./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor115201709 <...> Warning: Permanently added '10.128.1.133' (ED25519) to the list of known hosts. execve("./syz-executor115201709", ["./syz-executor115201709"], 0x7ffe2ea654c0 /* 10 vars */) = 0 brk(NULL) = 0x555562cb4000 brk(0x555562cb4d00) = 0x555562cb4d00 arch_prctl(ARCH_SET_FS, 0x555562cb4380) = 0 set_tid_address(0x555562cb4650) = 294 set_robust_list(0x555562cb4660, 24) = 0 rseq(0x555562cb4ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor115201709", 4096) = 27 getrandom("\x6b\x45\x00\x09\x49\x0a\x9e\x6e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555562cb4d00 brk(0x555562cd5d00) = 0x555562cd5d00 brk(0x555562cd6000) = 0x555562cd6000 mprotect(0x7fe35e00a000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555562cb4660, 24) = 0 [pid 299] mkdir("./syzkaller.y2HuFM", 0700./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 297 attached [pid 296] set_robust_list(0x555562cb4660, 24 [pid 295] set_robust_list(0x555562cb4660, 24./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x555562cb4660, 24) = 0 [pid 295] <... set_robust_list resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 295] mkdir("./syzkaller.glOof5", 0700 [pid 296] mkdir("./syzkaller.SHirc6", 0700 [pid 298] getrandom("\x5d\x2f\x8a\xa0\x8b\xd8\x8c\xc1", 8, GRND_NONBLOCK) = 8 [pid 298] mkdir("./syzkaller.dhqjDh", 0700 [pid 297] set_robust_list(0x555562cb4660, 24 [pid 299] <... mkdir resumed>) = 0 [pid 299] chmod("./syzkaller.y2HuFM", 0777) = 0 [pid 299] chdir("./syzkaller.y2HuFM") = 0 [pid 295] <... mkdir resumed>) = 0 [pid 295] chmod("./syzkaller.glOof5", 0777 [pid 297] <... set_robust_list resumed>) = 0 [pid 295] <... chmod resumed>) = 0 [pid 295] chdir("./syzkaller.glOof5") = 0 [pid 299] mkdir("./0", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 298] chmod("./syzkaller.dhqjDh", 0777) = 0 [pid 295] mkdir("./0", 0777 [pid 298] chdir("./syzkaller.dhqjDh") = 0 [pid 296] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 296] chmod("./syzkaller.SHirc6", 0777 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 298] mkdir("./0", 0777 [pid 295] <... openat resumed>) = 3 [pid 296] <... chmod resumed>) = 0 [ 33.006261][ T24] audit: type=1400 audit(1744417889.510:66): avc: denied { execmem } for pid=294 comm="syz-executor115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 295] ioctl(3, LOOP_CLR_FD [pid 299] <... mkdir resumed>) = 0 [pid 297] mkdir("./syzkaller.Mw3yRc", 0700 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... mkdir resumed>) = 0 [pid 296] chdir("./syzkaller.SHirc6" [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3 [pid 299] <... openat resumed>) = 3 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... close resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... chdir resumed>) = 0 [pid 296] mkdir("./0", 0777) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 300 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] <... mkdir resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] chmod("./syzkaller.Mw3yRc", 0777) = 0 [pid 297] chdir("./syzkaller.Mw3yRc") = 0 [pid 297] mkdir("./0", 0777 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 301 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 302 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555562cb4660, 24 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] <... openat resumed>) = 3 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 300 attached [pid 299] close(3 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 302 attached [pid 300] set_robust_list(0x555562cb4660, 24 [pid 299] <... close resumed>) = 0 [pid 298] close(3 [pid 302] set_robust_list(0x555562cb4660, 24 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] <... set_robust_list resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 300] chdir("./0" [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... set_robust_list resumed>) = 0 [pid 301] chdir("./0" [pid 302] chdir("./0" [pid 301] <... chdir resumed>) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0 [pid 300] <... chdir resumed>) = 0 [pid 301] <... setpgid resumed>) = 0 [pid 302] <... chdir resumed>) = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 303 [pid 298] <... clone resumed>, child_tidptr=0x555562cb4650) = 304 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555562cb4660, 24) = 0 [pid 303] chdir("./0") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 303] <... openat resumed>) = 3 [pid 301] <... openat resumed>) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [ 33.037525][ T24] audit: type=1400 audit(1744417889.540:67): avc: denied { read write } for pid=295 comm="syz-executor115" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 33.063186][ T24] audit: type=1400 audit(1744417889.540:68): avc: denied { open } for pid=295 comm="syz-executor115" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 303] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 301] ioctl(3, VHOST_SET_OWNER [pid 303] write(1, "executing program\n", 18) = 18 [pid 303] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 303] ioctl(3, VHOST_SET_OWNER [pid 301] <... ioctl resumed>, 0) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 301] ioctl(3, VHOST_SET_MEM_TABLE [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 304 attached ) = 0 [pid 300] <... prctl resumed>) = 0 [pid 301] <... ioctl resumed>, 0x200000003380) = 0 [pid 301] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 301] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 301] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 301] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 301] memfd_create("syzkaller", 0) = 5 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 304] set_robust_list(0x555562cb4660, 24 [pid 302] setpgid(0, 0 [pid 300] setpgid(0, 0 [pid 304] <... set_robust_list resumed>) = 0 [pid 303] <... ioctl resumed>, 0) = 0 [pid 302] <... setpgid resumed>) = 0 [pid 300] <... setpgid resumed>) = 0 [pid 303] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 303] ioctl(3, VHOST_SET_MEM_TABLE [ 33.090186][ T24] audit: type=1400 audit(1744417889.540:69): avc: denied { ioctl } for pid=295 comm="syz-executor115" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 33.121841][ T24] audit: type=1400 audit(1744417889.600:70): avc: denied { read write } for pid=301 comm="syz-executor115" name="vhost-vsock" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 301] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 304] chdir("./0" [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 304] <... chdir resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] <... ioctl resumed>, 0x200000003380) = 0 [pid 302] <... openat resumed>) = 3 [pid 300] write(3, "1000", 4 [pid 303] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 303] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 303] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 303] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 303] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 303] memfd_create("syzkaller", 0) = 5 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 303] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 304] setpgid(0, 0 [pid 302] write(3, "1000", 4 [pid 300] <... write resumed>) = 4 [pid 301] <... write resumed>) = 1048576 [pid 302] <... write resumed>) = 4 [pid 300] close(3 [pid 304] <... setpgid resumed>) = 0 [pid 302] close(3 [pid 300] <... close resumed>) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] <... close resumed>) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs" [pid 304] <... openat resumed>) = 3 [pid 300] <... symlink resumed>) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs" [pid 304] write(3, "1000", 4 [pid 300] write(1, "executing program\n", 18executing program [pid 304] <... write resumed>) = 4 [pid 302] <... symlink resumed>) = 0 [pid 300] <... write resumed>) = 18 [pid 304] close(3 [pid 302] write(1, "executing program\n", 18 [pid 300] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWRexecuting program [pid 304] <... close resumed>) = 0 [pid 302] <... write resumed>) = 18 [pid 300] <... openat resumed>) = 3 [pid 304] symlink("/dev/binderfs", "./binderfs" [pid 302] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 300] ioctl(3, VHOST_SET_OWNER [pid 304] <... symlink resumed>) = 0 executing program [pid 304] write(1, "executing program\n", 18 [pid 302] <... openat resumed>) = 3 [pid 304] <... write resumed>) = 18 [pid 302] ioctl(3, VHOST_SET_OWNER [pid 304] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 304] ioctl(3, VHOST_SET_OWNER [pid 301] munmap(0x7fe355b57000, 138412032) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 301] ioctl(6, LOOP_SET_FD, 5 [pid 304] <... ioctl resumed>, 0) = 0 [ 33.149116][ T24] audit: type=1400 audit(1744417889.600:71): avc: denied { open } for pid=301 comm="syz-executor115" path="/dev/vhost-vsock" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 33.180458][ T24] audit: type=1400 audit(1744417889.600:72): avc: denied { ioctl } for pid=301 comm="syz-executor115" path="/dev/vhost-vsock" dev="devtmpfs" ino=258 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 304] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 304] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 304] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 304] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 304] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 301] <... ioctl resumed>) = 0 [pid 304] <... ioctl resumed>, 0x200000000140) = 0 [pid 301] close(5) = 0 [pid 301] close(6 [pid 303] <... write resumed>) = 1048576 [pid 304] memfd_create("syzkaller", 0) = 5 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] <... ioctl resumed>, 0) = 0 [pid 304] <... mmap resumed>) = 0x7fe355b57000 [pid 300] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 302] <... ioctl resumed>, 0) = 0 [pid 302] ioctl(3, VHOST_SET_VRING_ADDR [pid 300] ioctl(3, VHOST_SET_MEM_TABLE [pid 302] <... ioctl resumed>, 0x200000000300) = 0 [pid 302] ioctl(3, VHOST_SET_MEM_TABLE [pid 300] <... ioctl resumed>, 0x200000003380) = 0 [pid 302] <... ioctl resumed>, 0x200000003380) = 0 [pid 300] eventfd2(118, EFD_SEMAPHORE [pid 302] eventfd2(118, EFD_SEMAPHORE [pid 300] <... eventfd2 resumed>) = 4 [pid 302] <... eventfd2 resumed>) = 4 [pid 300] ioctl(3, VHOST_SET_VRING_ERR [pid 302] ioctl(3, VHOST_SET_VRING_ERR [pid 303] munmap(0x7fe355b57000, 138412032 [pid 300] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 302] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 300] ioctl(3, VHOST_SET_VRING_ADDR [pid 302] ioctl(3, VHOST_SET_VRING_ADDR [pid 300] <... ioctl resumed>, 0x200000000240) = 0 [pid 302] <... ioctl resumed>, 0x200000000240) = 0 [pid 300] ioctl(3, VHOST_SET_VRING_KICK [pid 302] ioctl(3, VHOST_SET_VRING_KICK [pid 300] <... ioctl resumed>, 0x200000000000) = 0 [pid 302] <... ioctl resumed>, 0x200000000000) = 0 [pid 300] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 302] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 300] <... ioctl resumed>, 0x200000000140) = 0 [pid 302] <... ioctl resumed>, 0x200000000140) = 0 [pid 303] <... munmap resumed>) = 0 [pid 302] memfd_create("syzkaller", 0 [pid 300] memfd_create("syzkaller", 0 [pid 303] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 302] <... memfd_create resumed>) = 5 [pid 300] <... memfd_create resumed>) = 5 [pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 302] <... mmap resumed>) = 0x7fe355b57000 [pid 300] <... mmap resumed>) = 0x7fe355b57000 [pid 303] <... openat resumed>) = 6 [pid 301] <... close resumed>) = 0 [pid 301] mkdir("./file0", 0777 [pid 303] ioctl(6, LOOP_SET_FD, 5 [pid 301] <... mkdir resumed>) = 0 [pid 301] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 303] <... ioctl resumed>) = 0 [pid 300] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 303] close(5) = 0 [pid 303] close(6 [pid 302] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 300] <... write resumed>) = 1048576 [pid 300] munmap(0x7fe355b57000, 138412032) = 0 [ 33.314534][ T24] audit: type=1400 audit(1744417889.810:73): avc: denied { mounton } for pid=301 comm="syz-executor115" path="/root/syzkaller.SHirc6/0/file0" dev="sda1" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 304] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 303] <... close resumed>) = 0 [pid 300] <... openat resumed>) = 6 [pid 303] mkdir("./file0", 0777 [pid 300] ioctl(6, LOOP_SET_FD, 5 [pid 303] <... mkdir resumed>) = 0 [ 33.409271][ T301] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 303] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 304] <... write resumed>) = 1048576 [pid 304] munmap(0x7fe355b57000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 300] <... ioctl resumed>) = 0 [pid 300] close(5) = 0 [pid 300] close(6 [pid 302] <... write resumed>) = 1048576 [pid 302] munmap(0x7fe355b57000, 138412032) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 300] <... close resumed>) = 0 [pid 300] mkdir("./file0", 0777) = 0 [pid 300] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 303] <... mount resumed>) = 0 [pid 304] <... openat resumed>) = 6 [pid 302] <... openat resumed>) = 6 [pid 304] ioctl(6, LOOP_SET_FD, 5 [ 33.583469][ T303] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 302] ioctl(6, LOOP_SET_FD, 5 [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 304] <... ioctl resumed>) = 0 [pid 304] close(5) = 0 [pid 304] close(6 [pid 303] chdir("./file0") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 302] <... ioctl resumed>) = 0 [pid 302] close(5) = 0 [pid 302] close(6 [pid 304] <... close resumed>) = 0 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 301] <... mount resumed>) = 0 [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 301] chdir("./file0") = 0 [ 33.668040][ T24] audit: type=1400 audit(1744417890.130:74): avc: denied { mount } for pid=303 comm="syz-executor115" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 33.679105][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 301] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 303] <... openat resumed>) = 6 [pid 302] <... close resumed>) = 0 [pid 303] ioctl(6, LOOP_CLR_FD [pid 302] mkdir("./file0", 0777 [pid 301] <... openat resumed>) = 6 [pid 303] <... ioctl resumed>) = 0 [pid 302] <... mkdir resumed>) = 0 [pid 301] ioctl(6, LOOP_CLR_FD [pid 303] close(6 [pid 302] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 301] <... ioctl resumed>) = 0 [pid 303] <... close resumed>) = 0 [pid 301] close(6) = 0 [pid 301] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 303] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 301] <... openat resumed>) = 6 [pid 303] <... openat resumed>) = 6 [pid 301] write(6, "#! ./file1\n", 11 [pid 303] write(6, "#! ./file1\n", 11 [pid 301] <... write resumed>) = 11 [pid 303] <... write resumed>) = 11 [pid 301] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 303] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 301] <... mmap resumed>) = 0x200000000000 [pid 303] <... mmap resumed>) = 0x200000000000 [pid 303] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [ 33.792511][ T307] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-303: bg 0: block 234: padding at end of block bitmap is not set [ 33.794898][ T301] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 300] <... mount resumed>) = 0 [pid 300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 300] chdir("./file0") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 300] ioctl(6, LOOP_CLR_FD) = 0 [pid 300] close(6) = 0 [pid 300] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 300] write(6, "#! ./file1\n", 11) = 11 [pid 300] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.913114][ T304] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 300] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 304] <... mount resumed>) = 0 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 304] chdir("./file0") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 304] ioctl(6, LOOP_CLR_FD) = 0 [pid 304] close(6) = 0 [pid 304] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 304] write(6, "#! ./file1\n", 11) = 11 [pid 304] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 33.959260][ T24] audit: type=1400 audit(1744417890.290:75): avc: denied { write } for pid=301 comm="syz-executor115" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 33.962549][ T308] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-300: bg 0: block 234: padding at end of block bitmap is not set [pid 301] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=301, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 303] +++ killed by SIGBUS +++ [pid 302] <... mount resumed>) = 0 [pid 300] +++ killed by SIGBUS +++ [ 34.027973][ T302] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 34.050203][ T304] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=300, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=303, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 302] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... restart_syscall resumed>) = 0 [pid 295] <... restart_syscall resumed>) = 0 [pid 296] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 302] <... openat resumed>) = 5 [pid 296] newfstatat(3, "", [pid 295] newfstatat(3, "", [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 302] chdir("./file0" [pid 299] <... restart_syscall resumed>) = 0 [pid 296] getdents64(3, [pid 295] getdents64(3, [pid 302] <... chdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 302] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 302] <... openat resumed>) = 6 [pid 299] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 302] ioctl(6, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./0/binderfs", [pid 295] newfstatat(AT_FDCWD, "./0/binderfs", [pid 302] <... ioctl resumed>) = 0 [pid 299] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 302] close(6 [pid 299] <... openat resumed>) = 3 [pid 296] unlink("./0/binderfs" [pid 295] unlink("./0/binderfs" [pid 302] <... close resumed>) = 0 [pid 299] newfstatat(3, "", [pid 296] <... unlink resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 302] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 302] <... openat resumed>) = 6 [pid 299] getdents64(3, [pid 302] write(6, "#! ./file1\n", 11) = 11 [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 302] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 299] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./0/binderfs") = 0 [pid 299] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 304] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 298] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./0/binderfs") = 0 [ 34.141355][ T302] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 298] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 302] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 296] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./0/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./0") = 0 [pid 296] mkdir("./1", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 302] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=302, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./0/binderfs") = 0 [pid 297] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] close(3 [pid 295] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", [pid 298] <... umount2 resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./0/file0") = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./0") = 0 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 335 [pid 295] mkdir("./1", 0777) = 0 [pid 299] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 335 attached [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 335] set_robust_list(0x555562cb4660, 24 [pid 299] newfstatat(AT_FDCWD, "./0/file0", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 335] <... set_robust_list resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./0/file0", [pid 299] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 335] chdir("./1" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 335] <... chdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] newfstatat(4, "", [pid 298] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 