADDR [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... ioctl resumed>, 0x200000000300) = 0 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] <... futex resumed>) = 0 [pid 566] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] <... futex resumed>) = 0 [pid 566] ioctl(3, VHOST_SET_MEM_TABLE [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... ioctl resumed>, 0x200000003380) = 0 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] <... futex resumed>) = 0 [pid 566] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... futex resumed>) = 0 [pid 566] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] <... futex resumed>) = 0 [pid 566] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 565] <... futex resumed>) = 1 [pid 566] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 565] <... futex resumed>) = 0 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 565] <... futex resumed>) = 0 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... futex resumed>) = 0 [pid 566] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 565] <... futex resumed>) = 0 [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 566] memfd_create("syzkaller", 0) = 5 [pid 566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 566] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 566] munmap(0x7fc6d067d000, 138412032) = 0 [pid 566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 566] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 566] close(5) = 0 [pid 566] close(6) = 0 [pid 566] mkdir("./file0", 0777) = 0 [pid 566] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 566] chdir("./file0") = 0 [pid 566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 566] ioctl(6, LOOP_CLR_FD) = 0 [pid 566] close(6) = 0 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] <... futex resumed>) = 0 [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] <... futex resumed>) = 0 [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] write(6, "#! ./file1\n", 11) = 11 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] <... futex resumed>) = 0 [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 566] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] <... futex resumed>) = 0 [pid 565] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 565] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 565] <... futex resumed>) = ? [pid 566] +++ killed by SIGBUS +++ [pid 565] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=565, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 29.918304][ T566] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 29.952441][ T567] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-566: bg 0: block 234: padding at end of block bitmap is not set umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 571 ./strace-static-x86_64: Process 571 attached [pid 571] set_robust_list(0x55558c3586a0, 24) = 0 [pid 571] chdir("./38") = 0 [pid 571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 571] setpgid(0, 0) = 0 [pid 571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 571] write(3, "1000", 4) = 4 [pid 571] close(3) = 0 [pid 571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 571] write(1, "executing program\n", 18executing program ) = 18 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 571] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[572]}, 88) = 572 ./strace-static-x86_64: Process 572 attached [pid 571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 572] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 572] memfd_create("syzkaller", 0) = 5 [pid 572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 572] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 572] munmap(0x7fc6d067d000, 138412032) = 0 [pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 572] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 572] close(5) = 0 [pid 572] close(6) = 0 [pid 572] mkdir("./file0", 0777) = 0 [pid 572] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 572] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 572] chdir("./file0") = 0 [pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 572] ioctl(6, LOOP_CLR_FD) = 0 [pid 572] close(6) = 0 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] write(6, "#! ./file1\n", 11) = 11 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 572] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] <... futex resumed>) = 0 [pid 571] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 571] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 0 [pid 572] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [ 30.087272][ T572] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.121376][ T573] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-572: bg 0: block 234: padding at end of block bitmap is not set [pid 571] <... futex resumed>) = ? [pid 572] +++ killed by SIGBUS +++ [pid 571] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=571, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 577 ./strace-static-x86_64: Process 577 attached [pid 577] set_robust_list(0x55558c3586a0, 24) = 0 [pid 577] chdir("./39") = 0 [pid 577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 577] setpgid(0, 0) = 0 [pid 577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 577] write(3, "1000", 4) = 4 [pid 577] close(3) = 0 [pid 577] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 577] write(1, "executing program\n", 18) = 18 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 577] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 577] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 577] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 578 attached [pid 578] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 578] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] <... clone3 resumed> => {parent_tid=[578]}, 88) = 578 [pid 577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 578] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 578] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 578] <... futex resumed>) = 0 [pid 578] ioctl(3, VHOST_SET_VRING_ADDR [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] <... ioctl resumed>, 0x200000000300) = 0 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 577] <... futex resumed>) = 1 [pid 578] ioctl(3, VHOST_SET_MEM_TABLE [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] <... ioctl resumed>, 0x200000003380) = 0 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 578] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 577] <... futex resumed>) = 1 [pid 578] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 577] <... futex resumed>) = 1 [pid 578] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 577] <... futex resumed>) = 1 [pid 578] ioctl(3, VHOST_SET_VRING_ADDR [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] <... ioctl resumed>, 0x200000000240) = 0 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] <... futex resumed>) = 0 [pid 578] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 577] <... futex resumed>) = 1 [pid 578] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 578] memfd_create("syzkaller", 0) = 5 [pid 578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 578] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 578] munmap(0x7fc6d067d000, 138412032) = 0 [pid 578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 578] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 578] close(5) = 0 [pid 578] close(6) = 0 [pid 578] mkdir("./file0", 0777) = 0 [pid 578] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 578] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 578] chdir("./file0") = 0 [pid 578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 578] ioctl(6, LOOP_CLR_FD) = 0 [pid 578] close(6) = 0 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 578] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] <... openat resumed>) = 6 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] write(6, "#! ./file1\n", 11) = 11 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 578] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 577] <... futex resumed>) = 0 [pid 577] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 577] <... futex resumed>) = ? [pid 578] +++ killed by SIGBUS +++ [pid 577] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=577, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 30.228363][ T578] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.262752][ T579] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-578: bg 0: block 234: padding at end of block bitmap is not set umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 583 ./strace-static-x86_64: Process 583 attached [pid 583] set_robust_list(0x55558c3586a0, 24) = 0 [pid 583] chdir("./40") = 0 [pid 583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 583] setpgid(0, 0) = 0 [pid 583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 583] write(3, "1000", 4) = 4 [pid 583] close(3) = 0 [pid 583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 583] write(1, "executing program\n", 18executing program ) = 18 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 583] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 583] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 583] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[584]}, 88) = 584 [pid 583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 584 attached [pid 584] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 584] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 584] memfd_create("syzkaller", 0) = 5 [pid 584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 584] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 584] munmap(0x7fc6d067d000, 138412032) = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 584] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 584] close(5) = 0 [pid 584] close(6) = 0 [pid 584] mkdir("./file0", 0777) = 0 [pid 584] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 584] chdir("./file0") = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 584] ioctl(6, LOOP_CLR_FD) = 0 [pid 584] close(6) = 0 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] write(6, "#! ./file1\n", 11) = 11 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 584] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 584] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 583] <... futex resumed>) = 0 [pid 583] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 583] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] <... futex resumed>) = 0 [pid 584] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 583] <... futex resumed>) = ? [pid 584] +++ killed by SIGBUS +++ [pid 583] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=583, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 30.418173][ T584] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.451237][ T585] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-584: bg 0: block 234: padding at end of block bitmap is not set umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 589 ./strace-static-x86_64: Process 589 attached [pid 589] set_robust_list(0x55558c3586a0, 24) = 0 [pid 589] chdir("./41") = 0 [pid 589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 589] setpgid(0, 0) = 0 [pid 589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 589] write(3, "1000", 4) = 4 [pid 589] close(3) = 0 [pid 589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 589] write(1, "executing program\n", 18executing program ) = 18 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 589] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 589] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 590 attached [pid 590] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 590] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] <... clone3 resumed> => {parent_tid=[590]}, 88) = 590 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 590] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... openat resumed>) = 3 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 590] ioctl(3, VHOST_SET_OWNER [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... ioctl resumed>, 0) = 0 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 590] eventfd2(118, EFD_SEMAPHORE [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... eventfd2 resumed>) = 4 [pid 589] <... futex resumed>) = 0 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 0 [pid 589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 589] <... futex resumed>) = 0 [pid 590] ioctl(3, VHOST_SET_VRING_ADDR [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... ioctl resumed>, 0x200000000240) = 0 [pid 589] <... futex resumed>) = 0 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 0 [pid 589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] ioctl(3, VHOST_SET_VRING_KICK [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... ioctl resumed>, 0x200000000000) = 0 [pid 589] <... futex resumed>) = 0 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 0 [pid 589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] memfd_create("syzkaller", 0 [pid 589] <... futex resumed>) = 0 [pid 590] <... memfd_create resumed>) = 5 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 590] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 590] munmap(0x7fc6d067d000, 138412032) = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 590] close(5) = 0 [pid 590] close(6) = 0 [pid 590] mkdir("./file0", 0777) = 0 [pid 590] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 590] chdir("./file0") = 0 [pid 590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 590] ioctl(6, LOOP_CLR_FD) = 0 [pid 590] close(6) = 0 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 1 [pid 590] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 1 [pid 590] write(6, "#! ./file1\n", 11) = 11 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 1 [pid 590] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 590] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] <... futex resumed>) = 0 [pid 589] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 1 [pid 590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 589] <... futex resumed>) = ? [pid 590] +++ killed by SIGBUS +++ [pid 589] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=589, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 30.578220][ T590] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.610348][ T591] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-590: bg 0: block 234: padding at end of block bitmap is not set umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 595 attached , child_tidptr=0x55558c358690) = 595 [pid 595] set_robust_list(0x55558c3586a0, 24) = 0 [pid 595] chdir("./42") = 0 [pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 595] setpgid(0, 0) = 0 [pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 595] write(3, "1000", 4) = 4 [pid 595] close(3) = 0 [pid 595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 595] write(1, "executing