335] <... prctl resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... openat resumed>) = 4 [pid 335] setpgid(0, 0 [pid 299] getdents64(4, [pid 335] <... setpgid resumed>) = 0 [pid 298] newfstatat(4, "", [pid 299] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] getdents64(4, [pid 298] getdents64(4, [pid 299] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] close(4 [pid 335] <... openat resumed>) = 3 [pid 299] <... close resumed>) = 0 [pid 298] getdents64(4, [pid 299] rmdir("./0/file0" [pid 298] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 335] write(3, "1000", 4 [pid 298] close(4) = 0 [pid 298] rmdir("./0/file0" [pid 299] <... rmdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 299] getdents64(3, [pid 298] getdents64(3, [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./0" [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./0" [pid 335] <... write resumed>) = 4 [pid 299] <... rmdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./1", 0777 [pid 299] mkdir("./1", 0777) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 335] close(3) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 335] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 335] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 335] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 335] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 335] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 335] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 335] memfd_create("syzkaller", 0) = 5 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 298] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 337 [pid 295] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x555562cb4660, 24) = 0 [pid 337] chdir("./1") = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3 [pid 299] <... openat resumed>) = 3 [pid 295] <... close resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 338 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 337] <... openat resumed>) = 3 [pid 337] write(3, "1000", 4 [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 339 [pid 337] <... write resumed>) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 297] <... umount2 resumed>) = 0 [pid 337] write(1, "executing program\n", 18executing program ) = 18 [pid 337] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 337] ioctl(3, VHOST_SET_OWNER [pid 297] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555562cb4660, 24) = 0 [pid 339] chdir("./1") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 338 attached [pid 339] <... openat resumed>) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 339] <... close resumed>) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs" [pid 338] set_robust_list(0x555562cb4660, 24 [pid 297] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 339] <... symlink resumed>) = 0 [pid 297] <... openat resumed>) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 338] <... set_robust_list resumed>) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 337] <... ioctl resumed>, 0) = 0 [pid 297] close(4 [pid 337] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 337] ioctl(3, VHOST_SET_MEM_TABLEexecuting program [pid 339] write(1, "executing program\n", 18) = 18 [pid 339] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 339] ioctl(3, VHOST_SET_OWNER [pid 297] <... close resumed>) = 0 [pid 338] chdir("./1" [pid 297] rmdir("./0/file0" [pid 338] <... chdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] getdents64(3, [pid 337] <... ioctl resumed>, 0x200000003380) = 0 [pid 338] <... prctl resumed>) = 0 [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3 [pid 338] setpgid(0, 0 [pid 337] eventfd2(118, EFD_SEMAPHORE [pid 338] <... setpgid resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 337] <... eventfd2 resumed>) = 4 [pid 297] rmdir("./0" [pid 337] ioctl(3, VHOST_SET_VRING_ERR [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 337] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 338] <... openat resumed>) = 3 [pid 337] ioctl(3, VHOST_SET_VRING_ADDR [pid 297] <... rmdir resumed>) = 0 [pid 338] write(3, "1000", 4 [pid 337] <... ioctl resumed>, 0x200000000240) = 0 [pid 297] mkdir("./1", 0777 [pid 337] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 337] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 337] memfd_create("syzkaller", 0) = 5 [pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 338] <... write resumed>) = 4 [pid 297] <... mkdir resumed>) = 0 [pid 338] close(3) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 338] symlink("/dev/binderfs", "./binderfs" [pid 339] <... ioctl resumed>, 0) = 0 [pid 338] <... symlink resumed>) = 0 [pid 335] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] <... openat resumed>) = 3 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR [pid 338] write(1, "executing program\n", 18 [pid 339] <... ioctl resumed>, 0x200000000300) = 0 executing program [pid 339] ioctl(3, VHOST_SET_MEM_TABLE [pid 338] <... write resumed>) = 18 [pid 297] ioctl(3, LOOP_CLR_FD [pid 338] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 338] <... openat resumed>) = 3 [pid 297] close(3 [pid 338] ioctl(3, VHOST_SET_OWNER [pid 339] <... ioctl resumed>, 0x200000003380) = 0 [pid 339] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 339] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR [pid 297] <... close resumed>) = 0 [pid 339] <... ioctl resumed>, 0x200000000240) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 339] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 339] <... ioctl resumed>, 0x200000000140) = 0 [pid 339] memfd_create("syzkaller", 0) = 5 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 344 [pid 335] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x555562cb4660, 24) = 0 [pid 344] chdir("./1") = 0 [pid 338] <... ioctl resumed>, 0) = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 335] munmap(0x7fe355b57000, 138412032 [pid 338] ioctl(3, VHOST_SET_VRING_ADDR [pid 344] <... prctl resumed>) = 0 [pid 338] <... ioctl resumed>, 0x200000000300) = 0 [pid 337] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 335] <... munmap resumed>) = 0 [pid 338] ioctl(3, VHOST_SET_MEM_TABLE [pid 335] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 335] ioctl(6, LOOP_SET_FD, 5 [pid 344] setpgid(0, 0) = 0 [pid 338] <... ioctl resumed>, 0x200000003380) = 0 [pid 338] eventfd2(118, EFD_SEMAPHORE [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 338] <... eventfd2 resumed>) = 4 [pid 338] ioctl(3, VHOST_SET_VRING_ERR [pid 344] <... openat resumed>) = 3 [pid 338] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 338] ioctl(3, VHOST_SET_VRING_ADDR [pid 344] write(3, "1000", 4 [pid 338] <... ioctl resumed>, 0x200000000240) = 0 [pid 344] <... write resumed>) = 4 [pid 338] ioctl(3, VHOST_SET_VRING_KICK [pid 344] close(3 [pid 338] <... ioctl resumed>, 0x200000000000) = 0 [pid 344] <... close resumed>) = 0 [pid 338] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 344] symlink("/dev/binderfs", "./binderfs" [pid 338] <... ioctl resumed>, 0x200000000140) = 0 [pid 338] memfd_create("syzkaller", 0 [pid 344] <... symlink resumed>) = 0 [pid 338] <... memfd_create resumed>) = 5 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 344] write(1, "executing program\n", 18executing program ) = 18 [pid 344] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 344] ioctl(3, VHOST_SET_OWNER [pid 335] <... ioctl resumed>) = 0 [pid 335] close(5) = 0 [pid 335] close(6 [pid 339] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 335] <... close resumed>) = 0 [pid 335] mkdir("./file0", 0777) = 0 [pid 335] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 337] <... write resumed>) = 1048576 [pid 337] munmap(0x7fe355b57000, 138412032 [pid 344] <... ioctl resumed>, 0) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 337] <... munmap resumed>) = 0 [pid 344] ioctl(3, VHOST_SET_MEM_TABLE [pid 337] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 337] ioctl(6, LOOP_SET_FD, 5 [pid 344] <... ioctl resumed>, 0x200000003380) = 0 [pid 344] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 344] ioctl(3, VHOST_SET_VRING_ERR [pid 338] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 344] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 344] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 344] memfd_create("syzkaller", 0) = 5 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 337] <... ioctl resumed>) = 0 [pid 337] close(5) = 0 [pid 337] close(6 [pid 344] <... mmap resumed>) = 0x7fe355b57000 [pid 337] <... close resumed>) = 0 [pid 337] mkdir("./file0", 0777) = 0 [pid 339] <... write resumed>) = 1048576 [pid 337] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 339] munmap(0x7fe355b57000, 138412032) = 0 [ 34.633847][ T335] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 339] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 344] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 344] munmap(0x7fe355b57000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 338] <... write resumed>) = 1048576 [pid 338] munmap(0x7fe355b57000, 138412032 [pid 344] <... openat resumed>) = 6 [pid 339] <... openat resumed>) = 6 [pid 339] ioctl(6, LOOP_SET_FD, 5 [pid 344] ioctl(6, LOOP_SET_FD, 5 [pid 338] <... munmap resumed>) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 335] <... mount resumed>) = 0 [pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 339] <... ioctl resumed>) = 0 [pid 335] <... openat resumed>) = 5 [pid 339] close(5) = 0 [pid 339] close(6 [pid 335] chdir("./file0") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 344] <... ioctl resumed>) = 0 [pid 338] <... openat resumed>) = 6 [pid 344] close(5) = 0 [pid 338] ioctl(6, LOOP_SET_FD, 5 [pid 344] close(6 [pid 339] <... close resumed>) = 0 [pid 335] <... openat resumed>) = 6 [pid 339] mkdir("./file0", 0777 [pid 335] ioctl(6, LOOP_CLR_FD [pid 339] <... mkdir resumed>) = 0 [ 34.779276][ T337] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 339] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 338] <... ioctl resumed>) = 0 [pid 338] close(5) = 0 [pid 338] close(6 [pid 337] <... mount resumed>) = 0 [pid 337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 337] chdir("./file0") = 0 [pid 344] <... close resumed>) = 0 [pid 337] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 335] <... ioctl resumed>) = 0 [pid 344] mkdir("./file0", 0777 [pid 335] close(6 [pid 344] <... mkdir resumed>) = 0 [pid 344] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 338] <... close resumed>) = 0 [pid 338] mkdir("./file0", 0777 [pid 335] <... close resumed>) = 0 [pid 337] <... openat resumed>) = 6 [pid 338] <... mkdir resumed>) = 0 [pid 337] ioctl(6, LOOP_CLR_FD [pid 335] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 338] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 337] <... ioctl resumed>) = 0 [pid 335] <... openat resumed>) = 6 [pid 337] close(6 [pid 335] write(6, "#! ./file1\n", 11 [pid 337] <... close resumed>) = 0 [pid 335] <... write resumed>) = 11 [pid 337] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 335] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 337] <... openat resumed>) = 6 [pid 335] <... mmap resumed>) = 0x200000000000 [pid 337] write(6, "#! ./file1\n", 11) = 11 [pid 337] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 34.961167][ T335] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 34.979403][ T337] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 34.982699][ T339] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 335] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=335, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=3} --- [pid 296] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 337] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 296] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./1/binderfs") = 0 [pid 296] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 337] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=337, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./1/binderfs") = 0 [ 35.044900][ T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 35.068954][ T344] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 298] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./1/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 338] <... mount resumed>) = 0 [pid 296] close(3) = 0 [pid 344] <... mount resumed>) = 0 [pid 296] rmdir("./1" [pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... rmdir resumed>) = 0 [pid 344] <... openat resumed>) = 5 [pid 338] <... openat resumed>) = 5 [pid 344] chdir("./file0" [pid 296] mkdir("./2", 0777 [pid 344] <... chdir resumed>) = 0 [pid 338] chdir("./file0" [pid 344] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... mkdir resumed>) = 0 [pid 338] <... chdir resumed>) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 339] <... mount resumed>) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 339] chdir("./file0") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... umount2 resumed>) = 0 [pid 344] <... openat resumed>) = 6 [pid 296] <... openat resumed>) = 3 [pid 338] <... openat resumed>) = 6 [pid 296] ioctl(3, LOOP_CLR_FD [pid 344] ioctl(6, LOOP_CLR_FD [pid 338] ioctl(6, LOOP_CLR_FD [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 338] <... ioctl resumed>) = 0 [pid 344] <... ioctl resumed>) = 0 [pid 338] close(6 [pid 296] close(3 [pid 344] close(6 [pid 296] <... close resumed>) = 0 [pid 338] <... close resumed>) = 0 [pid 344] <... close resumed>) = 0 [pid 338] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 344] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 338] <... openat resumed>) = 6 [pid 338] write(6, "#! ./file1\n", 11) = 11 [pid 338] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 344] <... openat resumed>) = 6 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 361 [pid 338] <... mmap resumed>) = 0x200000000000 [pid 344] write(6, "#! ./file1\n", 11 [pid 339] <... openat resumed>) = 6 [pid 298] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 339] ioctl(6, LOOP_CLR_FD./strace-static-x86_64: Process 361 attached ) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 344] <... write resumed>) = 11 [pid 344] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 361] set_robust_list(0x555562cb4660, 24 [pid 339] close(6 [pid 298] newfstatat(AT_FDCWD, "./1/file0", [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 361] <... set_robust_list resumed>) = 0 [pid 339] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 361] chdir("./2" [pid 339] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 361] <... chdir resumed>) = 0 [pid 338] +++ killed by SIGBUS +++ [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 339] <... openat resumed>) = 6 [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=338, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 298] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 361] <... prctl resumed>) = 0 [pid 339] write(6, "#! ./file1\n", 11 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... openat resumed>) = 4 [pid 361] setpgid(0, 0 [pid 298] newfstatat(4, "", [pid 361] <... setpgid resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 339] <... write resumed>) = 11 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 361] <... openat resumed>) = 3 [pid 298] getdents64(4, [ 35.233581][ T338] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 35.262186][ T344] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 339] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 344] +++ killed by SIGBUS +++ [pid 361] write(3, "1000", 4 [pid 298] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=344, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 339] <... mmap resumed>) = 0x200000000000 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 361] <... write resumed>) = 4 [pid 298] close(4 [pid 297] <... restart_syscall resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 295] <... restart_syscall resumed>) = 0 [pid 361] close(3 [pid 298] rmdir("./1/file0" [pid 361] <... close resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 361] symlink("/dev/binderfs", "./binderfs" [pid 298] getdents64(3, [pid 295] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 361] <... symlink resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 361] write(1, "executing program\n", 18 [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 361] <... write resumed>) = 18 [pid 298] close(3 [pid 297] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 361] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 297] newfstatat(3, "", [pid 295] newfstatat(3, "", [pid 298] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 361] <... openat resumed>) = 3 [pid 297] getdents64(3, [pid 295] getdents64(3, [pid 361] ioctl(3, VHOST_SET_OWNER [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] rmdir("./1" [pid 297] newfstatat(AT_FDCWD, "./1/binderfs", [pid 295] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] unlink("./1/binderfs" [pid 298] mkdir("./2", 0777 [pid 295] newfstatat(AT_FDCWD, "./1/binderfs", [pid 297] <... unlink resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 295] unlink("./1/binderfs" [pid 297] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... unlink resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 363 ./strace-static-x86_64: Process 363 attached [pid 339] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./1/file0") = 0 [pid 297] getdents64(3, [pid 363] set_robust_list(0x555562cb4660, 24 [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3 [pid 363] <... set_robust_list resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 363] chdir("./2" [pid 297] rmdir("./1" [pid 363] <... chdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 297] mkdir("./2", 0777 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 363] <... prctl resumed>) = 0 [pid 363] setpgid(0, 0 [pid 339] +++ killed by SIGBUS +++ [pid 363] <... setpgid resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=339, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- [pid 361] <... ioctl resumed>, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 361] ioctl(3, VHOST_SET_VRING_ADDR [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 363] <... openat resumed>) = 3 [pid 363] write(3, "1000", 4 [pid 361] <... ioctl resumed>, 0x200000000300) = 0 [pid 363] <... write resumed>) = 4 [pid 363] close(3 [pid 361] ioctl(3, VHOST_SET_MEM_TABLE [pid 363] <... close resumed>) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18 [pid 361] <... ioctl resumed>, 0x200000003380) = 0 [pid 363] <... write resumed>) = 18 executing program [pid 361] eventfd2(118, EFD_SEMAPHORE [ 35.286174][ T339] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 363] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 361] <... eventfd2 resumed>) = 4 [pid 363] <... openat resumed>) = 3 [pid 361] ioctl(3, VHOST_SET_VRING_ERR [pid 363] ioctl(3, VHOST_SET_OWNER [pid 361] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 361] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 361] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 361] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 361] memfd_create("syzkaller", 0) = 5 [pid 361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 299] <... restart_syscall resumed>) = 0 [pid 299] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 361] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 363] <... ioctl resumed>, 0) = 0 [pid 299] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./1/binderfs") = 0 [pid 299] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 363] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 363] ioctl(3, VHOST_SET_MEM_TABLE [pid 361] <... write resumed>) = 1048576 [pid 361] munmap(0x7fe355b57000, 138412032) = 0 [pid 361] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 295] <... umount2 resumed>) = 0 [pid 363] <... ioctl resumed>, 0x200000003380) = 0 [pid 361] ioctl(6, LOOP_SET_FD, 5 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 363] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 363] ioctl(3, VHOST_SET_VRING_ERR [pid 295] newfstatat(AT_FDCWD, "./1/file0", [pid 363] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 363] ioctl(3, VHOST_SET_VRING_ADDR [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 363] <... ioctl resumed>, 0x200000000240) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 363] ioctl(3, VHOST_SET_VRING_KICK [pid 295] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 363] <... ioctl resumed>, 0x200000000000) = 0 [pid 295] <... openat resumed>) = 4 [pid 363] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 295] newfstatat(4, "", [pid 363] <... ioctl resumed>, 0x200000000140) = 0 [pid 363] memfd_create("syzkaller", 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 363] <... memfd_create resumed>) = 5 [pid 295] getdents64(4, [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 295] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./1/file0") = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./1") = 0 [pid 295] mkdir("./2", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 363] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 363] munmap(0x7fe355b57000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 361] <... ioctl resumed>) = 0 [pid 361] close(5) = 0 [pid 361] close(6 [pid 363] <... openat resumed>) = 6 [pid 361] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 363] ioctl(6, LOOP_SET_FD, 5 [pid 361] mkdir("./file0", 0777 [pid 297] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 295] close(3 [pid 297] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] <... mkdir resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 367 [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 369 [pid 361] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 299] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 369 attached ./strace-static-x86_64: Process 367 attached [pid 363] <... ioctl resumed>) = 0 [pid 369] set_robust_list(0x555562cb4660, 24 [pid 363] close(5 [pid 369] <... set_robust_list resumed>) = 0 [pid 367] set_robust_list(0x555562cb4660, 24 [pid 363] <... close resumed>) = 0 [pid 363] close(6 [pid 369] chdir("./2" [pid 367] <... set_robust_list resumed>) = 0 [pid 369] <... chdir resumed>) = 0 [pid 367] chdir("./2" [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 367] <... chdir resumed>) = 0 [pid 369] <... prctl resumed>) = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 369] setpgid(0, 0 [pid 367] <... prctl resumed>) = 0 [pid 369] <... setpgid resumed>) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 367] setpgid(0, 0 [pid 369] <... openat resumed>) = 3 [pid 367] <... setpgid resumed>) = 0 [pid 369] write(3, "1000", 4) = 4 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 369] close(3) = 0 [pid 367] <... openat resumed>) = 3 [pid 369] symlink("/dev/binderfs", "./binderfs" [pid 367] write(3, "1000", 4 [pid 369] <... symlink resumed>) = 0 [pid 367] <... write resumed>) = 4 executing program [pid 369] write(1, "executing program\n", 18 [pid 367] close(3 [pid 369] <... write resumed>) = 18 [pid 369] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 367] <... close resumed>) = 0 [pid 369] <... openat resumed>) = 3 [pid 367] symlink("/dev/binderfs", "./binderfs" [pid 369] ioctl(3, VHOST_SET_OWNER [pid 367] <... symlink resumed>) = 0 executing program [pid 367] write(1, "executing program\n", 18 [pid 299] <... openat resumed>) = 4 [pid 367] <... write resumed>) = 18 [pid 367] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 299] newfstatat(4, "", [pid 367] <... openat resumed>) = 3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 367] ioctl(3, VHOST_SET_OWNER [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./1/file0") = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 363] <... close resumed>) = 0 [pid 363] mkdir("./file0", 0777) = 0 [pid 363] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 369] <... ioctl resumed>, 0) = 0 [pid 299] rmdir("./1" [pid 369] ioctl(3, VHOST_SET_VRING_ADDR [pid 299] <... rmdir resumed>) = 0 [pid 369] <... ioctl resumed>, 0x200000000300) = 0 [pid 369] ioctl(3, VHOST_SET_MEM_TABLE [pid 299] mkdir("./2", 0777 [pid 369] <... ioctl resumed>, 0x200000003380) = 0 [pid 367] <... ioctl resumed>, 0) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 369] eventfd2(118, EFD_SEMAPHORE [pid 367] ioctl(3, VHOST_SET_VRING_ADDR [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 369] <... eventfd2 resumed>) = 4 [pid 367] <... ioctl resumed>, 0x200000000300) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_ERR [pid 367] ioctl(3, VHOST_SET_MEM_TABLE [pid 369] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 367] <... ioctl resumed>, 0x200000003380) = 0 [pid 369] ioctl(3, VHOST_SET_VRING_ADDR [pid 367] eventfd2(118, EFD_SEMAPHORE [pid 369] <... ioctl resumed>, 0x200000000240) = 0 [pid 367] <... eventfd2 resumed>) = 4 [pid 369] ioctl(3, VHOST_SET_VRING_KICK [pid 367] ioctl(3, VHOST_SET_VRING_ERR [pid 369] <... ioctl resumed>, 0x200000000000) = 0 [pid 367] <... ioctl resumed>, 0x2000000001c0) = 0 [ 35.620132][ T361] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 369] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 367] ioctl(3, VHOST_SET_VRING_ADDR [pid 369] <... ioctl resumed>, 0x200000000140) = 0 [pid 367] <... ioctl resumed>, 0x200000000240) = 0 [pid 369] memfd_create("syzkaller", 0 [pid 367] ioctl(3, VHOST_SET_VRING_KICK [pid 369] <... memfd_create resumed>) = 5 [pid 367] <... ioctl resumed>, 0x200000000000) = 0 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 367] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 369] <... mmap resumed>) = 0x7fe355b57000 [pid 367] <... ioctl resumed>, 0x200000000140) = 0 [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 375 [pid 367] memfd_create("syzkaller", 0) = 5 [pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 ./strace-static-x86_64: Process 375 attached [pid 369] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 361] <... mount resumed>) = 0 [pid 375] set_robust_list(0x555562cb4660, 24) = 0 [pid 361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 375] chdir("./2") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3 [pid 367] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 375] <... close resumed>) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 375] ioctl(3, VHOST_SET_OWNER [pid 361] <... openat resumed>) = 5 [pid 361] chdir("./file0") = 0 [pid 375] <... ioctl resumed>, 0) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR [pid 361] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 375] <... ioctl resumed>, 0x200000000300) = 0 [pid 361] <... openat resumed>) = 6 [pid 375] ioctl(3, VHOST_SET_MEM_TABLE [pid 361] ioctl(6, LOOP_CLR_FD [pid 375] <... ioctl resumed>, 0x200000003380) = 0 [pid 361] <... ioctl resumed>) = 0 [pid 375] eventfd2(118, EFD_SEMAPHORE [pid 361] close(6 [pid 375] <... eventfd2 resumed>) = 4 [ 35.743117][ T363] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 369] <... write resumed>) = 1048576 [pid 375] ioctl(3, VHOST_SET_VRING_ERR [pid 367] <... write resumed>) = 1048576 [pid 363] <... mount resumed>) = 0 [pid 361] <... close resumed>) = 0 [pid 363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 361] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 363] <... openat resumed>) = 5 [pid 361] <... openat resumed>) = 6 [pid 363] chdir("./file0" [pid 361] write(6, "#! ./file1\n", 11 [pid 375] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 369] munmap(0x7fe355b57000, 138412032 [pid 367] munmap(0x7fe355b57000, 138412032 [pid 363] <... chdir resumed>) = 0 [pid 361] <... write resumed>) = 11 [pid 363] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 361] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 375] ioctl(3, VHOST_SET_VRING_ADDR [pid 369] <... munmap resumed>) = 0 [pid 367] <... munmap resumed>) = 0 [pid 363] <... openat resumed>) = 6 [pid 361] <... mmap resumed>) = 0x200000000000 [pid 375] <... ioctl resumed>, 0x200000000240) = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 367] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 363] ioctl(6, LOOP_CLR_FD) = 0 [pid 363] close(6) = 0 [pid 375] ioctl(3, VHOST_SET_VRING_KICK [pid 369] <... openat resumed>) = 6 [pid 367] <... openat resumed>) = 6 [pid 363] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 375] <... ioctl resumed>, 0x200000000000) = 0 [pid 369] ioctl(6, LOOP_SET_FD, 5 [pid 367] ioctl(6, LOOP_SET_FD, 5 [pid 363] write(6, "#! ./file1\n", 11) = 11 [pid 363] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 375] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 375] memfd_create("syzkaller", 0) = 5 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 367] <... ioctl resumed>) = 0 [pid 367] close(5) = 0 [pid 367] close(6 [pid 375] <... mmap resumed>) = 0x7fe355b57000 [pid 361] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 363] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [ 35.832142][ T361] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 35.853641][ T363] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 369] <... ioctl resumed>) = 0 [pid 367] <... close resumed>) = 0 [pid 369] close(5 [pid 367] mkdir("./file0", 0777 [pid 369] <... close resumed>) = 0 [pid 369] close(6 [pid 367] <... mkdir resumed>) = 0 [pid 367] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 375] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 361] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=361, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./2/binderfs") = 0 [pid 296] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 363] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=363, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./2/binderfs") = 0 [pid 298] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 375] <... write resumed>) = 1048576 [pid 369] <... close resumed>) = 0 [pid 369] mkdir("./file0", 0777) = 0 [pid 369] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 375] munmap(0x7fe355b57000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./2/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [ 36.045240][ T369] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 296] close(3) = 0 [pid 296] rmdir("./2") = 0 [pid 296] mkdir("./3", 0777) = 0 [pid 369] <... mount resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 369] chdir("./file0") = 0 [ 36.053750][ T367] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 375] <... openat resumed>) = 6 [pid 369] <... openat resumed>) = 6 [pid 369] ioctl(6, LOOP_CLR_FD) = 0 [pid 369] close(6) = 0 [pid 369] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 369] write(6, "#! ./file1\n", 11 [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 384 [pid 369] <... write resumed>) = 11 [pid 369] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 375] ioctl(6, LOOP_SET_FD, 5 [pid 298] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x555562cb4660, 24) = 0 [pid 384] chdir("./3" [pid 298] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 384] <... chdir resumed>) = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 384] <... openat resumed>) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs" [pid 298] newfstatat(AT_FDCWD, "./2/file0", [pid 384] <... symlink resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 384] write(1, "executing program\n", 18) = 18 [pid 384] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 367] <... mount resumed>) = 0 [pid 384] ioctl(3, VHOST_SET_OWNER [pid 298] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] newfstatat(4, "", [pid 375] <... ioctl resumed>) = 0 [pid 384] <... ioctl resumed>, 0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 384] <... ioctl resumed>, 0x200000000300) = 0 [pid 384] ioctl(3, VHOST_SET_MEM_TABLE [pid 298] getdents64(4, [pid 375] close(5 [pid 384] <... ioctl resumed>, 0x200000003380) = 0 [pid 384] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 384] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 384] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 384] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 375] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 375] close(6 [pid 298] getdents64(4, [pid 375] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 375] mkdir("./file0", 0777 [pid 298] close(4 [pid 384] <... ioctl resumed>, 0x200000000140) = 0 [pid 384] memfd_create("syzkaller", 0) = 5 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 375] <... mkdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 375] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 298] rmdir("./2/file0") = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./2") = 0 [pid 298] mkdir("./3", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 36.118038][ T369] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 388 [pid 367] <... openat resumed>) = 5 [pid 367] chdir("./file0") = 0 [pid 367] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 367] ioctl(6, LOOP_CLR_FD) = 0 [pid 367] close(6) = 0 [pid 367] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 367] write(6, "#! ./file1\n", 11) = 11 [pid 367] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 36.188836][ T375] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 384] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 388 attached [pid 375] <... mount resumed>) = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 375] ioctl(6, LOOP_CLR_FD) = 0 [pid 375] close(6) = 0 [pid 375] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 375] write(6, "#! ./file1\n", 11) = 11 [pid 375] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 367] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 388] set_robust_list(0x555562cb4660, 24 [pid 369] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 388] <... set_robust_list resumed>) = 0 [pid 388] chdir("./3") = 0 [pid 375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] +++ killed by SIGBUS +++ [pid 388] write(3, "1000", 4 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=375, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 388] <... write resumed>) = 4 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 388] write(1, "executing program\n", 18) = 18 [pid 388] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 384] <... write resumed>) = 1048576 [pid 388] ioctl(3, VHOST_SET_OWNER [pid 384] munmap(0x7fe355b57000, 138412032 [pid 299] <... restart_syscall resumed>) = 0 [pid 384] <... munmap resumed>) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 384] <... openat resumed>) = 6 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 384] ioctl(6, LOOP_SET_FD, 5 [pid 299] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 384] <... ioctl resumed>) = 0 [pid 299] newfstatat(3, "", [pid 388] <... ioctl resumed>, 0) = 0 [pid 384] close(5 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR [pid 384] <... close resumed>) = 0 [pid 367] +++ killed by SIGBUS +++ [pid 299] getdents64(3, [pid 388] <... ioctl resumed>, 0x200000000300) = 0 [pid 384] close(6 [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 388] ioctl(3, VHOST_SET_MEM_TABLE [pid 384] <... close resumed>) = 0 [ 36.225107][ T373] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm vhost-367: bg 0: block 234: padding at end of block bitmap is not set [ 36.250969][ T377] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-375: bg 0: block 234: padding at end of block bitmap is not set [pid 299] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 388] <... ioctl resumed>, 0x200000003380) = 0 [pid 384] mkdir("./file0", 0777 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 388] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 388] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 388] ioctl(3, VHOST_SET_VRING_KICK [pid 384] <... mkdir resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./2/binderfs", [pid 388] <... ioctl resumed>, 0x200000000000) = 0 [pid 384] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 388] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 388] <... ioctl resumed>, 0x200000000140) = 0 [pid 299] unlink("./2/binderfs" [pid 388] memfd_create("syzkaller", 0) = 5 [pid 299] <... unlink resumed>) = 0 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 388] <... mmap resumed>) = 0x7fe355b57000 [pid 297] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./2/binderfs") = 0 [pid 297] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 388] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 369] +++ killed by SIGBUS +++ [pid 388] <... write resumed>) = 1048576 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=369, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 295] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./2/binderfs") = 0 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 388] munmap(0x7fe355b57000, 138412032) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 384] <... mount resumed>) = 0 [pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 384] chdir("./file0") = 0 [pid 384] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 36.373979][ T384] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 297] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./2/file0") = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./2") = 0 [pid 297] mkdir("./3", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 388] <... openat resumed>) = 6 [pid 384] <... openat resumed>) = 6 [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 384] ioctl(6, LOOP_CLR_FD [pid 388] ioctl(6, LOOP_SET_FD, 5 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 384] <... ioctl resumed>) = 0 [pid 384] close(6 [pid 297] close(3 [pid 295] <... umount2 resumed>) = 0 [pid 388] <... ioctl resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 384] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 388] close(5 [pid 384] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 388] <... close resumed>) = 0 [pid 388] close(6 [pid 384] <... openat resumed>) = 6 [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 396 [pid 388] <... close resumed>) = 0 [pid 384] write(6, "#! ./file1\n", 11 [pid 388] mkdir("./file0", 0777) = 0 [pid 388] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 384] <... write resumed>) = 11 [pid 384] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 396 attached [pid 299] <... openat resumed>) = 4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 396] set_robust_list(0x555562cb4660, 24 [pid 299] newfstatat(4, "", [pid 295] newfstatat(AT_FDCWD, "./2/file0", [pid 396] <... set_robust_list resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 396] chdir("./3" [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 396] <... chdir resumed>) = 0 [pid 299] getdents64(4, [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] close(4 [pid 295] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] <... close resumed>) = 0 [pid 295] <... openat resumed>) = 4 [pid 299] rmdir("./2/file0" [pid 396] setpgid(0, 0 [pid 295] newfstatat(4, "", [pid 396] <... setpgid resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] getdents64(4, [pid 299] close(3 [pid 396] <... openat resumed>) = 3 [pid 396] write(3, "1000", 4 [pid 299] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [ 36.544683][ T384] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 299] rmdir("./2"executing program [pid 295] getdents64(4, [pid 396] <... write resumed>) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 396] write(1, "executing program\n", 18) = 18 [pid 396] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 396] ioctl(3, VHOST_SET_OWNER [pid 295] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 384] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 295] close(4) = 0 [pid 295] rmdir("./2/file0" [pid 299] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, [pid 299] mkdir("./3", 0777 [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 295] close(3 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./2" [pid 299] ioctl(3, LOOP_CLR_FD [pid 384] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=384, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... rmdir resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] mkdir("./3", 0777 [pid 299] close(3 [pid 295] <... mkdir resumed>) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 400 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] ioctl(3, LOOP_CLR_FD [pid 296] <... openat resumed>) = 3 