program\n", 18executing program ) = 18 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 595] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 595] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 595] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 595] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[596]}, 88) = 596 [pid 595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 596 attached [pid 596] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 596] memfd_create("syzkaller", 0) = 5 [pid 596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 596] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 596] munmap(0x7fc6d067d000, 138412032) = 0 [pid 596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 596] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 596] close(5) = 0 [pid 596] close(6) = 0 [pid 596] mkdir("./file0", 0777) = 0 [pid 596] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 596] chdir("./file0") = 0 [pid 596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 596] ioctl(6, LOOP_CLR_FD) = 0 [pid 596] close(6) = 0 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] write(6, "#! ./file1\n", 11) = 11 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 596] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 595] <... futex resumed>) = ? [pid 596] +++ killed by SIGBUS +++ [pid 595] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=595, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 30.748459][ T596] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.782549][ T597] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-596: bg 0: block 234: padding at end of block bitmap is not set umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 601 ./strace-static-x86_64: Process 601 attached [pid 601] set_robust_list(0x55558c3586a0, 24) = 0 [pid 601] chdir("./43") = 0 [pid 601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 601] setpgid(0, 0) = 0 [pid 601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 601] write(3, "1000", 4) = 4 [pid 601] close(3) = 0 [pid 601] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 601] write(1, "executing program\n", 18) = 18 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 601] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 602 attached => {parent_tid=[602]}, 88) = 602 [pid 601] rt_sigprocmask(SIG_SETMASK, [], [pid 602] set_robust_list(0x7fc6d8a9d9a0, 24 [pid 601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 602] <... set_robust_list resumed>) = 0 [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] rt_sigprocmask(SIG_SETMASK, [], [pid 601] <... futex resumed>) = 0 [pid 602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 602] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 602] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] eventfd2(118, EFD_SEMAPHORE [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... eventfd2 resumed>) = 4 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 601] <... futex resumed>) = 0 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 602] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 602] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 602] memfd_create("syzkaller", 0) = 5 [pid 602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 602] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 602] munmap(0x7fc6d067d000, 138412032) = 0 [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 602] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 602] close(5) = 0 [pid 602] close(6) = 0 [pid 602] mkdir("./file0", 0777) = 0 [pid 602] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 602] chdir("./file0") = 0 [pid 602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 602] ioctl(6, LOOP_CLR_FD) = 0 [pid 602] close(6) = 0 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 1 [pid 602] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] write(6, "#! ./file1\n", 11) = 11 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 602] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] <... futex resumed>) = 0 [pid 601] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 601] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 0 [pid 602] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 601] <... futex resumed>) = ? [pid 602] +++ killed by SIGBUS +++ [pid 601] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=601, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 30.918303][ T602] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 30.953260][ T603] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-602: bg 0: block 234: padding at end of block bitmap is not set umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 607 ./strace-static-x86_64: Process 607 attached [pid 607] set_robust_list(0x55558c3586a0, 24) = 0 [pid 607] chdir("./44") = 0 [pid 607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 607] setpgid(0, 0) = 0 [pid 607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 607] write(3, "1000", 4) = 4 [pid 607] close(3) = 0 [pid 607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 607] write(1, "executing program\n", 18executing program ) = 18 [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 607] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 607] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 608 attached => {parent_tid=[608]}, 88) = 608 [pid 608] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 608] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] <... futex resumed>) = 0 [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 607] <... futex resumed>) = 1 [pid 608] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... futex resumed>) = 0 [pid 607] <... futex resumed>) = 1 [pid 608] memfd_create("syzkaller", 0 [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 608] <... memfd_create resumed>) = 5 [pid 608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 608] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 608] munmap(0x7fc6d067d000, 138412032) = 0 [pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 608] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 608] close(5) = 0 [pid 608] close(6) = 0 [pid 608] mkdir("./file0", 0777) = 0 [pid 608] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 608] chdir("./file0") = 0 [pid 608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 608] ioctl(6, LOOP_CLR_FD) = 0 [pid 608] close(6) = 0 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 608] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... openat resumed>) = 6 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] write(6, "#! ./file1\n", 11) = 11 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 608] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 608] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] <... futex resumed>) = 0 [pid 607] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 607] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 0 [pid 608] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 607] <... futex resumed>) = ? [pid 608] +++ killed by SIGBUS +++ [pid 607] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=607, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 31.109192][ T608] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.143147][ T609] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-608: bg 0: block 234: padding at end of block bitmap is not set umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 613 ./strace-static-x86_64: Process 613 attached [pid 613] set_robust_list(0x55558c3586a0, 24) = 0 [pid 613] chdir("./45") = 0 [pid 613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 613] setpgid(0, 0) = 0 [pid 613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 613] write(3, "1000", 4) = 4 [pid 613] close(3) = 0 [pid 613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 613] write(1, "executing program\n", 18executing program ) = 18 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 613] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 613] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[614]}, 88) = 614 [pid 613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 614 attached [pid 614] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 614] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 614] memfd_create("syzkaller", 0) = 5 [pid 614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 614] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 614] munmap(0x7fc6d067d000, 138412032) = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 614] close(5) = 0 [pid 614] close(6) = 0 [pid 614] mkdir("./file0", 0777) = 0 [pid 614] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 614] chdir("./file0") = 0 [pid 614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 614] ioctl(6, LOOP_CLR_FD) = 0 [pid 614] close(6) = 0 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] write(6, "#! ./file1\n", 11) = 11 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 614] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 614] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 613] <... futex resumed>) = 0 [pid 613] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 613] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] <... futex resumed>) = 0 [pid 614] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 613] <... futex resumed>) = ? [pid 614] +++ killed by SIGBUS +++ [pid 613] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=613, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 31.337386][ T614] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.371498][ T615] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-614: bg 0: block 234: padding at end of block bitmap is not set umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 619 attached [pid 619] set_robust_list(0x55558c3586a0, 24) = 0 [pid 341] <... clone resumed>, child_tidptr=0x55558c358690) = 619 [pid 619] chdir("./46") = 0 [pid 619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 619] setpgid(0, 0) = 0 [pid 619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 619] write(3, "1000", 4) = 4 [pid 619] close(3) = 0 [pid 619] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 619] write(1, "executing program\n", 18) = 18 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 619] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 619] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 620 attached [pid 620] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... clone3 resumed> => {parent_tid=[620]}, 88) = 620 [pid 619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 620] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] <... futex resumed>) = 0 [pid 620] ioctl(3, VHOST_SET_MEM_TABLE [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... ioctl resumed>, 0x200000003380) = 0 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] <... futex resumed>) = 0 [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 620] eventfd2(118, EFD_SEMAPHORE [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... eventfd2 resumed>) = 4 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] <... futex resumed>) = 0 [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 620] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = 0 [pid 620] ioctl(3, VHOST_SET_VRING_KICK [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... ioctl resumed>, 0x200000000000) = 0 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] <... futex resumed>) = 0 [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... ioctl resumed>, 0x200000000140) = 0 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 620] <... futex resumed>) = 0 [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 620] memfd_create("syzkaller", 0) = 5 [pid 620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 620] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 620] munmap(0x7fc6d067d000, 138412032) = 0 [pid 620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 620] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 620] close(5) = 0 [pid 620] close(6) = 0 [pid 620] mkdir("./file0", 0777) = 0 [pid 620] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 620] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 620] chdir("./file0") = 0 [pid 620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 620] ioctl(6, LOOP_CLR_FD) = 0 [pid 620] close(6) = 0 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] write(6, "#! ./file1\n", 11) = 11 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 620] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 620] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... futex resumed>) = 0 [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 619] <... futex resumed>) = ? [pid 620] +++ killed by SIGBUS +++ [pid 619] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=619, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 31.557496][ T620] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 31.592165][ T621] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-620: bg 0: block 234: padding at end of block bitmap is not set umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 625 ./strace-static-x86_64: Process 625 attached [pid 625] set_robust_list(0x55558c3586a0, 24) = 0 [pid 625] chdir("./47") = 0 [pid 625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 625] setpgid(0, 0) = 0 [pid 625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 625] write(3, "1000", 4) = 4 [pid 625] close(3) = 0 [pid 625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 625] write(1, "executing program\n", 18executing program ) = 18 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 625] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 625] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 625] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[626]}, 88) = 626 [pid 625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 626 attached [pid 626] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 626] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 626] memfd_create("syzkaller", 0) = 5 [pid 626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 626] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 626] munmap(0x7fc6d067d000, 138412032) = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 626] close(5) = 0 [pid 626] close(6) = 0 [pid 626] mkdir("./file0", 0777) = 0 [pid 626] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 626] chdir("./file0") = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_CLR_FD) = 0 [pid 626] close(6) = 0 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] write(6, "#! ./file1\n", 11) = 11 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 626] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 31.848542][ T626] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 625] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 625] <... futex resumed>) = ? [pid 626] +++ killed by SIGBUS +++ [pid 625] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=625, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 