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] close(3 [pid 296] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 401 [pid 296] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./3/binderfs") = 0 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x555562cb4660, 24) = 0 [pid 400] chdir("./3") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4 [pid 296] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 400] <... write resumed>) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 400] write(1, "executing program\n", 18) = 18 [pid 400] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 400] ioctl(3, VHOST_SET_OWNER./strace-static-x86_64: Process 401 attached [pid 396] <... ioctl resumed>, 0) = 0 [pid 396] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 396] ioctl(3, VHOST_SET_MEM_TABLE [pid 401] set_robust_list(0x555562cb4660, 24 [pid 388] <... mount resumed>) = 0 [pid 401] <... set_robust_list resumed>) = 0 [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 401] chdir("./3" [pid 388] <... openat resumed>) = 5 [pid 396] <... ioctl resumed>, 0x200000003380) = 0 [pid 396] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 396] ioctl(3, VHOST_SET_VRING_ERR [pid 401] <... chdir resumed>) = 0 [pid 388] chdir("./file0" [pid 400] <... ioctl resumed>, 0) = 0 [pid 396] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR [pid 396] ioctl(3, VHOST_SET_VRING_ADDR [pid 400] <... ioctl resumed>, 0x200000000300) = 0 [pid 396] <... ioctl resumed>, 0x200000000240) = 0 [pid 400] ioctl(3, VHOST_SET_MEM_TABLE [ 36.583754][ T388] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 396] ioctl(3, VHOST_SET_VRING_KICK [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0 [pid 396] <... ioctl resumed>, 0x200000000000) = 0 [pid 401] <... setpgid resumed>) = 0 [pid 396] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 400] <... ioctl resumed>, 0x200000003380) = 0 [pid 401] <... openat resumed>) = 3 [pid 396] <... ioctl resumed>, 0x200000000140) = 0 [pid 400] eventfd2(118, EFD_SEMAPHORE [pid 396] memfd_create("syzkaller", 0 [pid 400] <... eventfd2 resumed>) = 4 [pid 396] <... memfd_create resumed>) = 5 [pid 400] ioctl(3, VHOST_SET_VRING_ERR [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 400] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 396] <... mmap resumed>) = 0x7fe355b57000 [pid 401] write(3, "1000", 4 [pid 400] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 400] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 400] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 401] <... write resumed>) = 4 [pid 400] memfd_create("syzkaller", 0) = 5 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 388] <... chdir resumed>) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 401] write(1, "executing program\n", 18) = 18 [pid 401] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 401] ioctl(3, VHOST_SET_OWNER [pid 396] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 388] <... openat resumed>) = 6 [pid 388] ioctl(6, LOOP_CLR_FD) = 0 [pid 388] close(6) = 0 [pid 388] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 388] write(6, "#! ./file1\n", 11 [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 388] <... write resumed>) = 11 [pid 388] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 400] <... write resumed>) = 1048576 [pid 400] munmap(0x7fe355b57000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 400] ioctl(6, LOOP_SET_FD, 5 [pid 296] <... umount2 resumed>) = 0 [pid 401] <... ioctl resumed>, 0) = 0 [pid 296] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 401] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 401] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 401] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 401] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 401] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 401] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 401] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 401] memfd_create("syzkaller", 0) = 5 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 296] newfstatat(AT_FDCWD, "./3/file0", [pid 396] <... write resumed>) = 1048576 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 396] munmap(0x7fe355b57000, 138412032 [pid 400] <... ioctl resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 400] close(5) = 0 [pid 400] close(6 [pid 296] newfstatat(4, "", [pid 396] <... munmap resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./3/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./3") = 0 [pid 296] mkdir("./4", 0777) = 0 [ 36.714765][ T388] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 401] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 400] <... close resumed>) = 0 [pid 400] mkdir("./file0", 0777) = 0 [pid 400] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 396] <... openat resumed>) = 6 [pid 296] <... openat resumed>) = 3 [pid 388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 296] ioctl(3, LOOP_CLR_FD [pid 396] ioctl(6, LOOP_SET_FD, 5 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 401] munmap(0x7fe355b57000, 138412032) = 0 [pid 388] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=388, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 396] <... ioctl resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 298] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./3/binderfs") = 0 [pid 298] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 401] <... openat resumed>) = 6 [pid 396] close(5 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 407 [pid 401] ioctl(6, LOOP_SET_FD, 5 [pid 396] <... close resumed>) = 0 [pid 396] close(6./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x555562cb4660, 24) = 0 [pid 407] chdir("./4") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] write(1, "executing program\n", 18executing program ) = 18 [pid 407] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 407] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 407] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 407] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 407] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 407] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 407] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 407] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 407] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 407] memfd_create("syzkaller", 0) = 5 [pid 407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 396] <... close resumed>) = 0 [pid 396] mkdir("./file0", 0777) = 0 [pid 396] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 401] <... ioctl resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 401] close(5 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 401] <... close resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./3/file0", [pid 401] close(6 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 36.868956][ T400] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 298] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./3/file0") = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./3") = 0 [pid 298] mkdir("./4", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 407] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 400] <... mount resumed>) = 0 [pid 401] <... close resumed>) = 0 [pid 401] mkdir("./file0", 0777) = 0 [pid 401] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 407] <... write resumed>) = 1048576 [pid 407] munmap(0x7fe355b57000, 138412032) = 0 [pid 407] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 400] <... openat resumed>) = 6 [pid 298] <... openat resumed>) = 3 [pid 407] ioctl(6, LOOP_SET_FD, 5 [pid 400] ioctl(6, LOOP_CLR_FD [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 400] <... ioctl resumed>) = 0 [pid 400] close(6 [pid 298] close(3 [pid 407] <... ioctl resumed>) = 0 [pid 400] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 400] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 407] close(5) = 0 [pid 400] <... openat resumed>) = 6 [pid 298] <... clone resumed>, child_tidptr=0x555562cb4650) = 415 [pid 407] close(6 [pid 400] write(6, "#! ./file1\n", 11) = 11 [pid 400] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0./strace-static-x86_64: Process 415 attached [ 37.106536][ T396] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue executing program ) = 0x200000000000 [pid 415] set_robust_list(0x555562cb4660, 24) = 0 [pid 415] chdir("./4") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 415] write(1, "executing program\n", 18) = 18 [pid 415] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 415] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 415] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 415] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 415] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 415] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 415] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 415] memfd_create("syzkaller", 0) = 5 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 407] <... close resumed>) = 0 [pid 407] mkdir("./file0", 0777) = 0 [pid 407] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [ 37.162337][ T400] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 37.233051][ T407] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 400] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=400, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./3/binderfs") = 0 [pid 299] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 37.257223][ T401] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 415] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 396] <... mount resumed>) = 0 [pid 415] munmap(0x7fe355b57000, 138412032) = 0 [pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] <... umount2 resumed>) = 0 [pid 396] <... openat resumed>) = 5 [pid 415] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 396] chdir("./file0") = 0 [pid 396] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 415] <... openat resumed>) = 6 [pid 415] ioctl(6, LOOP_SET_FD, 5 [pid 396] <... openat resumed>) = 6 [pid 299] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 396] ioctl(6, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 407] <... mount resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 299] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 407] chdir("./file0") = 0 [pid 299] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 407] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 415] <... ioctl resumed>) = 0 [pid 396] <... ioctl resumed>) = 0 [pid 396] close(6 [pid 415] close(5 [pid 299] getdents64(4, [pid 396] <... close resumed>) = 0 [pid 396] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 415] <... close resumed>) = 0 [pid 415] close(6 [pid 396] <... openat resumed>) = 6 [pid 299] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 396] write(6, "#! ./file1\n", 11 [pid 299] getdents64(4, [pid 396] <... write resumed>) = 11 [pid 396] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 299] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 415] <... close resumed>) = 0 [pid 415] mkdir("./file0", 0777) = 0 [pid 415] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 407] <... openat resumed>) = 6 [pid 299] rmdir("./3/file0" [pid 407] ioctl(6, LOOP_CLR_FD [pid 299] <... rmdir resumed>) = 0 [pid 407] <... ioctl resumed>) = 0 [pid 299] getdents64(3, [pid 407] close(6 [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 407] <... close resumed>) = 0 [pid 407] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 299] close(3 [pid 407] <... openat resumed>) = 6 [pid 299] <... close resumed>) = 0 [pid 407] write(6, "#! ./file1\n", 11) = 11 [pid 299] rmdir("./3") = 0 [pid 407] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 299] mkdir("./4", 0777 [pid 396] <... mmap resumed>) = 0x200000000000 [pid 299] <... mkdir resumed>) = 0 [pid 401] <... mount resumed>) = 0 [pid 401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 401] chdir("./file0") = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 401] ioctl(6, LOOP_CLR_FD) = 0 [pid 401] close(6) = 0 [pid 401] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 401] write(6, "#! ./file1\n", 11) = 11 [pid 401] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 37.457699][ T409] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-407: bg 0: block 234: padding at end of block bitmap is not set [ 37.466807][ T399] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm vhost-396: bg 0: block 234: padding at end of block bitmap is not set [ 37.479054][ T401] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- ./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x555562cb4660, 24) = 0 [pid 421] chdir("./4") = 0 [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 421 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 421] write(1, "executing program\n", 18executing program ) = 18 [pid 421] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 421] ioctl(3, VHOST_SET_OWNER [pid 396] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=396, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- [pid 297] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./3/binderfs") = 0 [pid 297] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 407] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=407, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 421] <... ioctl resumed>, 0) = 0 [pid 421] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 421] ioctl(3, VHOST_SET_MEM_TABLE [pid 296] <... restart_syscall resumed>) = 0 [pid 296] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./4/binderfs") = 0 [pid 296] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 401] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 421] <... ioctl resumed>, 0x200000003380) = 0 [pid 421] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 421] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 421] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 421] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 421] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 421] memfd_create("syzkaller", 0) = 5 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 401] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=401, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=3} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./3/binderfs") = 0 [pid 295] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./4/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./4") = 0 [pid 296] mkdir("./5", 0777) = 0 [ 37.554436][ T415] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 297] <... umount2 resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = 0 [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 415] <... mount resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./3/file0", [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 426 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 421] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] close(4) = 0 [pid 295] rmdir("./3/file0") = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 415] <... openat resumed>) = 5 [pid 295] rmdir("./3" [pid 415] chdir("./file0") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_CLR_FD) = 0 [pid 415] close(6 [pid 421] <... write resumed>) = 1048576 [pid 415] <... close resumed>) = 0 [pid 297] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... rmdir resumed>) = 0 [pid 415] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 415] write(6, "#! ./file1\n", 11./strace-static-x86_64: Process 426 attached ) = 11 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] mkdir("./4", 0777 [pid 426] set_robust_list(0x555562cb4660, 24 [pid 415] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 426] <... set_robust_list resumed>) = 0 [pid 415] <... mmap resumed>) = 0x200000000000 [pid 297] newfstatat(AT_FDCWD, "./3/file0", [pid 295] <... mkdir resumed>) = 0 [pid 426] chdir("./5" [pid 421] munmap(0x7fe355b57000, 138412032 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 426] <... chdir resumed>) = 0 [pid 421] <... munmap resumed>) = 0 [pid 297] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 421] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 426] <... prctl resumed>) = 0 [pid 297] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 426] setpgid(0, 0 [pid 297] <... openat resumed>) = 4 [pid 426] <... setpgid resumed>) = 0 [pid 297] newfstatat(4, "", [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 426] <... openat resumed>) = 3 [pid 297] getdents64(4, [pid 426] write(3, "1000", 4 [pid 297] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 426] <... write resumed>) = 4 [pid 297] getdents64(4, [pid 426] close(3 [pid 297] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 426] <... close resumed>) = 0 [pid 297] close(4 [pid 426] symlink("/dev/binderfs", "./binderfs" [pid 297] <... close resumed>) = 0 [pid 426] <... symlink resumed>) = 0 [pid 297] rmdir("./3/file0"executing program [pid 426] write(1, "executing program\n", 18 [pid 297] <... rmdir resumed>) = 0 [pid 426] <... write resumed>) = 18 [pid 297] getdents64(3, [pid 426] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 426] <... openat resumed>) = 3 [pid 297] close(3 [pid 426] ioctl(3, VHOST_SET_OWNER [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./3") = 0 [pid 297] mkdir("./4", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 426] <... ioctl resumed>, 0) = 0 [pid 426] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 426] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 426] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 426] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 426] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 426] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 426] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 426] memfd_create("syzkaller", 0) = 5 [pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [ 37.679060][ T416] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-415: bg 0: block 234: padding at end of block bitmap is not set [pid 415] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=415, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 421] <... openat resumed>) = 6 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 421] ioctl(6, LOOP_SET_FD, 5 [pid 298] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] unlink("./4/binderfs") = 0 [pid 298] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 421] <... ioctl resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 421] close(5) = 0 [pid 421] close(6 [pid 297] close(3 [pid 295] close(3 [pid 421] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 426] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 421] mkdir("./file0", 0777 [pid 298] <... umount2 resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 421] <... mkdir resumed>) = 0 [pid 421] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 298] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 430 [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 429 [pid 298] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./4/file0") = 0 [pid 298] getdents64(3, [pid 426] <... write resumed>) = 1048576 [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./4") = 0 [pid 298] mkdir("./5", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 432 ./strace-static-x86_64: Process 429 attached ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x555562cb4660, 24 [pid 429] set_robust_list(0x555562cb4660, 24 [pid 426] munmap(0x7fe355b57000, 138412032./strace-static-x86_64: Process 432 attached [pid 430] <... set_robust_list resumed>) = 0 [pid 429] <... set_robust_list resumed>) = 0 [pid 430] chdir("./4" [pid 429] chdir("./4" [pid 426] <... munmap resumed>) = 0 [pid 429] <... chdir resumed>) = 0 [pid 430] <... chdir resumed>) = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 432] set_robust_list(0x555562cb4660, 24 [pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 426] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 432] <... set_robust_list resumed>) = 0 [pid 430] <... prctl resumed>) = 0 [pid 429] <... prctl resumed>) = 0 [pid 426] <... openat resumed>) = 6 [pid 429] setpgid(0, 0 [pid 430] setpgid(0, 0 [pid 432] chdir("./5" [pid 429] <... setpgid resumed>) = 0 [pid 