31.892905][ T627] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-626: bg 0: block 234: padding at end of block bitmap is not set umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 631 ./strace-static-x86_64: Process 631 attached [pid 631] set_robust_list(0x55558c3586a0, 24) = 0 [pid 631] chdir("./48") = 0 [pid 631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 631] setpgid(0, 0) = 0 [pid 631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 631] write(3, "1000", 4) = 4 [pid 631] close(3) = 0 [pid 631] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 631] write(1, "executing program\n", 18) = 18 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 631] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 631] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 632 attached => {parent_tid=[632]}, 88) = 632 [pid 632] set_robust_list(0x7fc6d8a9d9a0, 24 [pid 631] rt_sigprocmask(SIG_SETMASK, [], [pid 632] <... set_robust_list resumed>) = 0 [pid 631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 632] rt_sigprocmask(SIG_SETMASK, [], [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 632] ioctl(3, VHOST_SET_OWNER [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... ioctl resumed>, 0) = 0 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 632] memfd_create("syzkaller", 0) = 5 [pid 632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 632] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 632] munmap(0x7fc6d067d000, 138412032) = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 632] close(5) = 0 [pid 632] close(6) = 0 [pid 632] mkdir("./file0", 0777) = 0 [pid 632] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 632] chdir("./file0") = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_CLR_FD) = 0 [pid 632] close(6) = 0 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 1 [pid 632] write(6, "#! ./file1\n", 11) = 11 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 1 [pid 632] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 632] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.168347][ T632] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 631] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... futex resumed>) = 1 [pid 632] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 631] <... futex resumed>) = ? [pid 632] +++ killed by SIGBUS +++ [pid 631] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=631, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 32.212574][ T633] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-632: bg 0: block 234: padding at end of block bitmap is not set umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 637 ./strace-static-x86_64: Process 637 attached [pid 637] set_robust_list(0x55558c3586a0, 24) = 0 [pid 637] chdir("./49") = 0 [pid 637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 637] setpgid(0, 0) = 0 [pid 637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 637] write(3, "1000", 4) = 4 [pid 637] close(3) = 0 [pid 637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 637] write(1, "executing program\n", 18executing program ) = 18 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 637] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 638 attached [pid 638] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 638] rt_sigprocmask(SIG_SETMASK, [], [pid 637] <... clone3 resumed> => {parent_tid=[638]}, 88) = 638 [pid 638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 638] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 638] <... futex resumed>) = 0 [pid 638] ioctl(3, VHOST_SET_MEM_TABLE [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... ioctl resumed>, 0x200000003380) = 0 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... futex resumed>) = 0 [pid 638] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 638] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... futex resumed>) = 0 [pid 637] <... futex resumed>) = 1 [pid 638] ioctl(3, VHOST_SET_VRING_ERR [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 637] <... futex resumed>) = 0 [pid 638] ioctl(3, VHOST_SET_VRING_ADDR [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... ioctl resumed>, 0x200000000240) = 0 [pid 637] <... futex resumed>) = 0 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 637] <... futex resumed>) = 0 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... futex resumed>) = 0 [pid 637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 638] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... ioctl resumed>, 0x200000000140) = 0 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 638] <... futex resumed>) = 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... futex resumed>) = 0 [pid 637] <... futex resumed>) = 1 [pid 638] memfd_create("syzkaller", 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 638] <... memfd_create resumed>) = 5 [pid 638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 638] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 638] munmap(0x7fc6d067d000, 138412032) = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 638] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 638] close(5) = 0 [pid 638] close(6) = 0 [pid 638] mkdir("./file0", 0777) = 0 [pid 638] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 638] chdir("./file0") = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 638] ioctl(6, LOOP_CLR_FD) = 0 [pid 638] close(6) = 0 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... futex resumed>) = 1 [pid 638] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... futex resumed>) = 1 [pid 638] write(6, "#! ./file1\n", 11) = 11 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... futex resumed>) = 1 [pid 638] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 638] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... futex resumed>) = 1 [pid 638] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 637] <... futex resumed>) = ? [pid 638] +++ killed by SIGBUS +++ [pid 637] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=637, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 32.335749][ T638] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 32.370376][ T639] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-638: bg 0: block 234: padding at end of block bitmap is not set umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 643 ./strace-static-x86_64: Process 643 attached [pid 643] set_robust_list(0x55558c3586a0, 24) = 0 [pid 643] chdir("./50") = 0 [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 643] setpgid(0, 0) = 0 [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 643] write(3, "1000", 4) = 4 [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 643] write(1, "executing program\n", 18) = 18 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 643] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[644]}, 88) = 644 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 644 attached [pid 644] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 644] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 644] memfd_create("syzkaller", 0) = 5 [pid 644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 644] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 644] munmap(0x7fc6d067d000, 138412032) = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 644] close(5) = 0 [pid 644] close(6) = 0 [pid 644] mkdir("./file0", 0777) = 0 [pid 644] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 644] chdir("./file0") = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_CLR_FD) = 0 [pid 644] close(6) = 0 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] write(6, "#! ./file1\n", 11) = 11 [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 32.508488][ T644] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 644] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 644] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 643] <... futex resumed>) = ? [pid 644] +++ killed by SIGBUS +++ [pid 643] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=643, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 32.548815][ T645] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-644: bg 0: block 234: padding at end of block bitmap is not set umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 649 ./strace-static-x86_64: Process 649 attached [pid 649] set_robust_list(0x55558c3586a0, 24) = 0 [pid 649] chdir("./51") = 0 [pid 649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 649] setpgid(0, 0) = 0 [pid 649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 649] write(3, "1000", 4) = 4 [pid 649] close(3) = 0 [pid 649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 649] write(1, "executing program\n", 18executing program ) = 18 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 649] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[650]}, 88) = 650 [pid 649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 650] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 650] memfd_create("syzkaller", 0) = 5 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 650] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 650] munmap(0x7fc6d067d000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 650] close(5) = 0 [pid 650] close(6) = 0 [pid 650] mkdir("./file0", 0777) = 0 [pid 650] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 650] chdir("./file0") = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_CLR_FD) = 0 [pid 650] close(6) = 0 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] write(6, "#! ./file1\n", 11) = 11 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 650] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 650] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] <... futex resumed>) = 0 [ 32.728773][ T650] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 649] <... futex resumed>) = ? [pid 650] +++ killed by SIGBUS +++ [pid 649] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=649, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 32.764857][ T651] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-650: bg 0: block 234: padding at end of block bitmap is not set umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 655 ./strace-static-x86_64: Process 655 attached [pid 655] set_robust_list(0x55558c3586a0, 24) = 0 [pid 655] chdir("./52") = 0 [pid 655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] setpgid(0, 0) = 0 [pid 655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] write(3, "1000", 4) = 4 [pid 655] close(3) = 0 [pid 655] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 655] write(1, "executing program\n", 18) = 18 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 655] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 656 attached [pid 656] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 655] <... clone3 resumed> => {parent_tid=[656]}, 88) = 656 [pid 655] rt_sigprocmask(SIG_SETMASK, [], [pid 656] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] ioctl(3, VHOST_SET_OWNER [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] <... ioctl resumed>, 0) = 0 [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 656] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 656] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] ioctl(3, VHOST_SET_MEM_TABLE [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] <... ioctl resumed>, 0x200000003380) = 0 [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 656] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] eventfd2(118, EFD_SEMAPHORE [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] <... eventfd2 resumed>) = 4 [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 656] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 656] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 656] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 656] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 656] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... futex resumed>) = 0 [pid 655] <... futex resumed>) = 1 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 656] memfd_create("syzkaller", 0) = 5 [pid 656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 656] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 656] munmap(0x7fc6d067d000, 138412032) = 0 [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 656] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 656] close(5) = 0 [pid 656] close(6) = 0 [pid 656] mkdir("./file0", 0777) = 0 [pid 656] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 656] chdir("./file0") = 0 [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 656] ioctl(6, LOOP_CLR_FD) = 0 [pid 656] close(6) = 0 [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] write(6, "#! ./file1\n", 11) = 11 [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.907831][ T656] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 656] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 656] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 655] <... futex resumed>) = ? [pid 656] +++ killed by SIGBUS +++ [pid 655] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=655, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 32.948755][ T657] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-656: bg 0: block 234: padding at end of block bitmap is not set umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 661 attached , child_tidptr=0x55558c358690) = 661 [pid 661] set_robust_list(0x55558c3586a0, 24) = 0 [pid 661] chdir("./53") = 0 [pid 661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 661] setpgid(0, 0) = 0 [pid 661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 661] write(3, "1000", 4) = 4 [pid 661] close(3) = 0 [pid 661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 661] write(1, "executing program\n", 18executing program ) = 18 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 661] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 662 attached [pid 662] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 662] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] <... clone3 resumed> => {parent_tid=[662]}, 88) = 662 [pid 661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 661] <... futex resumed>) = 1 [pid 662] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 662] <... futex resumed>) = 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 661] <... futex resumed>) = 1 [pid 662] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 662] <... futex resumed>) = 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 662] eventfd2(118, EFD_SEMAPHORE [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... eventfd2 resumed>) = 4 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_ERR [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 661] <... futex resumed>) = 0 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... futex resumed>) = 0 [pid 661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 662] <... futex resumed>) = 