430] <... setpgid resumed>) = 0 [pid 426] ioctl(6, LOOP_SET_FD, 5 [pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 429] <... openat resumed>) = 3 [pid 432] <... chdir resumed>) = 0 [pid 430] <... openat resumed>) = 3 [pid 429] write(3, "1000", 4 [pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 430] write(3, "1000", 4 [pid 429] <... write resumed>) = 4 [pid 432] <... prctl resumed>) = 0 [pid 430] <... write resumed>) = 4 [pid 429] close(3) = 0 [pid 432] setpgid(0, 0 [pid 429] symlink("/dev/binderfs", "./binderfs" [pid 432] <... setpgid resumed>) = 0 [pid 430] close(3 [pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 430] <... close resumed>) = 0 [pid 429] <... symlink resumed>) = 0 [pid 432] <... openat resumed>) = 3 [pid 430] symlink("/dev/binderfs", "./binderfs" [pid 432] write(3, "1000", 4 [pid 430] <... symlink resumed>) = 0 [pid 429] write(1, "executing program\n", 18) = 18 [pid 429] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 429] ioctl(3, VHOST_SET_OWNERexecuting program [pid 432] <... write resumed>) = 4 executing program executing program [pid 430] write(1, "executing program\n", 18 [pid 432] close(3 [pid 430] <... write resumed>) = 18 [pid 432] <... close resumed>) = 0 [pid 430] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 432] symlink("/dev/binderfs", "./binderfs" [pid 430] <... openat resumed>) = 3 [pid 432] <... symlink resumed>) = 0 [pid 430] ioctl(3, VHOST_SET_OWNER [pid 432] write(1, "executing program\n", 18) = 18 [pid 432] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 432] ioctl(3, VHOST_SET_OWNER [pid 429] <... ioctl resumed>, 0) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 429] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 429] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 429] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 429] ioctl(3, VHOST_SET_VRING_KICK [pid 426] <... ioctl resumed>) = 0 [pid 429] <... ioctl resumed>, 0x200000000000) = 0 [pid 426] close(5 [pid 429] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 426] <... close resumed>) = 0 [pid 429] <... ioctl resumed>, 0x200000000140) = 0 [pid 426] close(6 [pid 429] memfd_create("syzkaller", 0) = 5 [pid 430] <... ioctl resumed>, 0) = 0 [pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 421] <... mount resumed>) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR [pid 429] <... mmap resumed>) = 0x7fe355b57000 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 430] <... ioctl resumed>, 0x200000000300) = 0 [pid 421] <... openat resumed>) = 5 [pid 430] ioctl(3, VHOST_SET_MEM_TABLE [pid 421] chdir("./file0" [pid 430] <... ioctl resumed>, 0x200000003380) = 0 [pid 421] <... chdir resumed>) = 0 [pid 430] eventfd2(118, EFD_SEMAPHORE [pid 421] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 430] <... eventfd2 resumed>) = 4 [pid 430] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 430] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 430] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [ 37.854742][ T421] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 430] memfd_create("syzkaller", 0 [pid 429] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 430] <... memfd_create resumed>) = 5 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 429] <... write resumed>) = 1048576 [pid 426] <... close resumed>) = 0 [pid 432] <... ioctl resumed>, 0) = 0 [pid 426] mkdir("./file0", 0777 [pid 432] ioctl(3, VHOST_SET_VRING_ADDR [pid 426] <... mkdir resumed>) = 0 [pid 432] <... ioctl resumed>, 0x200000000300) = 0 [pid 432] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 432] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 432] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 426] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 432] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 432] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 432] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 432] memfd_create("syzkaller", 0) = 5 [pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 421] <... openat resumed>) = 6 [pid 421] ioctl(6, LOOP_CLR_FD) = 0 [pid 421] close(6) = 0 [pid 421] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 421] write(6, "#! ./file1\n", 11) = 11 [pid 421] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 432] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 429] munmap(0x7fe355b57000, 138412032) = 0 [pid 429] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [ 37.994136][ T421] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 429] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 429] close(5) = 0 [pid 429] close(6) = 0 [pid 429] mkdir("./file0", 0777) = 0 [pid 429] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [ 38.058213][ T426] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 430] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 432] <... write resumed>) = 1048576 [pid 430] <... write resumed>) = 1048576 [pid 430] munmap(0x7fe355b57000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_SET_FD, 5 [pid 432] munmap(0x7fe355b57000, 138412032) = 0 [pid 432] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 421] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 430] <... ioctl resumed>) = 0 [pid 430] close(5) = 0 [pid 430] close(6) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 432] <... openat resumed>) = 6 [pid 432] ioctl(6, LOOP_SET_FD, 5 [pid 426] <... mount resumed>) = 0 [pid 426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [ 38.154497][ T429] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 429] <... mount resumed>) = 0 [pid 429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 429] chdir("./file0") = 0 [pid 429] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 426] chdir("./file0") = 0 [pid 426] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 432] <... ioctl resumed>) = 0 [pid 429] <... openat resumed>) = 6 [pid 426] <... openat resumed>) = 6 [pid 429] ioctl(6, LOOP_CLR_FD [pid 426] ioctl(6, LOOP_CLR_FD [pid 429] <... ioctl resumed>) = 0 [pid 426] <... ioctl resumed>) = 0 [pid 429] close(6 [pid 426] close(6 [pid 432] close(5 [pid 429] <... close resumed>) = 0 [pid 432] <... close resumed>) = 0 [pid 432] close(6) = 0 [pid 432] mkdir("./file0", 0777) = 0 [pid 432] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 429] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 426] <... close resumed>) = 0 [pid 429] <... openat resumed>) = 6 [pid 426] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 429] write(6, "#! ./file1\n", 11) = 11 [pid 429] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 426] <... openat resumed>) = 6 [pid 429] <... mmap resumed>) = 0x200000000000 [ 38.198373][ T423] EXT4-fs error (device loop4): ext4_map_blocks:739: inode #18: block 62218: comm vhost-421: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 426] write(6, "#! ./file1\n", 11) = 11 [pid 426] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 38.237587][ T429] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 38.263372][ T427] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-426: bg 0: block 234: padding at end of block bitmap is not set [ 38.283425][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.288077][ T432] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 38.308167][ T423] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #18: block 62218: comm vhost-421: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 429] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 426] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 432] <... mount resumed>) = 0 [pid 430] <... mount resumed>) = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 430] chdir("./file0") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 430] ioctl(6, LOOP_CLR_FD) = 0 [pid 430] close(6) = 0 [pid 430] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 430] write(6, "#! ./file1\n", 11 [pid 432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 430] <... write resumed>) = 11 [pid 432] <... openat resumed>) = 5 [pid 430] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 421] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=421, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 426] +++ killed by SIGBUS +++ [pid 299] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 432] chdir("./file0" [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=426, si_uid=0, si_status=SIGBUS, si_utime=3, si_stime=1} --- [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 432] <... chdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 432] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] newfstatat(3, "", [pid 432] <... openat resumed>) = 6 [pid 296] <... openat resumed>) = 3 [pid 432] ioctl(6, LOOP_CLR_FD [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(3, "", [pid 432] <... ioctl resumed>) = 0 [pid 299] getdents64(3, [pid 432] close(6 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] getdents64(3, [pid 299] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 432] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 432] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 299] newfstatat(AT_FDCWD, "./4/binderfs", [pid 296] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] unlink("./4/binderfs" [pid 296] newfstatat(AT_FDCWD, "./5/binderfs", [pid 299] <... unlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] unlink("./5/binderfs") = 0 [pid 296] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 429] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=429, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 432] <... openat resumed>) = 6 [pid 297] <... restart_syscall resumed>) = 0 [pid 432] write(6, "#! ./file1\n", 11 [pid 297] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 432] <... write resumed>) = 11 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 432] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 297] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 432] <... mmap resumed>) = 0x200000000000 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 38.389972][ T423] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #18: block 62218: comm vhost-421: lblock 0 mapped to illegal pblock 62218 (length 1) [ 38.407291][ T430] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 297] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./4/binderfs") = 0 [pid 297] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 430] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=430, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 295] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./4/binderfs") = 0 [pid 295] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./5/file0", [pid 432] +++ killed by SIGBUS +++ [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=432, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=3} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 296] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 298] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] rmdir("./5/file0" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, [pid 298] <... openat resumed>) = 3 [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./5" [pid 298] newfstatat(3, "", [pid 296] <... rmdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 296] mkdir("./6", 0777 [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./5/binderfs" [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... unlink resumed>) = 0 [ 38.448394][ T432] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 298] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 299] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./4/file0") = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./4") = 0 [pid 299] mkdir("./5", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./4/file0") = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./4") = 0 [pid 297] mkdir("./5", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... umount2 resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] close(3 [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] <... umount2 resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] close(3) = 0 [pid 295] newfstatat(AT_FDCWD, "./4/file0", [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 450 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 452 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 451 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... openat resumed>) = 4 [pid 295] newfstatat(4, "", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] getdents64(4, [pid 298] <... openat resumed>) = 4 [pid 295] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] newfstatat(4, "", [pid 295] getdents64(4, [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] getdents64(4, [pid 295] close(4./strace-static-x86_64: Process 450 attached [pid 298] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] <... close resumed>) = 0 [pid 298] getdents64(4, [pid 295] rmdir("./4/file0" [pid 298] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 450] set_robust_list(0x555562cb4660, 24 [pid 295] <... rmdir resumed>) = 0 [pid 298] close(4 [pid 450] <... set_robust_list resumed>) = 0 [pid 295] getdents64(3, [pid 298] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] rmdir("./5/file0" [pid 295] close(3 [pid 450] chdir("./6") = 0 [pid 298] <... rmdir resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 298] getdents64(3, [pid 295] rmdir("./4" [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 298] close(3 [pid 295] mkdir("./5", 0777 [pid 298] <... close resumed>) = 0 [pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 450] setpgid(0, 0./strace-static-x86_64: Process 451 attached ) = 0 [pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] rmdir("./5" [pid 295] <... mkdir resumed>) = 0 [pid 451] set_robust_list(0x555562cb4660, 24) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 451] chdir("./5" [pid 298] mkdir("./6", 0777 [pid 295] <... openat resumed>) = 3 [pid 450] <... openat resumed>) = 3 [pid 298] <... mkdir resumed>) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 451] <... chdir resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 295] close(3) = 0 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] close(3 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 450] write(3, "1000", 4 [pid 451] <... prctl resumed>) = 0 [pid 450] <... write resumed>) = 4 [pid 298] <... close resumed>) = 0 [pid 451] setpgid(0, 0 [pid 450] close(3 [pid 451] <... setpgid resumed>) = 0 [pid 450] <... close resumed>) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 450] symlink("/dev/binderfs", "./binderfs" [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 451] <... openat resumed>) = 3 [pid 450] <... symlink resumed>) = 0 [pid 451] write(3, "1000", 4executing program [pid 450] write(1, "executing program\n", 18 [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 453 [pid 451] <... write resumed>) = 4 [pid 450] <... write resumed>) = 18 [pid 451] close(3 [pid 450] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 298] <... clone resumed>, child_tidptr=0x555562cb4650) = 454 [pid 451] <... close resumed>) = 0 [pid 450] <... openat resumed>) = 3 [pid 451] symlink("/dev/binderfs", "./binderfs" [pid 450] ioctl(3, VHOST_SET_OWNER./strace-static-x86_64: Process 452 attached [pid 451] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 454 attached executing program [pid 451] write(1, "executing program\n", 18) = 18 [pid 451] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 454] set_robust_list(0x555562cb4660, 24 [pid 452] set_robust_list(0x555562cb4660, 24 [pid 451] <... openat resumed>) = 3 ./strace-static-x86_64: Process 453 attached [pid 454] <... set_robust_list resumed>) = 0 [pid 452] <... set_robust_list resumed>) = 0 [pid 451] ioctl(3, VHOST_SET_OWNER [pid 453] set_robust_list(0x555562cb4660, 24) = 0 [pid 453] chdir("./5" [pid 452] chdir("./5" [pid 454] chdir("./6" [pid 452] <... chdir resumed>) = 0 [pid 454] <... chdir resumed>) = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 453] <... chdir resumed>) = 0 [pid 454] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 452] <... prctl resumed>) = 0 [pid 454] <... prctl resumed>) = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 452] setpgid(0, 0 [pid 453] <... prctl resumed>) = 0 [pid 452] <... setpgid resumed>) = 0 [pid 450] <... ioctl resumed>, 0) = 0 [pid 454] setpgid(0, 0 [pid 453] setpgid(0, 0 [pid 450] ioctl(3, VHOST_SET_VRING_ADDR [pid 454] <... setpgid resumed>) = 0 [pid 453] <... setpgid resumed>) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 450] <... ioctl resumed>, 0x200000000300) = 0 [pid 454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 452] <... openat resumed>) = 3 [pid 450] ioctl(3, VHOST_SET_MEM_TABLE [pid 454] <... openat resumed>) = 3 [pid 453] <... openat resumed>) = 3 [pid 452] write(3, "1000", 4 [pid 450] <... ioctl resumed>, 0x200000003380) = 0 [pid 454] write(3, "1000", 4 [pid 453] write(3, "1000", 4 [pid 452] <... write resumed>) = 4 [pid 450] eventfd2(118, EFD_SEMAPHORE [pid 454] <... write resumed>) = 4 [pid 453] <... write resumed>) = 4 [pid 452] close(3 [pid 450] <... eventfd2 resumed>) = 4 [pid 454] close(3 [pid 453] close(3 [pid 452] <... close resumed>) = 0 [pid 450] ioctl(3, VHOST_SET_VRING_ERR [pid 454] <... close resumed>) = 0 [pid 453] <... close resumed>) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs" [pid 450] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 454] symlink("/dev/binderfs", "./binderfs" [pid 453] symlink("/dev/binderfs", "./binderfs" [pid 450] ioctl(3, VHOST_SET_VRING_ADDR [pid 454] <... symlink resumed>) = 0 [pid 453] <... symlink resumed>) = 0 [pid 452] <... symlink resumed>) = 0 [pid 450] <... ioctl resumed>, 0x200000000240) = 0 executing program executing program executing program [pid 454] write(1, "executing program\n", 18 [pid 453] write(1, "executing program\n", 18 [pid 452] write(1, "executing program\n", 18 [pid 450] ioctl(3, VHOST_SET_VRING_KICK [pid 454] <... write resumed>) = 18 [pid 453] <... write resumed>) = 18 [pid 452] <... write resumed>) = 18 [pid 451] <... ioctl resumed>, 0) = 0 [pid 450] <... ioctl resumed>, 0x200000000000) = 0 [pid 454] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 453] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 452] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 451] ioctl(3, VHOST_SET_VRING_ADDR [pid 450] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 454] <... openat resumed>) = 3 [pid 453] <... openat resumed>) = 3 [pid 452] <... openat resumed>) = 3 [pid 451] <... ioctl resumed>, 0x200000000300) = 0 [pid 450] <... ioctl resumed>, 0x200000000140) = 0 [pid 453] ioctl(3, VHOST_SET_OWNER [pid 451] ioctl(3, VHOST_SET_MEM_TABLE [pid 450] memfd_create("syzkaller", 0) = 5 [pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 454] ioctl(3, VHOST_SET_OWNER [pid 452] ioctl(3, VHOST_SET_OWNER [pid 451] <... ioctl resumed>, 0x200000003380) = 0 [pid 451] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 451] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 451] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 451] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 451] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 451] memfd_create("syzkaller", 0) = 5 [pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 452] <... ioctl resumed>, 0) = 0 [pid 450] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 453] <... ioctl resumed>, 0) = 0 [pid 453] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 453] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 452] ioctl(3, VHOST_SET_VRING_ADDR [pid 453] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 453] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 453] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 452] <... ioctl resumed>, 0x200000000300) = 0 [pid 451] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 453] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 453] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 452] ioctl(3, VHOST_SET_MEM_TABLE [pid 453] memfd_create("syzkaller", 0) = 5 [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 452] <... ioctl resumed>, 0x200000003380) = 0 [pid 452] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 454] <... ioctl resumed>, 0) = 0 [pid 452] ioctl(3, VHOST_SET_VRING_ERR [pid 454] ioctl(3, VHOST_SET_VRING_ADDR [pid 452] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 454] <... ioctl resumed>, 0x200000000300) = 0 [pid 452] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 454] ioctl(3, VHOST_SET_MEM_TABLE [pid 452] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 452] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 454] <... ioctl resumed>, 0x200000003380) = 0 [pid 452] memfd_create("syzkaller", 0 [pid 454] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 452] <... memfd_create resumed>) = 5 [pid 454] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 454] ioctl(3, VHOST_SET_VRING_ADDR [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 454] <... ioctl resumed>, 0x200000000240) = 0 [pid 454] ioctl(3, VHOST_SET_VRING_KICK [pid 452] <... mmap resumed>) = 0x7fe355b57000 [pid 454] <... ioctl resumed>, 0x200000000000) = 0 [pid 450] <... write resumed>) = 1048576 [pid 454] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 454] memfd_create("syzkaller", 0) = 5 [pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 451] <... write resumed>) = 1048576 [pid 453] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 450] munmap(0x7fe355b57000, 138412032 [pid 454] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 450] <... munmap resumed>) = 0 [pid 450] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 450] ioctl(6, LOOP_SET_FD, 5 [pid 451] munmap(0x7fe355b57000, 138412032) = 0 [pid 451] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 450] <... ioctl resumed>) = 0 [pid 450] close(5) = 0 [pid 450] close(6) = 0 [pid 450] mkdir("./file0", 0777) = 0 [pid 450] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 451] <... openat resumed>) = 6 [pid 451] ioctl(6, LOOP_SET_FD, 5 [pid 453] munmap(0x7fe355b57000, 138412032) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 452] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 451] <... ioctl resumed>) = 0 [pid 451] close(5) = 0 [pid 451] close(6) = 0 [pid 451] mkdir("./file0", 0777) = 0 [pid 451] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 453] <... openat resumed>) = 6 [pid 453] ioctl(6, LOOP_SET_FD, 5 [pid 452] <... write resumed>) = 1048576 [pid 454] <... write resumed>) = 1048576 [pid 453] <... ioctl resumed>) = 0 [pid 454] munmap(0x7fe355b57000, 138412032 [pid 453] close(5 [pid 454] <... munmap resumed>) = 0 [pid 453] <... close resumed>) = 0 [pid 454] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 453] close(6 [pid 454] <... openat resumed>) = 6 [pid 453] <... close resumed>) = 0 [pid 454] ioctl(6, LOOP_SET_FD, 5 [pid 453] mkdir("./file0", 0777) = 0 [ 38.902773][ T450] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 453] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 452] munmap(0x7fe355b57000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 454] <... ioctl resumed>) = 0 [pid 454] close(5) = 0 [pid 454] close(6 [pid 452] <... openat resumed>) = 6 [pid 454] <... close resumed>) = 0 [pid 452] ioctl(6, LOOP_SET_FD, 5 [pid 454] mkdir("./file0", 0777) = 0 [pid 454] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 452] <... ioctl resumed>) = 0 [pid 452] close(5) = 0 [pid 452] close(6) = 0 [pid 452] mkdir("./file0", 0777) = 0 [ 39.022231][ T451] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 452] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 454] <... mount resumed>) = 0 [pid 454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 454] chdir("./file0") = 0 [pid 454] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 454] ioctl(6, LOOP_CLR_FD) = 0 [ 39.063201][ T453] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 39.071111][ T454] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 454] close(6) = 0 [pid 450] <... mount resumed>) = 0 [pid 454] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 450] chdir("./file0") = 0 [pid 450] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 450] ioctl(6, LOOP_CLR_FD) = 0 [pid 450] close(6) = 0 [pid 454] write(6, "#! ./file1\n", 11) = 11 [pid 450] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 454] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 450] <... openat resumed>) = 6 [ 39.107866][ T452] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 450] write(6, "#! ./file1\n", 11) = 11 [pid 450] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 453] <... mount resumed>) = 0 [pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 453] chdir("./file0") = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 453] ioctl(6, LOOP_CLR_FD) = 0 [pid 453] close(6) = 0 [ 39.163866][ T454] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 39.191213][ T455] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-450: bg 0: block 234: padding at end of block bitmap is not set [pid 453] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 453] write(6, "#! ./file1\n", 11) = 11 [pid 453] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 451] <... mount resumed>) = 0 [pid 451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 451] chdir("./file0") = 0 [pid 451] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 451] ioctl(6, LOOP_CLR_FD) = 0 [pid 451] close(6) = 0 [pid 451] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 451] write(6, "#! ./file1\n", 11) = 11 [pid 451] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 39.257138][ T453] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 452] <... mount resumed>) = 0 [pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 452] chdir("./file0") = 0 [pid 452] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 452] ioctl(6, LOOP_CLR_FD) = 0 [pid 452] close(6) = 0 [pid 452] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 450] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=450, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 452] <... openat resumed>) = 6 [pid 452] write(6, "#! ./file1\n", 11) = 11 [pid 452] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 296] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 39.294521][ T451] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 296] getdents64(3, [pid 454] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 452] <... mmap resumed>) = 0x200000000000 [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./6/binderfs") = 0 [pid 296] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 453] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 451] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 454] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=454, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 453] +++ killed by SIGBUS +++ [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=453, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- [pid 298] <... openat resumed>) = 3 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./6/binderfs" [pid 451] +++ killed by SIGBUS +++ [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=451, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=9} --- [ 39.332159][ T459] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-452: bg 0: block 234: padding at end of block bitmap is not set [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 297] <... restart_syscall resumed>) = 0 [pid 295] <... restart_syscall resumed>) = 0 [pid 297] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", [pid 295] newfstatat(3, "", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 295] getdents64(3, [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 452] +++ killed by SIGBUS +++ [pid 297] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=452, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=4} --- [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./5/binderfs", [pid 295] newfstatat(AT_FDCWD, "./5/binderfs", [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./5/binderfs" [pid 295] unlink("./5/binderfs" [pid 297] <... unlink resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 297] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./6/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./6" [pid 299] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./5/binderfs") = 0 [pid 299] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./7", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./6/file0") = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./6") = 0 [pid 298] mkdir("./7", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] <... openat resumed>) = 3 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] ioctl(3, LOOP_CLR_FD [pid 298] <... openat resumed>) = 3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] close(3) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] close(3 [pid 295] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 476 ./strace-static-x86_64: Process 476 attached [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... close resumed>) = 0 [pid 295] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 476] set_robust_list(0x555562cb4660, 24) = 0 [pid 299] newfstatat(AT_FDCWD, "./5/file0", [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 476] chdir("./7") = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./5/file0", ./strace-static-x86_64: Process 477 attached [pid 297] newfstatat(AT_FDCWD, "./5/file0", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 477] set_robust_list(0x555562cb4660, 24 [pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... clone resumed>, child_tidptr=0x555562cb4650) = 477 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 476] <... prctl resumed>) = 0 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 476] setpgid(0, 0 [pid 295] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] getdents64(4, [pid 297] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 476] <... setpgid resumed>) = 0 [pid 295] <... openat resumed>) = 4 [pid 477] <... set_robust_list resumed>) = 0 [pid 299] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] <... openat resumed>) = 4 [pid 295] newfstatat(4, "", [pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] getdents64(4, [pid 297] newfstatat(4, "", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 476] <... openat resumed>) = 3 [pid 299] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, [pid 476] write(3, "1000", 4 [pid 299] close(4 [pid 297] getdents64(4, [pid 295] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 477] chdir("./7" [pid 476] <... write resumed>) = 4 [pid 299] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 477] <... chdir resumed>) = 0 [pid 476] close(3 [pid 299] rmdir("./5/file0" [pid 297] getdents64(4, [pid 295] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 476] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] close(4 [pid 476] symlink("/dev/binderfs", "./binderfs" [pid 299] <... rmdir resumed>) = 0 [pid 297] close(4 [pid 295] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 295] rmdir("./5/file0" [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 476] <... symlink resumed>) = 0 [pid 299] getdents64(3, [pid 297] rmdir("./5/file0"executing program [pid 476] write(1, "executing program\n", 18 [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 476] <... write resumed>) = 18 [pid 299] close(3 [pid 476] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 299] <... close resumed>) = 0 [pid 476] <... openat resumed>) = 3 [pid 299] rmdir("./5" [pid 476] ioctl(3, VHOST_SET_OWNER [pid 299] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 295] getdents64(3, [pid 477] <... prctl resumed>) = 0 [pid 299] mkdir("./6", 0777 [pid 477] setpgid(0, 0 [pid 299] <... mkdir resumed>) = 0 [pid 297] getdents64(3, [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 477] <... setpgid resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] close(3 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... openat resumed>) = 3 [pid 297] close(3 [pid 477] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 295] <... close resumed>) = 0 [pid 477] write(3, "1000", 4 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... close resumed>) = 0 [pid 295] rmdir("./5" [pid 477] <... write resumed>) = 4 [pid 299] close(3 [pid 297] rmdir("./5" [pid 299] <... close resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 297] mkdir("./6", 0777 [pid 295] mkdir("./6", 0777 [pid 297] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 295] close(3 [pid 297] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 477] close(3 [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 479 [pid 477] <... close resumed>) = 0 [pid 476] <... ioctl resumed>, 0) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 480 [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 481 [pid 477] symlink("/dev/binderfs", "./binderfs" [pid 476] ioctl(3, VHOST_SET_VRING_ADDR [pid 477] <... symlink resumed>) = 0 [pid 476] <... ioctl resumed>, 0x200000000300) = 0 [pid 477] write(1, "executing program\n", 18 [pid 476] ioctl(3, VHOST_SET_MEM_TABLEexecuting program [pid 477] <... write resumed>) = 18 [pid 476] <... ioctl resumed>, 0x200000003380) = 0 [pid 477] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 476] eventfd2(118, EFD_SEMAPHORE [pid 477] <... openat resumed>) = 3 [pid 476] <... eventfd2 resumed>) = 4 [pid 477] ioctl(3, VHOST_SET_OWNER [pid 476] ioctl(3, VHOST_SET_VRING_ERR./strace-static-x86_64: Process 481 attached ./strace-static-x86_64: Process 479 attached , 0x2000000001c0) = 0 [pid 479] set_robust_list(0x555562cb4660, 24 [pid 476] ioctl(3, VHOST_SET_VRING_ADDR [pid 481] set_robust_list(0x555562cb4660, 24 [pid 479] <... set_robust_list resumed>) = 0 [pid 476] <... ioctl resumed>, 0x200000000240) = 0 [pid 481] <... set_robust_list resumed>) = 0 [pid 476] ioctl(3, VHOST_SET_VRING_KICK [pid 479] chdir("./6" [pid 481] chdir("./6" [pid 476] <... ioctl resumed>, 0x200000000000) = 0 [pid 481] <... chdir resumed>) = 0 [pid 479] <... chdir resumed>) = 0 [pid 476] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 477] <... ioctl resumed>, 0) = 0 [pid 476] <... ioctl resumed>, 0x200000000140) = 0 ./strace-static-x86_64: Process 480 attached [pid 481] <... prctl resumed>) = 0 [pid 479] <... prctl resumed>) = 0 [pid 477] ioctl(3, VHOST_SET_VRING_ADDR [pid 476] memfd_create("syzkaller", 0 [pid 481] setpgid(0, 0 [pid 480] set_robust_list(0x555562cb4660, 24 [pid 479] setpgid(0, 0 [pid 477] <... ioctl resumed>, 0x200000000300) = 0 [pid 481] <... setpgid resumed>) = 0 [pid 480] <... set_robust_list resumed>) = 0 [pid 479] <... setpgid resumed>) = 0 [pid 477] ioctl(3, VHOST_SET_MEM_TABLE [pid 476] <... memfd_create resumed>) = 5 [pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 480] chdir("./6" [pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 477] <... ioctl resumed>, 0x200000003380) = 0 [pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 481] <... openat resumed>) = 3 [pid 479] <... openat resumed>) = 3 [pid 477] eventfd2(118, EFD_SEMAPHORE [pid 481] write(3, "1000", 4 [pid 480] <... chdir resumed>) = 0 [pid 479] write(3, "1000", 4 [pid 476] <... mmap resumed>) = 0x7fe355b57000 [pid 481] <... write resumed>) = 4 [pid 479] <... write resumed>) = 4 [pid 477] <... eventfd2 resumed>) = 4 [pid 481] close(3 [pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 481] <... close resumed>) = 0 [pid 480] <... prctl resumed>) = 0 [pid 481] symlink("/dev/binderfs", "./binderfs" [pid 480] setpgid(0, 0 [pid 479] close(3 [pid 477] ioctl(3, VHOST_SET_VRING_ERR [pid 481] <... symlink resumed>) = 0 [pid 480] <... setpgid resumed>) = 0 executing program [pid 479] <... close resumed>) = 0 [pid 477] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 481] write(1, "executing program\n", 18 [pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 479] symlink("/dev/binderfs", "./binderfs" [pid 477] ioctl(3, VHOST_SET_VRING_ADDR [pid 481] <... write resumed>) = 18 [pid 480] <... openat resumed>) = 3 [pid 481] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 480] write(3, "1000", 4 [pid 479] <... symlink resumed>) = 0 [pid 477] <... ioctl resumed>, 0x200000000240) = 0 [pid 481] <... openat resumed>) = 3 [pid 480] <... write resumed>) = 4 executing program [pid 479] write(1, "executing program\n", 18 [pid 477] ioctl(3, VHOST_SET_VRING_KICK [pid 481] ioctl(3, VHOST_SET_OWNER [pid 480] close(3 [pid 479] <... write resumed>) = 18 [pid 477] <... ioctl resumed>, 0x200000000000) = 0 [pid 480] <... close resumed>) = 0 [pid 479] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 477] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 476] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 480] symlink("/dev/binderfs", "./binderfs" [pid 479] <... openat resumed>) = 3 [pid 477] <... ioctl resumed>, 0x200000000140) = 0 [pid 480] <... symlink resumed>) = 0 executing program [pid 480] write(1, "executing program\n", 18) = 18 [pid 480] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 480] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 480] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 480] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 480] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 480] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 480] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 480] memfd_create("syzkaller", 0) = 5 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 479] ioctl(3, VHOST_SET_OWNER [pid 477] memfd_create("syzkaller", 0 [pid 481] <... ioctl resumed>, 0) = 0 [pid 477] <... memfd_create resumed>) = 5 [pid 481] ioctl(3, VHOST_SET_VRING_ADDR [pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 481] <... ioctl resumed>, 0x200000000300) = 0 [pid 477] <... mmap resumed>) = 0x7fe355b57000 [pid 481] ioctl(3, VHOST_SET_MEM_TABLE [pid 480] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 476] <... write resumed>) = 1048576 [pid 481] <... ioctl resumed>, 0x200000003380) = 0 [pid 481] eventfd2(118, EFD_SEMAPHORE [pid 479] <... ioctl resumed>, 0) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_ADDR [pid 481] <... eventfd2 resumed>) = 4 [pid 479] <... ioctl resumed>, 0x200000000300) = 0 [pid 479] ioctl(3, VHOST_SET_MEM_TABLE [pid 481] ioctl(3, VHOST_SET_VRING_ERR [pid 479] <... ioctl resumed>, 0x200000003380) = 0 [pid 479] eventfd2(118, EFD_SEMAPHORE [pid 481] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 479] <... eventfd2 resumed>) = 4 [pid 479] ioctl(3, VHOST_SET_VRING_ERR [pid 481] ioctl(3, VHOST_SET_VRING_ADDR [pid 479] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 481] <... ioctl resumed>, 0x200000000240) = 0 [pid 479] ioctl(3, VHOST_SET_VRING_ADDR [pid 476] munmap(0x7fe355b57000, 138412032 [pid 479] <... ioctl resumed>, 0x200000000240) = 0 [pid 481] ioctl(3, VHOST_SET_VRING_KICK [pid 479] ioctl(3, VHOST_SET_VRING_KICK [pid 481] <... ioctl resumed>, 0x200000000000) = 0 [pid 479] <... ioctl resumed>, 0x200000000000) = 0 [pid 476] <... munmap resumed>) = 0 [pid 479] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 481] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 479] <... ioctl resumed>, 0x200000000140) = 0 [pid 476] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 479] memfd_create("syzkaller", 0 [pid 481] <... ioctl resumed>, 0x200000000140) = 0 [pid 479] <... memfd_create resumed>) = 5 [pid 481] memfd_create("syzkaller", 0) = 5 [pid 481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 476] <... openat resumed>) = 6 [pid 479] <... mmap resumed>) = 0x7fe355b57000 [pid 476] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 476] close(5) = 0 [pid 476] close(6) = 0 [pid 476] mkdir("./file0", 0777) = 0 [pid 476] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 480] <... write resumed>) = 1048576 [pid 477] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 480] munmap(0x7fe355b57000, 138412032 [pid 481] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 480] <... munmap resumed>) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 480] ioctl(6, LOOP_SET_FD, 5 [pid 479] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 477] <... write resumed>) = 1048576 [pid 477] munmap(0x7fe355b57000, 138412032) = 0 [pid 480] <... ioctl resumed>) = 0 [pid 480] close(5) = 0 [pid 480] close(6) = 0 [pid 480] mkdir("./file0", 0777 [pid 477] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 477] ioctl(6, LOOP_SET_FD, 5 [pid 