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 661] <... futex resumed>) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_KICK [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... ioctl resumed>, 0x200000000000) = 0 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 662] <... futex resumed>) = 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 661] <... futex resumed>) = 0 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... futex resumed>) = 0 [pid 661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 662] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 661] <... futex resumed>) = 0 [pid 662] memfd_create("syzkaller", 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 662] <... memfd_create resumed>) = 5 [pid 662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 662] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 662] munmap(0x7fc6d067d000, 138412032) = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 662] close(5) = 0 [pid 662] close(6) = 0 [pid 662] mkdir("./file0", 0777) = 0 [pid 662] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 662] chdir("./file0") = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_CLR_FD) = 0 [pid 662] close(6) = 0 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... futex resumed>) = 1 [pid 662] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... futex resumed>) = 1 [pid 662] write(6, "#! ./file1\n", 11) = 11 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... futex resumed>) = 1 [pid 662] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 662] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] <... futex resumed>) = 1 [pid 662] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 661] <... futex resumed>) = ? [pid 662] +++ killed by SIGBUS +++ [pid 661] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=661, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 33.088194][ T662] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.119582][ T663] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-662: bg 0: block 234: padding at end of block bitmap is not set umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 667 ./strace-static-x86_64: Process 667 attached [pid 667] set_robust_list(0x55558c3586a0, 24) = 0 [pid 667] chdir("./54") = 0 [pid 667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 667] setpgid(0, 0) = 0 [pid 667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 667] write(3, "1000", 4) = 4 [pid 667] close(3) = 0 [pid 667] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 667] write(1, "executing program\n", 18) = 18 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 667] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 667] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[668]}, 88) = 668 [pid 667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 668 attached [pid 668] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 668] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 668] memfd_create("syzkaller", 0) = 5 [pid 668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 668] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 668] munmap(0x7fc6d067d000, 138412032) = 0 [pid 668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 668] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 668] close(5) = 0 [pid 668] close(6) = 0 [pid 668] mkdir("./file0", 0777) = 0 [pid 668] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 668] chdir("./file0") = 0 [pid 668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 668] ioctl(6, LOOP_CLR_FD) = 0 [pid 668] close(6) = 0 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] write(6, "#! ./file1\n", 11) = 11 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 668] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 668] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 667] <... futex resumed>) = ? [pid 668] +++ killed by SIGBUS +++ [pid 667] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=667, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 33.278424][ T668] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.312506][ T669] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-668: bg 0: block 234: padding at end of block bitmap is not set umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 673 ./strace-static-x86_64: Process 673 attached [pid 673] set_robust_list(0x55558c3586a0, 24) = 0 [pid 673] chdir("./55") = 0 [pid 673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 673] setpgid(0, 0) = 0 [pid 673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 673] write(3, "1000", 4) = 4 [pid 673] close(3) = 0 [pid 673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 673] write(1, "executing program\n", 18executing program ) = 18 [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 673] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 673] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 673] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 674 attached [pid 674] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] <... clone3 resumed> => {parent_tid=[674]}, 88) = 674 [pid 673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 673] <... futex resumed>) = 1 [pid 674] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 673] <... futex resumed>) = 1 [pid 674] memfd_create("syzkaller", 0 [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 674] <... memfd_create resumed>) = 5 [pid 674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 674] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 674] munmap(0x7fc6d067d000, 138412032) = 0 [pid 674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 674] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 674] close(5) = 0 [pid 674] close(6) = 0 [pid 674] mkdir("./file0", 0777) = 0 [pid 674] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 674] chdir("./file0") = 0 [pid 674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 674] ioctl(6, LOOP_CLR_FD) = 0 [pid 674] close(6) = 0 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] write(6, "#! ./file1\n", 11) = 11 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 674] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] <... futex resumed>) = 0 [pid 673] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 673] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] <... futex resumed>) = 0 [pid 674] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 673] <... futex resumed>) = ? [pid 674] +++ killed by SIGBUS +++ [pid 673] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=673, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 33.468288][ T674] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.500785][ T675] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-674: bg 0: block 234: padding at end of block bitmap is not set umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 679 attached , child_tidptr=0x55558c358690) = 679 [pid 679] set_robust_list(0x55558c3586a0, 24) = 0 [pid 679] chdir("./56") = 0 [pid 679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 679] setpgid(0, 0) = 0 [pid 679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 679] write(3, "1000", 4) = 4 [pid 679] close(3) = 0 [pid 679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 679] write(1, "executing program\n", 18executing program ) = 18 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 679] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 679] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[680]}, 88) = 680 [pid 679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 680 attached [pid 680] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 680] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 680] memfd_create("syzkaller", 0) = 5 [pid 680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 680] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 680] munmap(0x7fc6d067d000, 138412032) = 0 [pid 680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 680] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 680] close(5) = 0 [pid 680] close(6) = 0 [pid 680] mkdir("./file0", 0777) = 0 [pid 680] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 680] chdir("./file0") = 0 [pid 680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 680] ioctl(6, LOOP_CLR_FD) = 0 [pid 680] close(6) = 0 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] <... futex resumed>) = 1 [pid 680] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] write(6, "#! ./file1\n", 11) = 11 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 680] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] <... futex resumed>) = 0 [pid 679] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] <... futex resumed>) = 0 [pid 680] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 679] <... futex resumed>) = ? [pid 680] +++ killed by SIGBUS +++ [pid 679] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=679, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 33.638284][ T680] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.671207][ T681] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-680: bg 0: block 234: padding at end of block bitmap is not set umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 685 ./strace-static-x86_64: Process 685 attached [pid 685] set_robust_list(0x55558c3586a0, 24) = 0 [pid 685] chdir("./57") = 0 [pid 685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 685] setpgid(0, 0) = 0 [pid 685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 685] write(3, "1000", 4) = 4 [pid 685] close(3) = 0 [pid 685] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 685] write(1, "executing program\n", 18) = 18 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 685] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 685] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[686]}, 88) = 686 ./strace-static-x86_64: Process 686 attached [pid 685] rt_sigprocmask(SIG_SETMASK, [], [pid 686] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 686] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 685] <... futex resumed>) = 1 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 686] ioctl(3, VHOST_SET_VRING_ADDR [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] <... ioctl resumed>, 0x200000000300) = 0 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 686] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 685] <... futex resumed>) = 1 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] ioctl(3, VHOST_SET_VRING_KICK [pid 685] <... futex resumed>) = 0 [pid 686] <... ioctl resumed>, 0x200000000000) = 0 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] <... futex resumed>) = 0 [pid 685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 686] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 685] <... futex resumed>) = 1 [pid 686] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] <... ioctl resumed>, 0x200000000140) = 0 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 686] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 686] memfd_create("syzkaller", 0) = 5 [pid 686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 686] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 686] munmap(0x7fc6d067d000, 138412032) = 0 [pid 686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 686] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 686] close(5) = 0 [pid 686] close(6) = 0 [pid 686] mkdir("./file0", 0777) = 0 [pid 686] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 686] chdir("./file0") = 0 [pid 686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 686] ioctl(6, LOOP_CLR_FD) = 0 [pid 686] close(6) = 0 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] write(6, "#! ./file1\n", 11) = 11 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 686] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 686] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 685] <... futex resumed>) = 0 [pid 685] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 685] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 686] <... futex resumed>) = 0 [pid 686] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 685] <... futex resumed>) = ? [pid 686] +++ killed by SIGBUS +++ [pid 685] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=685, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 33.832083][ T686] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 33.865852][ T687] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-686: bg 0: block 234: padding at end of block bitmap is not set umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 691 ./strace-static-x86_64: Process 691 attached [pid 691] set_robust_list(0x55558c3586a0, 24) = 0 [pid 691] chdir("./58") = 0 [pid 691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 691] setpgid(0, 0) = 0 [pid 691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 691] write(3, "1000", 4) = 4 [pid 691] close(3) = 0 [pid 691] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 691] write(1, "executing program\n", 18) = 18 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 691] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 691] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 692 attached [pid 692] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 692] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 691] <... clone3 resumed> => {parent_tid=[692]}, 88) = 692 [pid 691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = 1 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 692] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 692] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 691] <... futex resumed>) = 0 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 692] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 691] <... futex resumed>) = 0 [pid 692] ioctl(3, VHOST_SET_VRING_KICK [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] <... ioctl resumed>, 0x200000000000) = 0 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 692] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 691] <... futex resumed>) = 0 [pid 692] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] <... ioctl resumed>, 0x200000000140) = 0 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] <... futex resumed>) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 692] memfd_create("syzkaller", 0) = 5 [pid 692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 692] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 692] munmap(0x7fc6d067d000, 138412032) = 0 [pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 692] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 692] close(5) = 0 [pid 692] close(6) = 0 [pid 692] mkdir("./file0", 0777) = 0 [pid 692] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 692] chdir("./file0") = 0 [pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 692] ioctl(6, LOOP_CLR_FD) = 0 [pid 692] close(6) = 0 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] write(6, "#! ./file1\n", 11) = 11 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 692] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 692] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 691] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 692] <... futex resumed>) = 0 [pid 692] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 691] <... futex resumed>) = ? [pid 692] +++ killed by SIGBUS +++ [pid 691] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=691, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 34.005605][ T692] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.039879][ T693] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-692: bg 0: block 234: padding at end of block bitmap is not set umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 697 ./strace-static-x86_64: Process 697 attached [pid 697] set_robust_list(0x55558c3586a0, 24) = 0 [pid 697] chdir("./59") = 0 [pid 697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 697] setpgid(0, 0) = 0 [pid 697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 697] write(3, "1000", 4) = 4 [pid 697] close(3) = 0 [pid 697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 697] write(1, "executing program\n", 18executing program ) = 18 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 697] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[698]}, 88) = 698 [pid 697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 698 attached [pid 698] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 698] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] ioctl(3, VHOST_SET_VRING_KICK [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] <... ioctl resumed>, 0x200000000000) = 0 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 698] memfd_create("syzkaller", 0) = 5 [pid 698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 698] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 698] munmap(0x7fc6d067d000, 138412032) = 0 [pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 698] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 698] close(5) = 0 [pid 698] close(6) = 0 [pid 698] mkdir("./file0", 0777) = 0 [pid 698] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 698] chdir("./file0") = 0 [pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 698] ioctl(6, LOOP_CLR_FD) = 0 [pid 698] close(6) = 0 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] write(6, "#! ./file1\n", 11) = 11 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 698] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 697] <... futex resumed>) = ? [pid 698] +++ killed by SIGBUS +++ [pid 697] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=697, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 34.168397][ T698] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.202791][ T699] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-698: bg 0: block 234: padding at end of block bitmap is not set umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 703 attached , child_tidptr=0x55558c358690) = 703 [pid 703] set_robust_list(0x55558c3586a0, 24) = 0 [pid 703] chdir("./60") = 0 [pid 703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 703] setpgid(0, 0) = 0 [pid 703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 703] write(3, "1000", 4) = 4 [pid 703] close(3) = 0 [pid 703] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 703] write(1, "executing program\n", 18) = 18 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 703] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 703] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 703] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 704 attached [pid 704] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 704] rt_sigprocmask(SIG_SETMASK, [], [pid 703] <... clone3 resumed> => {parent_tid=[704]}, 88) = 704 [pid 704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 704] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 704] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] <... futex resumed>) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] eventfd2(118, EFD_SEMAPHORE [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... eventfd2 resumed>) = 4 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] ioctl(3, VHOST_SET_VRING_ERR [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 704] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] <... futex resumed>) = 0 [pid 703] <... futex resumed>) = 1 [pid 704] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 704] <... futex resumed>) = 0 [pid 704] ioctl(3, VHOST_SET_VRING_KICK [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] <... ioctl resumed>, 0x200000000000) = 0 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 704] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... futex resumed>) = 0 [pid 704] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 704] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 704] memfd_create("syzkaller", 0) = 5 [pid 704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 704] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 704] munmap(0x7fc6d067d000, 138412032) = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 704] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 704] close(5) = 0 [pid 704] close(6) = 0 [pid 704] mkdir("./file0", 0777) = 0 [pid 704] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 704] chdir("./file0") = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 704] ioctl(6, LOOP_CLR_FD) = 0 [pid 704] close(6) = 0 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] write(6, "#! ./file1\n", 11) = 11 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 704] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 704] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 703] <... futex resumed>) = 0 [pid 703] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 703] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... futex resumed>) = 0 [pid 704] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 703] <... futex resumed>) = ? [pid 704] +++ killed by SIGBUS +++ [pid 703] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=703, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 34.343769][ T704] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.376684][ T705] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-704: bg 0: block 234: padding at end of block bitmap is not set umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 709 attached , child_tidptr=0x55558c358690) = 709 [pid 709] set_robust_list(0x55558c3586a0, 24) = 0 [pid 709] chdir("./61") = 0 [pid 709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 709] setpgid(0, 0) = 0 [pid 709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 709] write(3, "1000", 4) = 4 [pid 709] close(3) = 0 [pid 709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 709] write(1, "executing program\n", 18executing program ) = 18 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 709] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 709] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 710 attached => {parent_tid=[710]}, 88) = 710 [pid 710] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 710] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 710] <... futex resumed>) = 0 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... futex resumed>) = 0 [pid 709] <... futex resumed>) = 1 [pid 710] ioctl(3, VHOST_SET_OWNER [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... ioctl resumed>, 0) = 0 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 710] <... futex resumed>) = 0 [pid 710] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... futex resumed>) = 0 [pid 709] <... futex resumed>) = 1 [pid 710] ioctl(3, VHOST_SET_MEM_TABLE [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... ioctl resumed>, 0x200000003380) = 0 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 710] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 710] <... futex resumed>) = 0 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 710] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 709] <... futex resumed>) = 0 [pid 710] ioctl(3, VHOST_SET_VRING_ERR [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 710] ioctl(3, VHOST_SET_VRING_ADDR [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... ioctl resumed>, 0x200000000240) = 0 [pid 709] <... futex resumed>) = 0 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 0 [pid 709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 710] ioctl(3, VHOST_SET_VRING_KICK [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... ioctl resumed>, 0x200000000000) = 0 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 710] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 709] <... futex resumed>) = 0 [pid 710] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... ioctl resumed>, 0x200000000140) = 0 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] <... futex resumed>) = 0 [pid 710] memfd_create("syzkaller", 0 [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... memfd_create resumed>) = 5 [pid 709] <... futex resumed>) = 0 [pid 710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 710] <... mmap resumed>) = 0x7fc6d067d000 [pid 710] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 710] munmap(0x7fc6d067d000, 138412032) = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 710] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 710] close(5) = 0 [pid 710] close(6) = 0 [pid 710] mkdir("./file0", 0777) = 0 [pid 710] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 710] chdir("./file0") = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 710] ioctl(6, LOOP_CLR_FD) = 0 [pid 710] close(6) = 0 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 1 [pid 710] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 1 [pid 710] write(6, "#! ./file1\n", 11) = 11 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 1 [pid 710] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 710] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 709] <... futex resumed>) = 0 [pid 709] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 1 [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 709] <... futex resumed>) = ? [pid 710] +++ killed by SIGBUS +++ [pid 709] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=709, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 34.488139][ T710] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.520054][ T711] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-710: bg 0: block 234: padding at end of block bitmap is not set umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 715 attached , child_tidptr=0x55558c358690) = 715 [pid 715] set_robust_list(0x55558c3586a0, 24) = 0 [pid 715] chdir("./62") = 0 [pid 715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 715] setpgid(0, 0) = 0 [pid 715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 715] write(3, "1000", 4) = 4 [pid 715] close(3) = 0 [pid 715] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 715] write(1, "executing program\n", 18) = 18 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 715] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 715] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 715] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[716]}, 88) = 716 [pid 715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 716 attached [pid 716] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 716] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 716] memfd_create("syzkaller", 0) = 5 [pid 716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 716] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 716] munmap(0x7fc6d067d000, 138412032) = 0 [pid 716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 716] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 716] close(5) = 0 [pid 716] close(6) = 0 [pid 716] mkdir("./file0", 0777) = 0 [pid 716] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 716] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 716] chdir("./file0") = 0 [pid 716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 716] ioctl(6, LOOP_CLR_FD) = 0 [pid 716] close(6) = 0 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] write(6, "#! ./file1\n", 11) = 11 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 716] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 716] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 715] <... futex resumed>) = 0 [pid 715] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 715] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] <... futex resumed>) = 0 [pid 716] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 715] <... futex resumed>) = ? [pid 716] +++ killed by SIGBUS +++ [pid 715] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=715, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 34.637851][ T716] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.670472][ T717] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-716: bg 0: block 234: padding at end of block bitmap is not set umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 721 ./strace-static-x86_64: Process 721 attached [pid 721] set_robust_list(0x55558c3586a0, 24) = 0 [pid 721] chdir("./63") = 0 [pid 721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 721] setpgid(0, 0) = 0 [pid 721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 721] write(3, "1000", 4) = 4 [pid 721] close(3) = 0 [pid 721] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 721] write(1, "executing program\n", 18) = 18 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 721] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 721] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 722 attached => {parent_tid=[722]}, 88) = 722 [pid 722] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 722] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 722] <... futex resumed>) = 0 [pid 721] <... futex resumed>) = 1 [pid 722] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... openat resumed>) = 3 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 722] ioctl(3, VHOST_SET_OWNER [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... ioctl resumed>, 0) = 0 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 722] memfd_create("syzkaller", 0) = 5 [pid 722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 722] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 722] munmap(0x7fc6d067d000, 138412032) = 0 [pid 722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 722] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 722] close(5) = 0 [pid 722] close(6) = 0 [pid 722] mkdir("./file0", 0777) = 0 [pid 722] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 722] chdir("./file0") = 0 [pid 722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 722] ioctl(6, LOOP_CLR_FD) = 0 [pid 722] close(6) = 0 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] write(6, "#! ./file1\n", 11) = 11 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 722] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 721] <... futex resumed>) = 0 [pid 721] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 