479] <... write resumed>) = 1048576 [pid 477] <... ioctl resumed>) = 0 [pid 479] munmap(0x7fe355b57000, 138412032 [pid 477] close(5) = 0 [pid 477] close(6) = 0 [pid 477] mkdir("./file0", 0777) = 0 [pid 477] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 480] <... mkdir resumed>) = 0 [ 39.852969][ T476] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 480] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 479] <... munmap resumed>) = 0 [pid 479] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 479] ioctl(6, LOOP_SET_FD, 5 [pid 481] <... write resumed>) = 1048576 [pid 481] munmap(0x7fe355b57000, 138412032) = 0 [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 479] <... ioctl resumed>) = 0 [ 39.922370][ T477] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 481] <... openat resumed>) = 6 [pid 479] close(5 [pid 481] ioctl(6, LOOP_SET_FD, 5 [pid 479] <... close resumed>) = 0 [pid 476] <... mount resumed>) = 0 [pid 479] close(6 [pid 476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 476] chdir("./file0" [pid 481] <... ioctl resumed>) = 0 [pid 477] <... mount resumed>) = 0 [pid 479] <... close resumed>) = 0 [pid 477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 477] chdir("./file0") = 0 [pid 479] mkdir("./file0", 0777 [pid 477] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 479] <... mkdir resumed>) = 0 [pid 481] close(5 [pid 479] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 476] <... chdir resumed>) = 0 [pid 481] <... close resumed>) = 0 [pid 477] <... openat resumed>) = 6 [pid 481] close(6 [pid 476] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 481] <... close resumed>) = 0 [pid 476] <... openat resumed>) = 6 [pid 481] mkdir("./file0", 0777 [pid 477] ioctl(6, LOOP_CLR_FD [pid 481] <... mkdir resumed>) = 0 [pid 481] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 476] ioctl(6, LOOP_CLR_FD [pid 477] <... ioctl resumed>) = 0 [pid 477] close(6) = 0 [pid 477] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 476] <... ioctl resumed>) = 0 [pid 476] close(6) = 0 [ 39.954981][ T480] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 476] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 476] write(6, "#! ./file1\n", 11 [pid 477] <... openat resumed>) = 6 [pid 476] <... write resumed>) = 11 [pid 476] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 477] write(6, "#! ./file1\n", 11) = 11 [ 40.025398][ T476] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 477] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 480] <... mount resumed>) = 0 [pid 479] <... mount resumed>) = 0 [pid 477] <... mmap resumed>) = 0x200000000000 [pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 480] <... openat resumed>) = 5 [pid 479] <... openat resumed>) = 5 [pid 480] chdir("./file0" [pid 479] chdir("./file0" [pid 480] <... chdir resumed>) = 0 [pid 479] <... chdir resumed>) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 479] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 480] <... openat resumed>) = 6 [pid 479] <... openat resumed>) = 6 [pid 480] ioctl(6, LOOP_CLR_FD [pid 479] ioctl(6, LOOP_CLR_FD [pid 480] <... ioctl resumed>) = 0 [pid 479] <... ioctl resumed>) = 0 [pid 479] close(6) = 0 [pid 479] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 480] close(6 [pid 479] <... openat resumed>) = 6 [pid 480] <... close resumed>) = 0 [pid 480] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 479] write(6, "#! ./file1\n", 11 [ 40.054217][ T479] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.062843][ T482] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-477: bg 0: block 234: padding at end of block bitmap is not set [pid 480] write(6, "#! ./file1\n", 11 [pid 479] <... write resumed>) = 11 [pid 480] <... write resumed>) = 11 [pid 479] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 480] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 479] <... mmap resumed>) = 0x200000000000 [pid 480] <... mmap resumed>) = 0x200000000000 [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 479] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [ 40.117976][ T479] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 40.134806][ T480] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 480] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=480, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 476] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 479] +++ killed by SIGBUS +++ [pid 477] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 297] <... restart_syscall resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=479, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 299] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 477] +++ killed by SIGBUS +++ [pid 297] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", [pid 297] <... openat resumed>) = 3 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=477, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(3, "", [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 299] getdents64(3, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 481] <... mount resumed>) = 0 [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] getdents64(3, [pid 299] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] newfstatat(AT_FDCWD, "./6/binderfs", [pid 481] <... openat resumed>) = 5 [pid 297] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 481] chdir("./file0" [pid 299] unlink("./6/binderfs" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... unlink resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./6/binderfs", [pid 481] <... chdir resumed>) = 0 [pid 299] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./6/binderfs" [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 476] +++ killed by SIGBUS +++ [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=476, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 481] <... openat resumed>) = 6 [pid 298] <... restart_syscall resumed>) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 481] ioctl(6, LOOP_CLR_FD) = 0 [ 40.191147][ T481] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 481] close(6 [pid 298] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", [pid 296] <... openat resumed>) = 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(3, "", [pid 298] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] getdents64(3, [pid 298] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./7/binderfs", [pid 296] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] unlink("./7/binderfs" [pid 296] newfstatat(AT_FDCWD, "./7/binderfs", [pid 298] <... unlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] unlink("./7/binderfs") = 0 [pid 296] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./6/file0") = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./6") = 0 [pid 297] mkdir("./7", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 481] <... close resumed>) = 0 [pid 481] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 481] write(6, "#! ./file1\n", 11) = 11 [pid 481] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 481] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 481] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=481, si_uid=0, si_status=SIGBUS, si_utime=2, si_stime=7} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./6/binderfs") = 0 [ 40.304964][ T481] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 295] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 3 [pid 299] <... umount2 resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] <... umount2 resumed>) = 0 [pid 299] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 296] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 299] newfstatat(AT_FDCWD, "./6/file0", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./7/file0", [pid 296] close(4 [pid 299] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./6/file0") = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... close resumed>) = 0 [pid 296] rmdir("./7/file0" [pid 299] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 298] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 299] close(3 [pid 296] getdents64(3, [pid 299] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] rmdir("./6" [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./7" [pid 299] <... rmdir resumed>) = 0 [pid 298] getdents64(4, [pid 299] mkdir("./7", 0777) = 0 [pid 298] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] close(4 [pid 296] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./7/file0") = 0 [pid 296] mkdir("./8", 0777 [pid 298] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 298] rmdir("./7" [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./8", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 295] <... umount2 resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 501 [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3./strace-static-x86_64: Process 501 attached [pid 298] <... openat resumed>) = 3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... close resumed>) = 0 [pid 295] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] close(3 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... close resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] close(3 [pid 295] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 502 attached ) = -1 EINVAL (Invalid argument) [pid 298] <... close resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 502 [pid 502] set_robust_list(0x555562cb4660, 24) = 0 [pid 502] chdir("./7" [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 502] <... chdir resumed>) = 0 [pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 502] setpgid(0, 0) = 0 [pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 502] write(3, "1000", 4) = 4 [pid 502] close(3) = 0 [pid 502] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 295] <... openat resumed>) = 4 [pid 502] write(1, "executing program\n", 18) = 18 [pid 502] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 502] ioctl(3, VHOST_SET_OWNER [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555562cb4650) = 503 [pid 295] getdents64(4, [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] close(4 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 505 [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./6/file0"./strace-static-x86_64: Process 503 attached [pid 503] set_robust_list(0x555562cb4660, 24) = 0 [pid 503] chdir("./8" [pid 295] <... rmdir resumed>) = 0 [pid 503] <... chdir resumed>) = 0 [pid 295] getdents64(3, [pid 503] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 503] <... prctl resumed>) = 0 [pid 295] close(3 [pid 503] setpgid(0, 0 [pid 295] <... close resumed>) = 0 [pid 503] <... setpgid resumed>) = 0 [pid 295] rmdir("./6" [pid 503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... rmdir resumed>) = 0 [pid 502] <... ioctl resumed>, 0) = 0 [pid 502] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 502] ioctl(3, VHOST_SET_MEM_TABLE [pid 503] <... openat resumed>) = 3 [pid 502] <... ioctl resumed>, 0x200000003380) = 0 [pid 502] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 502] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 502] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 502] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 502] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 502] memfd_create("syzkaller", 0) = 5 [pid 295] mkdir("./7", 0777 [pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 503] write(3, "1000", 4 [pid 502] <... mmap resumed>) = 0x7fe355b57000 [pid 503] <... write resumed>) = 4 [pid 501] set_robust_list(0x555562cb4660, 24 [pid 295] <... mkdir resumed>) = 0 [pid 503] close(3) = 0 [pid 503] symlink("/dev/binderfs", "./binderfs" [pid 501] <... set_robust_list resumed>) = 0 executing program [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 503] <... symlink resumed>) = 0 [pid 503] write(1, "executing program\n", 18 [pid 295] <... openat resumed>) = 3 [pid 503] <... write resumed>) = 18 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 503] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 295] close(3 [pid 503] <... openat resumed>) = 3 [pid 501] chdir("./7" [pid 295] <... close resumed>) = 0 [pid 503] ioctl(3, VHOST_SET_OWNER [pid 501] <... chdir resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 505 attached [pid 501] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 505] set_robust_list(0x555562cb4660, 24 [pid 501] <... prctl resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 506 [pid 505] <... set_robust_list resumed>) = 0 [pid 501] setpgid(0, 0./strace-static-x86_64: Process 506 attached [pid 506] set_robust_list(0x555562cb4660, 24) = 0 [pid 505] chdir("./8" [pid 501] <... setpgid resumed>) = 0 [pid 506] chdir("./7") = 0 [pid 506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 506] setpgid(0, 0) = 0 [pid 506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 505] <... chdir resumed>) = 0 [pid 506] <... openat resumed>) = 3 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 501] <... openat resumed>) = 3 [pid 506] write(3, "1000", 4 [pid 501] write(3, "1000", 4 [pid 505] <... prctl resumed>) = 0 [pid 506] <... write resumed>) = 4 [pid 506] close(3) = 0 [pid 505] setpgid(0, 0 [pid 503] <... ioctl resumed>, 0) = 0 [pid 501] <... write resumed>) = 4 [pid 505] <... setpgid resumed>) = 0 [pid 503] ioctl(3, VHOST_SET_VRING_ADDR [pid 501] close(3 [pid 503] <... ioctl resumed>, 0x200000000300) = 0 [pid 503] ioctl(3, VHOST_SET_MEM_TABLE [pid 501] <... close resumed>) = 0 executing program [pid 501] symlink("/dev/binderfs", "./binderfs" [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 501] <... symlink resumed>) = 0 [pid 505] <... openat resumed>) = 3 [pid 501] write(1, "executing program\n", 18 executing program [pid 506] write(1, "executing program\n", 18 [pid 505] write(3, "1000", 4 [pid 501] <... write resumed>) = 18 [pid 506] <... write resumed>) = 18 [pid 505] <... write resumed>) = 4 [pid 501] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 506] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 505] close(3 [pid 501] <... openat resumed>) = 3 [pid 506] <... openat resumed>) = 3 [pid 505] <... close resumed>) = 0 [pid 503] <... ioctl resumed>, 0x200000003380) = 0 [pid 501] ioctl(3, VHOST_SET_OWNER [pid 506] ioctl(3, VHOST_SET_OWNER [pid 505] symlink("/dev/binderfs", "./binderfs" [pid 503] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 503] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 503] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 503] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 503] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 503] memfd_create("syzkaller", 0) = 5 [pid 503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 505] <... symlink resumed>) = 0 executing program [pid 505] write(1, "executing program\n", 18) = 18 [pid 502] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 506] <... ioctl resumed>, 0) = 0 [pid 506] ioctl(3, VHOST_SET_VRING_ADDR [pid 505] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 506] <... ioctl resumed>, 0x200000000300) = 0 [pid 506] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 506] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 506] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 506] ioctl(3, VHOST_SET_VRING_ADDR [pid 505] <... openat resumed>) = 3 [pid 506] <... ioctl resumed>, 0x200000000240) = 0 [pid 506] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 505] ioctl(3, VHOST_SET_OWNER [pid 506] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 506] memfd_create("syzkaller", 0) = 5 [pid 506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 501] <... ioctl resumed>, 0) = 0 [pid 501] ioctl(3, VHOST_SET_VRING_ADDR [pid 505] <... ioctl resumed>, 0) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_ADDR [pid 503] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 501] <... ioctl resumed>, 0x200000000300) = 0 [pid 505] <... ioctl resumed>, 0x200000000300) = 0 [pid 501] ioctl(3, VHOST_SET_MEM_TABLE [pid 505] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 501] <... ioctl resumed>, 0x200000003380) = 0 [pid 505] eventfd2(118, EFD_SEMAPHORE [pid 501] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 505] <... eventfd2 resumed>) = 4 [pid 505] ioctl(3, VHOST_SET_VRING_ERR [pid 501] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 505] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 501] ioctl(3, VHOST_SET_VRING_ADDR [pid 505] ioctl(3, VHOST_SET_VRING_ADDR [pid 501] <... ioctl resumed>, 0x200000000240) = 0 [pid 505] <... ioctl resumed>, 0x200000000240) = 0 [pid 505] ioctl(3, VHOST_SET_VRING_KICK [pid 501] ioctl(3, VHOST_SET_VRING_KICK [pid 505] <... ioctl resumed>, 0x200000000000) = 0 [pid 501] <... ioctl resumed>, 0x200000000000) = 0 [pid 505] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 501] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 505] <... ioctl resumed>, 0x200000000140) = 0 [pid 501] <... ioctl resumed>, 0x200000000140) = 0 [pid 501] memfd_create("syzkaller", 0 [pid 505] memfd_create("syzkaller", 0 [pid 501] <... memfd_create resumed>) = 5 [pid 505] <... memfd_create resumed>) = 5 [pid 501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 506] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 505] <... mmap resumed>) = 0x7fe355b57000 [pid 501] <... mmap resumed>) = 0x7fe355b57000 [pid 502] <... write resumed>) = 1048576 [pid 502] munmap(0x7fe355b57000, 138412032) = 0 [pid 502] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_SET_FD, 5 [pid 503] <... write resumed>) = 1048576 [pid 502] <... ioctl resumed>) = 0 [pid 502] close(5) = 0 [pid 502] close(6) = 0 [pid 502] mkdir("./file0", 0777) = 0 [pid 502] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 506] <... write resumed>) = 1048576 [pid 501] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 503] munmap(0x7fe355b57000, 138412032) = 0 [pid 503] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 503] ioctl(6, LOOP_SET_FD, 5 [pid 505] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 503] <... ioctl resumed>) = 0 [pid 503] close(5) = 0 [pid 503] close(6) = 0 [pid 503] mkdir("./file0", 0777) = 0 [ 40.704980][ T502] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 503] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 501] <... write resumed>) = 1048576 [pid 505] <... write resumed>) = 1048576 [pid 506] munmap(0x7fe355b57000, 138412032) = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 506] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 506] close(5) = 0 [pid 506] close(6) = 0 [pid 506] mkdir("./file0", 0777) = 0 [pid 506] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 502] <... mount resumed>) = 0 [pid 502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 502] chdir("./file0") = 0 [pid 502] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_CLR_FD) = 0 [pid 502] close(6) = 0 [pid 502] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 40.837962][ T503] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 502] write(6, "#! ./file1\n", 11) = 11 [pid 502] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 501] munmap(0x7fe355b57000, 138412032) = 0 [pid 501] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 505] munmap(0x7fe355b57000, 138412032 [pid 501] <... openat resumed>) = 6 [pid 505] <... munmap resumed>) = 0 [pid 501] ioctl(6, LOOP_SET_FD, 5 [pid 505] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 501] <... ioctl resumed>) = 0 [pid 501] close(5) = 0 [pid 501] close(6) = 0 [pid 501] mkdir("./file0", 0777 [pid 502] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 501] <... mkdir resumed>) = 0 [pid 505] <... openat resumed>) = 6 [pid 501] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 505] ioctl(6, LOOP_SET_FD, 5) = 0 [ 40.879386][ T506] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 40.904210][ T502] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 505] close(5) = 0 [pid 505] close(6) = 0 [pid 505] mkdir("./file0", 0777) = 0 [ 40.993599][ T501] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 41.022368][ T505] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 505] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 502] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=502, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./7/binderfs") = 