721] <... futex resumed>) = ? [pid 722] +++ killed by SIGBUS +++ [pid 721] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=721, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 34.808314][ T722] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.842591][ T723] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-722: bg 0: block 234: padding at end of block bitmap is not set umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 727 ./strace-static-x86_64: Process 727 attached [pid 727] set_robust_list(0x55558c3586a0, 24) = 0 [pid 727] chdir("./64") = 0 [pid 727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 727] setpgid(0, 0) = 0 [pid 727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 727] write(3, "1000", 4) = 4 [pid 727] close(3) = 0 [pid 727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 727] write(1, "executing program\n", 18executing program ) = 18 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 727] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 727] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 727] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 728 attached => {parent_tid=[728]}, 88) = 728 [pid 728] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 728] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = 1 [pid 728] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = 1 [pid 728] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = 1 [pid 728] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 728] <... futex resumed>) = 0 [pid 728] ioctl(3, VHOST_SET_MEM_TABLE [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... ioctl resumed>, 0x200000003380) = 0 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 728] eventfd2(118, EFD_SEMAPHORE [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] <... eventfd2 resumed>) = 4 [pid 727] <... futex resumed>) = 0 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 728] ioctl(3, VHOST_SET_VRING_ERR [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 727] <... futex resumed>) = 0 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 728] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 727] <... futex resumed>) = 0 [pid 728] ioctl(3, VHOST_SET_VRING_ADDR [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... ioctl resumed>, 0x200000000240) = 0 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 728] ioctl(3, VHOST_SET_VRING_KICK [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] <... ioctl resumed>, 0x200000000000) = 0 [pid 727] <... futex resumed>) = 0 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 728] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 727] <... futex resumed>) = 0 [pid 728] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... ioctl resumed>, 0x200000000140) = 0 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 727] <... futex resumed>) = 0 [pid 728] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = 1 [pid 728] memfd_create("syzkaller", 0 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 728] <... memfd_create resumed>) = 5 [pid 728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 728] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 728] munmap(0x7fc6d067d000, 138412032) = 0 [pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 728] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 728] close(5) = 0 [pid 728] close(6) = 0 [pid 728] mkdir("./file0", 0777) = 0 [pid 728] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 728] chdir("./file0") = 0 [pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 728] ioctl(6, LOOP_CLR_FD) = 0 [pid 728] close(6) = 0 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 1 [pid 728] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 1 [pid 728] write(6, "#! ./file1\n", 11) = 11 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 1 [pid 728] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 728] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] <... futex resumed>) = 0 [pid 727] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 1 [pid 728] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 727] <... futex resumed>) = ? [pid 728] +++ killed by SIGBUS +++ [pid 727] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=727, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 [ 34.968207][ T728] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.999287][ T729] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-728: bg 0: block 234: padding at end of block bitmap is not set umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 733 attached , child_tidptr=0x55558c358690) = 733 [pid 733] set_robust_list(0x55558c3586a0, 24) = 0 [pid 733] chdir("./65") = 0 [pid 733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 733] setpgid(0, 0) = 0 [pid 733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 733] write(3, "1000", 4) = 4 [pid 733] close(3) = 0 [pid 733] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 733] write(1, "executing program\n", 18) = 18 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 733] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 733] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 734 attached => {parent_tid=[734]}, 88) = 734 [pid 734] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 734] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 734] <... futex resumed>) = 0 [pid 733] <... futex resumed>) = 1 [pid 734] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... openat resumed>) = 3 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 734] ioctl(3, VHOST_SET_OWNER [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... ioctl resumed>, 0) = 0 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 734] memfd_create("syzkaller", 0) = 5 [pid 734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 734] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 734] munmap(0x7fc6d067d000, 138412032) = 0 [pid 734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 734] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 734] close(5) = 0 [pid 734] close(6) = 0 [pid 734] mkdir("./file0", 0777) = 0 [pid 734] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 734] chdir("./file0") = 0 [pid 734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 734] ioctl(6, LOOP_CLR_FD) = 0 [pid 734] close(6) = 0 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 734] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 734] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] write(6, "#! ./file1\n", 11) = 11 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 734] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 734] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = 0 [pid 734] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 733] <... futex resumed>) = ? [pid 734] +++ killed by SIGBUS +++ [pid 733] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=733, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 35.128673][ T734] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.163007][ T735] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-734: bg 0: block 234: padding at end of block bitmap is not set umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 739 ./strace-static-x86_64: Process 739 attached [pid 739] set_robust_list(0x55558c3586a0, 24) = 0 [pid 739] chdir("./66") = 0 [pid 739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 739] setpgid(0, 0) = 0 [pid 739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 739] write(3, "1000", 4) = 4 [pid 739] close(3) = 0 executing program [pid 739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 739] write(1, "executing program\n", 18) = 18 [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 739] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 739] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 740 attached [pid 740] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 740] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 739] <... clone3 resumed> => {parent_tid=[740]}, 88) = 740 [pid 739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... futex resumed>) = 0 [pid 739] <... futex resumed>) = 1 [pid 740] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 740] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... futex resumed>) = 0 [pid 739] <... futex resumed>) = 1 [pid 740] ioctl(3, VHOST_SET_OWNER [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... ioctl resumed>, 0) = 0 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 740] ioctl(3, VHOST_SET_VRING_ADDR [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... ioctl resumed>, 0x200000000300) = 0 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] <... futex resumed>) = 0 [pid 740] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... futex resumed>) = 0 [pid 739] <... futex resumed>) = 1 [pid 740] ioctl(3, VHOST_SET_MEM_TABLE [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... ioctl resumed>, 0x200000003380) = 0 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 740] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... futex resumed>) = 0 [pid 739] <... futex resumed>) = 1 [pid 740] eventfd2(118, EFD_SEMAPHORE [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... eventfd2 resumed>) = 4 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 740] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 739] <... futex resumed>) = 0 [pid 740] ioctl(3, VHOST_SET_VRING_ERR [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 740] ioctl(3, VHOST_SET_VRING_ADDR [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... ioctl resumed>, 0x200000000240) = 0 [pid 739] <... futex resumed>) = 0 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 740] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... futex resumed>) = 0 [pid 739] <... futex resumed>) = 1 [pid 740] ioctl(3, VHOST_SET_VRING_KICK [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... ioctl resumed>, 0x200000000000) = 0 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 739] <... futex resumed>) = 0 [pid 740] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... ioctl resumed>, 0x200000000140) = 0 [pid 739] <... futex resumed>) = 0 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 0 [pid 739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 740] memfd_create("syzkaller", 0 [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 740] <... memfd_create resumed>) = 5 [pid 739] <... futex resumed>) = 0 [pid 740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 740] <... mmap resumed>) = 0x7fc6d067d000 [pid 740] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 740] munmap(0x7fc6d067d000, 138412032) = 0 [pid 740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 740] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 740] close(5) = 0 [pid 740] close(6) = 0 [pid 740] mkdir("./file0", 0777) = 0 [pid 740] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 740] chdir("./file0") = 0 [pid 740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 740] ioctl(6, LOOP_CLR_FD) = 0 [pid 740] close(6) = 0 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] write(6, "#! ./file1\n", 11) = 11 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 740] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 739] <... futex resumed>) = 0 [pid 739] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 739] <... futex resumed>) = ? [pid 740] +++ killed by SIGBUS +++ [pid 739] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=739, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 [ 35.268253][ T740] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.298727][ T741] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-740: bg 0: block 234: padding at end of block bitmap is not set umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 745 attached , child_tidptr=0x55558c358690) = 745 [pid 745] set_robust_list(0x55558c3586a0, 24) = 0 [pid 745] chdir("./67") = 0 [pid 745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 745] setpgid(0, 0) = 0 [pid 745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 745] write(3, "1000", 4) = 4 [pid 745] close(3) = 0 [pid 745] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 745] write(1, "executing program\n", 18) = 18 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 745] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 746 attached [pid 746] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] <... clone3 resumed> => {parent_tid=[746]}, 88) = 746 [pid 745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 745] <... futex resumed>) = 1 [pid 746] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] <... futex resumed>) = 0 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 745] <... futex resumed>) = 1 [pid 746] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 745] <... futex resumed>) = 1 [pid 746] ioctl(3, VHOST_SET_MEM_TABLE [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... ioctl resumed>, 0x200000003380) = 0 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 745] <... futex resumed>) = 1 [pid 746] eventfd2(118, EFD_SEMAPHORE [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... eventfd2 resumed>) = 4 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 746] <... futex resumed>) = 0 [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 745] <... futex resumed>) = 0 [pid 746] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 745] <... futex resumed>) = 1 [pid 746] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] <... futex resumed>) = 0 [pid 746] ioctl(3, VHOST_SET_VRING_KICK [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... ioctl resumed>, 0x200000000000) = 0 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 746] <... futex resumed>) = 0 [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 746] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 745] <... futex resumed>) = 0 [pid 746] <... ioctl resumed>, 0x200000000140) = 0 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... futex resumed>) = 0 [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 745] <... futex resumed>) = 1 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 746] memfd_create("syzkaller", 0) = 5 [pid 746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 746] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 746] munmap(0x7fc6d067d000, 138412032) = 0 [pid 746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 746] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 746] close(5) = 0 [pid 746] close(6) = 0 [pid 746] mkdir("./file0", 0777) = 0 [pid 746] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 746] chdir("./file0") = 0 [pid 746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 746] ioctl(6, LOOP_CLR_FD) = 0 [pid 746] close(6) = 0 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] write(6, "#! ./file1\n", 11) = 11 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 746] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 745] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... futex resumed>) = 0 [pid 746] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 745] <... futex resumed>) = ? [pid 746] +++ killed by SIGBUS +++ [pid 745] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=745, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 35.415686][ T746] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.449018][ T747] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-746: bg 0: block 234: padding at end of block bitmap is not set umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 751 ./strace-static-x86_64: Process 751 attached [pid 751] set_robust_list(0x55558c3586a0, 24) = 0 [pid 751] chdir("./68") = 0 [pid 751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 751] setpgid(0, 0) = 0 [pid 751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 751] write(3, "1000", 4) = 4 [pid 751] close(3) = 0 [pid 751] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 751] write(1, "executing program\n", 18) = 18 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 751] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 751] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[752]}, 88) = 752 [pid 751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 752 attached [pid 752] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 752] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 752] memfd_create("syzkaller", 0) = 5 [pid 752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 752] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 752] munmap(0x7fc6d067d000, 138412032) = 0 [pid 752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 752] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 752] close(5) = 0 [pid 752] close(6) = 0 [pid 752] mkdir("./file0", 0777) = 0 [pid 752] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 752] chdir("./file0") = 0 [pid 752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 752] ioctl(6, LOOP_CLR_FD) = 0 [pid 752] close(6) = 0 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] write(6, "#! ./file1\n", 11) = 11 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 752] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 752] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 751] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... futex resumed>) = 0 [pid 752] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 751] <... futex resumed>) = ? [pid 752] +++ killed by SIGBUS +++ [pid 751] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=751, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 [ 35.584972][ T752] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.617968][ T753] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-752: bg 0: block 234: padding at end of block bitmap is not set umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 757 ./strace-static-x86_64: Process 757 attached [pid 757] set_robust_list(0x55558c3586a0, 24) = 0 [pid 757] chdir("./69") = 0 [pid 757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 757] setpgid(0, 0) = 0 [pid 757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 757] write(3, "1000", 4) = 4 [pid 757] close(3) = 0 [pid 757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 757] write(1, "executing program\n", 18executing program ) = 18 [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 757] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 757] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 758 attached => {parent_tid=[758]}, 88) = 758 [pid 758] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... futex resumed>) = 0 [pid 758] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... futex resumed>) = 0 [pid 758] ioctl(3, VHOST_SET_OWNER [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... ioctl resumed>, 0) = 0 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... futex resumed>) = 0 [pid 758] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... futex resumed>) = 0 [pid 758] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... futex resumed>) = 0 [pid 758] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... futex resumed>) = 0 [pid 758] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... futex resumed>) = 0 [pid 758] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] <... futex resumed>) = 0 [pid 757] <... futex resumed>) = 1 [pid 758] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] <... futex resumed>) = 0 [pid 757] <... futex resumed>) = 1 [pid 758] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] <... futex resumed>) = 0 [pid 757] <... futex resumed>) = 1 [pid 758] memfd_create("syzkaller", 0 [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 758] <... memfd_create resumed>) = 5 [pid 758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 758] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 758] munmap(0x7fc6d067d000, 138412032) = 0 [pid 758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 758] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 758] close(5) = 0 [pid 758] close(6) = 0 [pid 758] mkdir("./file0", 0777) = 0 [pid 758] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 758] chdir("./file0") = 0 [pid 758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 758] ioctl(6, LOOP_CLR_FD) = 0 [pid 758] close(6) = 0 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... futex resumed>) = 0 [pid 758] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... futex resumed>) = 1 [pid 758] write(6, "#! ./file1\n", 11) = 11 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... futex resumed>) = 1 [pid 758] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 758] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... futex resumed>) = 1 [pid 758] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 757] <... futex resumed>) = ? [pid 758] +++ killed by SIGBUS +++ [pid 757] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=757, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 [ 35.758462][ T758] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.790195][ T759] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-758: bg 0: block 234: padding at end of block bitmap is not set umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 763 ./strace-static-x86_64: Process 763 attached [pid 763] set_robust_list(0x55558c3586a0, 24) = 0 [pid 763] chdir("./70") = 0 [pid 763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 763] setpgid(0, 0) = 0 [pid 763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 763] write(3, "1000", 4) = 4 [pid 763] close(3) = 0 [pid 763] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 763] write(1, "executing program\n", 18) = 18 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 763] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 763] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[764]}, 88) = 764 [pid 763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 764 attached [pid 764] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 764] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 764] memfd_create("syzkaller", 0) = 5 [pid 764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 764] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 764] munmap(0x7fc6d067d000, 138412032) = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 764] close(5) = 0 [pid 764] close(6) = 0 [pid 764] mkdir("./file0", 0777) = 0 [pid 764] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 764] chdir("./file0") = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_CLR_FD) = 0 [pid 764] close(6) = 0 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 764] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] <... futex resumed>) = 0 [pid 764] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] write(6, "#! ./file1\n", 11 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] <... write resumed>) = 11 [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] <... mmap resumed>) = 0x200000000000 [ 35.948292][ T764] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 764] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 764] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 763] <... futex resumed>) = ? [pid 764] +++ killed by SIGBUS +++ [pid 763] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=763, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 [ 35.990185][ T765] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-764: bg 0: block 234: padding at end of block bitmap is not set getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 769 attached , child_tidptr=0x55558c358690) = 769 [pid 769] set_robust_list(0x55558c3586a0, 24) = 0 [pid 769] chdir("./71") = 0 [pid 769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 769] setpgid(0, 0) = 0 [pid 769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 769] write(3, "1000", 4) = 4 [pid 769] close(3) = 0 [pid 769] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 769] write(1, "executing program\n", 18) = 18 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 769] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[770]}, 88) = 770 ./strace-static-x86_64: Process 770 attached [pid 769] rt_sigprocmask(SIG_SETMASK, [], [pid 770] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 770] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 770] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 770] ioctl(3, VHOST_SET_VRING_ADDR [pid 769] <... futex resumed>) = 0 [pid 770] <... ioctl resumed>, 0x200000000300) = 0 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] <... futex resumed>) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 770] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 770] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 770] ioctl(3, VHOST_SET_VRING_ADDR [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] <... ioctl resumed>, 0x200000000240) = 0 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 770] <... futex resumed>) = 0 [pid 770] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 770] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 770] <... futex resumed>) = 0 [pid 769] <... futex resumed>) = 1 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 770] memfd_create("syzkaller", 0) = 5 [pid 770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 770] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 770] munmap(0x7fc6d067d000, 138412032) = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 770] close(5) = 0 [pid 770] close(6) = 0 [pid 770] mkdir("./file0", 0777) = 0 [pid 770] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 770] chdir("./file0") = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_CLR_FD) = 0 [pid 770] close(6) = 0 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] write(6, "#! ./file1\n", 11) = 11 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 770] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 770] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 769] <... futex resumed>) = ? [pid 770] +++ killed by SIGBUS +++ [pid 769] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=769, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 36.105492][ T770] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.138723][ T771] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-770: bg 0: block 234: padding at end of block bitmap is not set umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558c358690) = 775 ./strace-static-x86_64: Process 775 attached [pid 775] set_robust_list(0x55558c3586a0, 24) = 0 [pid 775] chdir("./72") = 0 [pid 775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 775] setpgid(0, 0) = 0 [pid 775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 775] write(3, "1000", 4) = 4 [pid 775] close(3) = 0 [pid 775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 775] write(1, "executing program\n", 18executing program ) = 18 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 775] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 775] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[776]}, 88) = 776 [pid 775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 776 attached [pid 776] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 776] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 776] ioctl(3, VHOST_SET_VRING_ERR [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 776] memfd_create("syzkaller", 0) = 5 [pid 776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 776] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 776] munmap(0x7fc6d067d000, 138412032) = 0 [pid 776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 776] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 776] close(5) = 0 [pid 776] close(6) = 0 [pid 776] mkdir("./file0", 0777) = 0 [pid 776] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 776] chdir("./file0") = 0 [pid 776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 776] ioctl(6, LOOP_CLR_FD) = 0 [pid 776] close(6) = 0 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] write(6, "#! ./file1\n", 11) = 11 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 776] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] <... mmap resumed>) = 0x200000000000 [pid 776] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 775] <... futex resumed>) = ? [pid 776] +++ killed by SIGBUS +++ [pid 775] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=775, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 36.278278][ T776] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.310367][ T777] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-776: bg 0: block 234: padding at end of block bitmap is not set umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 781 attached , child_tidptr=0x55558c358690) = 781 [pid 781] set_robust_list(0x55558c3586a0, 24) = 0 [pid 781] chdir("./73") = 0 [pid 781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 781] setpgid(0, 0) = 0 [pid 781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 781] write(3, "1000", 4) = 4 [pid 781] close(3) = 0 [pid 781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 781] write(1, "executing program\n", 18executing program ) = 18 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 781] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[782]}, 88) = 782 [pid 781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 782 attached [pid 782] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 782] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 782] memfd_create("syzkaller", 0) = 5 [pid 782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 782] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 782] munmap(0x7fc6d067d000, 138412032) = 0 [pid 782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 782] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 782] close(5) = 0 [pid 782] close(6) = 0 [pid 782] mkdir("./file0", 0777) = 0 [pid 782] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 782] chdir("./file0") = 0 [pid 782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 782] ioctl(6, LOOP_CLR_FD) = 0 [pid 782] close(6) = 0 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] write(6, "#! ./file1\n", 11) = 11 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 782] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 782] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 781] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] <... futex resumed>) = 0 [pid 782] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 781] <... futex resumed>) = ? [pid 782] +++ killed by SIGBUS +++ [pid 781] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=781, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 36.432841][ T782] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.465532][ T783] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-782: bg 0: block 234: padding at end of block bitmap is not set umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 787 attached , child_tidptr=0x55558c358690) = 787 [pid 787] set_robust_list(0x55558c3586a0, 24) = 0 [pid 787] chdir("./74") = 0 [pid 787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 787] setpgid(0, 0) = 0 [pid 787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 787] write(3, "1000", 4) = 4 [pid 787] close(3) = 0 [pid 787] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 787] write(1, "executing program\n", 18) = 18 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 787] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 787] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 787] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 787] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 788 attached [pid 788] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 788] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] <... clone3 resumed> => {parent_tid=[788]}, 88) = 788 [pid 787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] <... futex resumed>) = 0 [pid 787] <... futex resumed>) = 1 [pid 788] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 788] <... futex resumed>) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 788] ioctl(3, VHOST_SET_VRING_ERR [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 788] ioctl(3, VHOST_SET_VRING_KICK [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... ioctl resumed>, 0x200000000000) = 0 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... ioctl resumed>, 0x200000000140) = 0 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 788] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 788] memfd_create("syzkaller", 0) = 5 [pid 788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 788] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 788] munmap(0x7fc6d067d000, 138412032) = 0 [pid 788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 788] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 788] close(5) = 0 [pid 788] close(6) = 0 [pid 788] mkdir("./file0", 0777) = 0 [pid 788] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 788] chdir("./file0") = 0 [pid 788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 788] ioctl(6, LOOP_CLR_FD) = 0 [pid 788] close(6) = 0 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] write(6, "#! ./file1\n", 11) = 11 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] <... futex resumed>) = 0 [pid 788] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... mmap resumed>) = 0x200000000000 [pid 788] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 788] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 787] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 788] <... futex resumed>) = 0 [pid 788] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 787] <... futex resumed>) = ? [pid 788] +++ killed by SIGBUS +++ [pid 787] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=787, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 36.638355][ T788] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.670425][ T789] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-788: bg 0: block 234: padding at end of block bitmap is not set umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 793 attached , child_tidptr=0x55558c358690) = 793 [pid 793] set_robust_list(0x55558c3586a0, 24) = 0 [pid 793] chdir("./75") = 0 [pid 793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 793] setpgid(0, 0) = 0 [pid 793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 793] write(3, "1000", 4) = 4 [pid 793] close(3) = 0 [pid 793] symlink("/dev/binderfs", "./binderfs") = 0 [pid 793] write(1, "executing program\n", 18executing program ) = 18 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 793] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 793] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0} => {parent_tid=[794]}, 88) = 794 [pid 793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 794 attached [pid 794] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 794] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 794] memfd_create("syzkaller", 0) = 5 [pid 794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 794] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 794] munmap(0x7fc6d067d000, 138412032) = 0 [pid 794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 794] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 794] close(5) = 0 [pid 794] close(6) = 0 [pid 794] mkdir("./file0", 0777) = 0 [pid 794] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 794] chdir("./file0") = 0 [pid 794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 794] ioctl(6, LOOP_CLR_FD) = 0 [pid 794] close(6) = 0 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] write(6, "#! ./file1\n", 11) = 11 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 794] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 794] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] <... futex resumed>) = 0 [pid 794] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000280} --- [pid 793] <... futex resumed>) = ? [pid 794] +++ killed by SIGBUS +++ [pid 793] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=793, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 [ 36.798223][ T794] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 36.831402][ T795] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-794: bg 0: block 234: padding at end of block bitmap is not set umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558c361770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558c361770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x55558c359730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 799 attached , child_tidptr=0x55558c358690) = 799 [pid 799] set_robust_list(0x55558c3586a0, 24) = 0 [pid 799] chdir("./76") = 0 [pid 799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 799] setpgid(0, 0) = 0 [pid 799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 799] write(3, "1000", 4) = 4 [pid 799] close(3) = 0 [pid 799] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 799] write(1, "executing program\n", 18) = 18 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d8b075b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d8af8760}, NULL, 8) = 0 [pid 799] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc6d8a7d000 [pid 799] mprotect(0x7fc6d8a7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 799] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc6d8a9d990, parent_tid=0x7fc6d8a9d990, exit_signal=0, stack=0x7fc6d8a7d000, stack_size=0x20300, tls=0x7fc6d8a9d6c0}./strace-static-x86_64: Process 800 attached [pid 800] set_robust_list(0x7fc6d8a9d9a0, 24) = 0 [pid 800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 800] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 799] <... clone3 resumed> => {parent_tid=[800]}, 88) = 800 [pid 799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 800] <... futex resumed>) = 0 [pid 800] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 800] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 800] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] eventfd2(118, EFD_SEMAPHORE [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... eventfd2 resumed>) = 4 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] ioctl(3, VHOST_SET_VRING_KICK [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... ioctl resumed>, 0x200000000000) = 0 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 800] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 800] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] <... futex resumed>) = 0 [pid 800] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 800] memfd_create("syzkaller", 0) = 5 [pid 800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d067d000 [pid 800] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 800] munmap(0x7fc6d067d000, 138412032) = 0 [pid 800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 800] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 800] close(5) = 0 [pid 800] close(6) = 0 [pid 800] mkdir("./file0", 0777) = 0 [pid 800] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"...) = 0 [pid 800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 800] chdir("./file0") = 0 [pid 800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 800] ioctl(6, LOOP_CLR_FD) = 0 [pid 800] close(6) = 0 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 800] futex(0x7fc6d8b696c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... futex resumed>) = 0 [pid 800] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... futex resumed>) = 1 [pid 800] write(6, "#! ./file1\n", 11) = 11 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... futex resumed>) = 1 [pid 800] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fc6d8b696c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fc6d8b696cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] <... futex resumed>) = 1 [pid 800] ioctl(-1, KVM_SET_IRQCHIP, 0x200000000280) = -1 EBADF (Bad file descriptor) [pid 800] futex(0x7fc6d8b696cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... futex resumed>) = 0 [pid 799] exit_group(0) = ? [pid 800] <... futex resumed>) = ? [pid 800] +++ exited with 0 +++ [pid 799] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=799, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558c359730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 [ 37.098107][ T800] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 37.126667][ T801] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm vhost-800: bg 0: block 234: padding at end of block bitmap is not set [ 37.152208][ T7] ------------[ cut here ]------------ [ 37.158048][ T7] kernel BUG at fs/ext4/inode.c:2844! [ 37.163743][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 37.170003][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0 [ 37.180194][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 37.190597][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 37.196741][ T7] RIP: 0010:ext4_writepages+0x2f83/0x2fb0 [ 37.202534][ T7] Code: 0f 94 c6 bf 02 00 00 00 e8 6a 29 a1 ff 84 db 75 2e e8 11 27 a1 ff 49 bc 00 00 00 00 00 fc ff df e9 47 f9 ff ff e8 fd 26 a1 ff <0f> 0b e8 f6 26 a1 ff 0f 0b e8 ef 26 a1 ff e8 ba ef 41 ff eb 9b e8 [ 37.222580][ T7] RSP: 0018:ffff8881f5db71a0 EFLAGS: 00010293 [ 37.228730][ T7] RAX: ffffffff81be57e3 RBX: 0000010410000000 RCX: ffff8881f5d6af40 [ 37.236898][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 37.244855][ T7] RBP: ffff8881f5db74f0 R08: dffffc0000000000 R09: ffffed103b9eae7d [ 37.252811][ T7] R10: ffffed103b9eae7d R11: 1ffff1103b9eae7c R12: dffffc0000000000 [ 37.261062][ T7] R13: ffff8881f5db7810 R14: 0000010000000000 R15: ffff8881dcf574b8 [ 37.269290][ T7] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 37.278373][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.285029][ T7] CR2: 000055558c361738 CR3: 00000001ef205000 CR4: 00000000003406b0 [ 37.293121][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.301438][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.309521][ T7] Call Trace: [ 37.312893][ T7] ? __kasan_check_read+0x11/0x20 [ 37.317901][ T7] ? __find_get_block+0xab4/0xe90 [ 37.323038][ T7] ? write_boundary_block+0x140/0x140 [ 37.328392][ T7] ? ext4_readpage+0x310/0x310 [ 37.333164][ T7] ? ext4_get_group_desc+0x249/0x2a0 [ 37.338553][ T7] ? ext4_readpage+0x310/0x310 [ 37.343308][ T7] do_writepages+0x127/0x270 [ 37.347914][ T7] ? __writepage+0x120/0x120 [ 37.352910][ T7] ? __kasan_check_write+0x14/0x20 [ 37.358365][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 37.363583][ T7] ? __kasan_check_write+0x14/0x20 [ 37.368715][ T7] __writeback_single_inode+0xd9/0xc30 [ 37.374174][ T7] ? wbc_attach_and_unlock_inode+0x3b3/0x5b0 [ 37.380238][ T7] writeback_sb_inodes+0x94f/0x1700 [ 37.385635][ T7] ? _raw_spin_lock+0x8e/0xe0 [ 37.390399][ T7] ? queue_io+0x4e0/0x4e0 [ 37.395256][ T7] ? __kasan_check_read+0x11/0x20 [ 37.400273][ T7] wb_writeback+0x3e1/0xc20 [ 37.404978][ T7] ? wb_io_lists_depopulated+0x170/0x170 [ 37.410606][ T7] ? debug_smp_processor_id+0x20/0x20 [ 37.416110][ T7] ? check_preemption_disabled+0x9b/0x300 [ 37.421811][ T7] wb_workfn+0x375/0xf90 [ 37.426041][ T7] ? inode_wait_for_writeback+0x200/0x200 [ 37.432071][ T7] ? __kasan_check_read+0x11/0x20 [ 37.437451][ T7] ? switch_mm_irqs_off+0x37d/0x9b0 [ 37.442644][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 37.448187][ T7] ? finish_task_switch+0x12e/0x590 [ 37.453786][ T7] ? __schedule+0xa57/0x12a0 [ 37.458570][ T7] ? __kasan_check_read+0x11/0x20 [ 37.463981][ T7] ? read_word_at_a_time+0x12/0x20 [ 37.469181][ T7] ? strscpy+0x9b/0x290 [ 37.473321][ T7] process_one_work+0x73b/0xcc0 [ 37.478247][ T7] worker_thread+0xa5c/0x13b0 [ 37.482998][ T7] kthread+0x31e/0x3a0 [ 37.487395][ T7] ? worker_clr_flags+0x190/0x190 [ 37.492575][ T7] ? kthread_blkcg+0xd0/0xd0 [ 37.497236][ T7] ret_from_fork+0x1f/0x30 [ 37.501861][ T7] Modules linked in: [ 37.506640][ T7] ---[ end trace 8f9c1c8d9c0f0c7a ]--- [ 37.512391][ T7] RIP: 0010:ext4_writepages+0x2f83/0x2fb0 [ 37.518127][ T7] Code: 0f 94 c6 bf 02 00 00 00 e8 6a 29 a1 ff 84 db 75 2e e8 11 27 a1 ff 49 bc 00 00 00 00 00 fc ff df e9 47 f9 ff ff e8 fd 26 a1 ff <0f> 0b e8 f6 26 a1 ff 0f 0b e8 ef 26 a1 ff e8 ba ef 41 ff eb 9b e8 [ 37.538575][ T7] RSP: 0018:ffff8881f5db71a0 EFLAGS: 00010293 [ 37.544919][ T7] RAX: ffffffff81be57e3 RBX: 0000010410000000 RCX: ffff8881f5d6af40 [ 37.552954][ T7] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 37.560974][ T7] RBP: ffff8881f5db74f0 R08: dffffc0000000000 R09: ffffed103b9eae7d [ 37.569357][ T7] R10: ffffed103b9eae7d R11: 1ffff1103b9eae7c R12: dffffc0000000000 [ 37.577814][ T7] R13: ffff8881f5db7810 R14: 0000010000000000 R15: ffff8881dcf574b8 [ 37.585934][ T7] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 37.595148][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.601855][ T7] CR2: 000055558c361738 CR3: 00000001df7cb000 CR4: 00000000003406b0 [ 37.610024][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.618100][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.626769][ T7] Kernel panic - not syncing: Fatal exception [ 37.633528][ T7] Kernel Offset: disabled [ 37.638007][ T7] Rebooting in 86400 seconds..