0 [pid 297] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 503] <... mount resumed>) = 0 [pid 503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 503] chdir("./file0") = 0 [pid 503] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 506] <... mount resumed>) = 0 [pid 506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 506] chdir("./file0") = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] <... umount2 resumed>) = 0 [pid 503] <... openat resumed>) = 6 [pid 503] ioctl(6, LOOP_CLR_FD) = 0 [pid 503] close(6) = 0 [pid 503] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 503] write(6, "#! ./file1\n", 11) = 11 [pid 503] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 506] <... openat resumed>) = 6 [pid 506] ioctl(6, LOOP_CLR_FD) = 0 [pid 506] close(6) = 0 [pid 506] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 506] write(6, "#! ./file1\n", 11 [pid 297] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 506] <... write resumed>) = 11 [pid 506] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./7/file0") = 0 [pid 501] <... mount resumed>) = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./7") = 0 [pid 297] mkdir("./8", 0777) = 0 [pid 501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 501] chdir("./file0") = 0 [pid 501] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 501] ioctl(6, LOOP_CLR_FD) = 0 [pid 501] close(6 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 501] <... close resumed>) = 0 [pid 501] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 501] <... openat resumed>) = 6 [pid 297] <... close resumed>) = 0 [pid 501] write(6, "#! ./file1\n", 11) = 11 [pid 501] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 503] <... mmap resumed>) = 0x200000000000 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 506] <... mmap resumed>) = 0x200000000000 [pid 505] <... mount resumed>) = 0 [pid 501] <... mmap resumed>) = 0x200000000000 [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 527 [pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 505] chdir("./file0"./strace-static-x86_64: Process 527 attached [pid 506] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 505] <... chdir resumed>) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_CLR_FD [pid 527] set_robust_list(0x555562cb4660, 24 [pid 505] <... ioctl resumed>) = 0 [pid 505] close(6) = 0 [pid 505] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 505] write(6, "#! ./file1\n", 11 [pid 527] <... set_robust_list resumed>) = 0 [pid 505] <... write resumed>) = 11 [ 41.191783][ T507] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-503: bg 0: block 234: padding at end of block bitmap is not set [ 41.202371][ T506] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 41.221923][ T509] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-501: bg 0: block 234: padding at end of block bitmap is not set [pid 505] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 527] chdir("./8" [pid 505] <... mmap resumed>) = 0x200000000000 [pid 506] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=506, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 527] <... chdir resumed>) = 0 [pid 527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 527] setpgid(0, 0) = 0 [pid 503] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 527] write(3, "1000", 4 [pid 295] <... restart_syscall resumed>) = 0 [pid 527] <... write resumed>) = 4 [pid 527] close(3) = 0 [pid 527] symlink("/dev/binderfs", "./binderfs" [pid 295] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 527] <... symlink resumed>) = 0 executing program [pid 527] write(1, "executing program\n", 18 [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 527] <... write resumed>) = 18 [pid 295] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 527] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 527] <... openat resumed>) = 3 [pid 295] newfstatat(AT_FDCWD, "./7/binderfs", [pid 527] ioctl(3, VHOST_SET_OWNER [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./7/binderfs") = 0 [pid 295] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 503] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=503, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 501] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 501] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=501, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 527] <... ioctl resumed>, 0) = 0 [pid 527] ioctl(3, VHOST_SET_VRING_ADDR [pid 299] <... restart_syscall resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 527] <... ioctl resumed>, 0x200000000300) = 0 [pid 527] ioctl(3, VHOST_SET_MEM_TABLE [pid 299] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", [pid 298] newfstatat(3, "", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 298] getdents64(3, [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 527] <... ioctl resumed>, 0x200000003380) = 0 [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 299] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 527] eventfd2(118, EFD_SEMAPHORE [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 527] <... eventfd2 resumed>) = 4 [pid 299] newfstatat(AT_FDCWD, "./7/binderfs", [pid 527] ioctl(3, VHOST_SET_VRING_ERR [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 527] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./8/binderfs", [pid 527] ioctl(3, VHOST_SET_VRING_ADDR [pid 299] unlink("./7/binderfs" [pid 527] <... ioctl resumed>, 0x200000000240) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 527] ioctl(3, VHOST_SET_VRING_KICK [pid 299] <... unlink resumed>) = 0 [pid 298] unlink("./8/binderfs" [pid 527] <... ioctl resumed>, 0x200000000000) = 0 [pid 299] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... unlink resumed>) = 0 [pid 527] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 298] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 527] memfd_create("syzkaller", 0) = 5 [pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [ 41.247600][ T510] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-505: bg 0: block 234: padding at end of block bitmap is not set [pid 505] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=505, si_uid=0, si_status=SIGBUS, si_utime=2, si_stime=1} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 527] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] <... restart_syscall resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 296] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./8/binderfs") = 0 [pid 296] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 527] <... write resumed>) = 1048576 [pid 295] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./7/file0") = 0 [pid 527] munmap(0x7fe355b57000, 138412032) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./7") = 0 [pid 527] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] mkdir("./8", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./7/file0") = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./7") = 0 [pid 299] mkdir("./8", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./8/file0") = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./8") = 0 [pid 298] mkdir("./9", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 527] <... openat resumed>) = 6 [pid 295] <... openat resumed>) = 3 [pid 527] ioctl(6, LOOP_SET_FD, 5 [pid 295] ioctl(3, LOOP_CLR_FD [pid 299] <... openat resumed>) = 3 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] ioctl(3, LOOP_CLR_FD [pid 295] close(3 [pid 527] <... ioctl resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... openat resumed>) = 3 [pid 295] <... close resumed>) = 0 [pid 299] close(3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 299] <... close resumed>) = 0 [pid 527] close(5 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 527] <... close resumed>) = 0 [pid 527] close(6 [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 530 [pid 527] <... close resumed>) = 0 [pid 527] mkdir("./file0", 0777) = 0 [pid 527] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 296] <... umount2 resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 531 [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 532 [pid 296] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./8/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./8") = 0 [pid 296] mkdir("./9", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 535 ./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x555562cb4660, 24) = 0 [pid 530] chdir("./8") = 0 [pid 530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 530] setpgid(0, 0) = 0 [pid 530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 530] write(3, "1000", 4) = 4 [pid 530] close(3) = 0 [pid 530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 530] write(1, "executing program\n", 18executing program ) = 18 [pid 530] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 530] ioctl(3, VHOST_SET_OWNER./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x555562cb4660, 24) = 0 [pid 531] chdir("./8") = 0 [pid 531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 531] setpgid(0, 0) = 0 [pid 531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 531] write(3, "1000", 4) = 4 [pid 531] close(3) = 0 [pid 531] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 531] write(1, "executing program\n", 18) = 18 [pid 531] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 531] ioctl(3, VHOST_SET_OWNER [pid 530] <... ioctl resumed>, 0) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR./strace-static-x86_64: Process 532 attached , 0x200000000300) = 0 [pid 530] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 532] set_robust_list(0x555562cb4660, 24 [pid 530] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 530] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 530] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 530] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 530] memfd_create("syzkaller", 0) = 5 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 ./strace-static-x86_64: Process 535 attached [pid 532] <... set_robust_list resumed>) = 0 [pid 535] set_robust_list(0x555562cb4660, 24 [pid 532] chdir("./9" [pid 535] <... set_robust_list resumed>) = 0 [pid 532] <... chdir resumed>) = 0 [pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 535] chdir("./9" [pid 532] setpgid(0, 0 [pid 531] <... ioctl resumed>, 0) = 0 [pid 535] <... chdir resumed>) = 0 [pid 532] <... setpgid resumed>) = 0 [pid 531] ioctl(3, VHOST_SET_VRING_ADDR [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 531] <... ioctl resumed>, 0x200000000300) = 0 [pid 535] <... prctl resumed>) = 0 [pid 532] <... openat resumed>) = 3 [pid 531] ioctl(3, VHOST_SET_MEM_TABLE [pid 535] setpgid(0, 0 [pid 532] write(3, "1000", 4 [pid 531] <... ioctl resumed>, 0x200000003380) = 0 [pid 535] <... setpgid resumed>) = 0 [pid 532] <... write resumed>) = 4 [pid 531] eventfd2(118, EFD_SEMAPHORE [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 532] close(3 [pid 531] <... eventfd2 resumed>) = 4 [pid 535] <... openat resumed>) = 3 [pid 532] <... close resumed>) = 0 [pid 531] ioctl(3, VHOST_SET_VRING_ERR [pid 535] write(3, "1000", 4 [pid 532] symlink("/dev/binderfs", "./binderfs" [pid 531] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 535] <... write resumed>) = 4 [pid 532] <... symlink resumed>) = 0 [pid 531] ioctl(3, VHOST_SET_VRING_ADDRexecuting program [pid 535] close(3 [pid 532] write(1, "executing program\n", 18 [pid 531] <... ioctl resumed>, 0x200000000240) = 0 [pid 535] <... close resumed>) = 0 [pid 532] <... write resumed>) = 18 [pid 531] ioctl(3, VHOST_SET_VRING_KICK [pid 535] symlink("/dev/binderfs", "./binderfs" [pid 532] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 531] <... ioctl resumed>, 0x200000000000) = 0 [ 41.547626][ T527] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 535] <... symlink resumed>) = 0 [pid 532] <... openat resumed>) = 3 [pid 531] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 535] write(1, "executing program\n", 18 [pid 532] ioctl(3, VHOST_SET_OWNER [pid 531] <... ioctl resumed>, 0x200000000140) = 0 [pid 527] <... mount resumed>) = 0 [pid 531] memfd_create("syzkaller", 0) = 5 [pid 531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program ) = 0x7fe355b57000 [pid 535] <... write resumed>) = 18 [pid 531] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 532] <... ioctl resumed>, 0) = 0 [pid 535] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 532] ioctl(3, VHOST_SET_VRING_ADDR [pid 527] <... openat resumed>) = 5 [pid 535] <... openat resumed>) = 3 [pid 532] <... ioctl resumed>, 0x200000000300) = 0 [pid 527] chdir("./file0" [pid 535] ioctl(3, VHOST_SET_OWNER [pid 532] ioctl(3, VHOST_SET_MEM_TABLE [pid 527] <... chdir resumed>) = 0 [pid 532] <... ioctl resumed>, 0x200000003380) = 0 [pid 527] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 532] eventfd2(118, EFD_SEMAPHORE [pid 527] <... openat resumed>) = 6 [pid 532] <... eventfd2 resumed>) = 4 [pid 527] ioctl(6, LOOP_CLR_FD [pid 532] ioctl(3, VHOST_SET_VRING_ERR [pid 527] <... ioctl resumed>) = 0 [pid 532] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 527] close(6 [pid 532] ioctl(3, VHOST_SET_VRING_ADDR [pid 527] <... close resumed>) = 0 [pid 532] <... ioctl resumed>, 0x200000000240) = 0 [pid 527] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 532] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 527] <... openat resumed>) = 6 [pid 532] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 527] write(6, "#! ./file1\n", 11 [pid 532] <... ioctl resumed>, 0x200000000140) = 0 [pid 532] memfd_create("syzkaller", 0) = 5 [pid 531] <... write resumed>) = 1048576 [pid 527] <... write resumed>) = 11 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 531] munmap(0x7fe355b57000, 138412032 [pid 527] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 532] <... mmap resumed>) = 0x7fe355b57000 [pid 527] <... mmap resumed>) = 0x200000000000 [pid 531] <... munmap resumed>) = 0 [pid 531] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 535] <... ioctl resumed>, 0) = 0 [pid 531] ioctl(6, LOOP_SET_FD, 5 [pid 530] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 535] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 535] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 535] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 531] <... ioctl resumed>) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 531] close(5 [pid 535] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 531] <... close resumed>) = 0 [pid 535] ioctl(3, VHOST_SET_VRING_KICK [pid 531] close(6 [pid 535] <... ioctl resumed>, 0x200000000000) = 0 [pid 535] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 535] memfd_create("syzkaller", 0) = 5 [pid 535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [ 41.681229][ T527] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 530] <... write resumed>) = 1048576 [pid 532] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 535] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 531] <... close resumed>) = 0 [pid 531] mkdir("./file0", 0777 [pid 527] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 531] <... mkdir resumed>) = 0 [pid 531] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 530] munmap(0x7fe355b57000, 138412032 [pid 527] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=527, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 530] <... munmap resumed>) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] <... restart_syscall resumed>) = 0 [pid 297] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./8/binderfs") = 0 [pid 297] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 532] <... write resumed>) = 1048576 [pid 530] <... openat resumed>) = 6 [pid 530] ioctl(6, LOOP_SET_FD, 5 [pid 532] munmap(0x7fe355b57000, 138412032 [pid 297] <... umount2 resumed>) = 0 [pid 532] <... munmap resumed>) = 0 [pid 530] <... ioctl resumed>) = 0 [pid 530] close(5) = 0 [ 41.873492][ T531] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 530] close(6 [pid 535] <... write resumed>) = 1048576 [pid 532] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./8/file0") = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./8") = 0 [pid 535] munmap(0x7fe355b57000, 138412032 [pid 297] mkdir("./9", 0777) = 0 [pid 535] <... munmap resumed>) = 0 [pid 535] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 530] <... close resumed>) = 0 [pid 530] mkdir("./file0", 0777) = 0 [pid 530] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 532] <... openat resumed>) = 6 [pid 535] <... openat resumed>) = 6 [pid 532] ioctl(6, LOOP_SET_FD, 5 [pid 297] <... openat resumed>) = 3 [pid 535] ioctl(6, LOOP_SET_FD, 5 [pid 297] ioctl(3, LOOP_CLR_FD [pid 532] <... ioctl resumed>) = 0 [pid 532] close(5) = 0 [pid 532] close(6 [pid 535] <... ioctl resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 535] close(5 [pid 297] close(3 [pid 535] <... close resumed>) = 0 [pid 535] close(6 [pid 531] <... mount resumed>) = 0 [pid 531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 531] chdir("./file0") = 0 [pid 531] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 532] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 532] mkdir("./file0", 0777 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 532] <... mkdir resumed>) = 0 [pid 532] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 549 ./strace-static-x86_64: Process 549 attached [pid 549] set_robust_list(0x555562cb4660, 24) = 0 [pid 549] chdir("./9") = 0 [pid 549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 549] setpgid(0, 0) = 0 [pid 549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 549] write(3, "1000", 4) = 4 [pid 549] close(3) = 0 [pid 549] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 549] write(1, "executing program\n", 18) = 18 [pid 549] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 549] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 549] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 549] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 549] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 549] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 549] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [ 42.043050][ T530] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 549] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 549] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 549] memfd_create("syzkaller", 0) = 5 [pid 535] <... close resumed>) = 0 [pid 531] <... openat resumed>) = 6 [pid 549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 535] mkdir("./file0", 0777 [pid 531] ioctl(6, LOOP_CLR_FD [pid 549] <... mmap resumed>) = 0x7fe355b57000 [pid 535] <... mkdir resumed>) = 0 [pid 531] <... ioctl resumed>) = 0 [pid 535] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 531] close(6) = 0 [pid 531] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 531] write(6, "#! ./file1\n", 11) = 11 [pid 531] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 42.154393][ T531] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 549] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 530] <... mount resumed>) = 0 [pid 530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 530] chdir("./file0" [pid 549] <... write resumed>) = 1048576 [pid 530] <... chdir resumed>) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_CLR_FD [pid 549] munmap(0x7fe355b57000, 138412032 [pid 531] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 530] <... ioctl resumed>) = 0 [pid 530] close(6) = 0 [pid 530] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 549] <... munmap resumed>) = 0 [pid 530] <... openat resumed>) = 6 [pid 530] write(6, "#! ./file1\n", 11) = 11 [pid 549] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 530] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 549] ioctl(6, LOOP_SET_FD, 5 [pid 530] <... mmap resumed>) = 0x200000000000 [ 42.186854][ T535] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 42.210528][ T532] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 549] <... ioctl resumed>) = 0 [pid 531] +++ killed by SIGBUS +++ [pid 530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=531, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 549] close(5 [pid 535] <... mount resumed>) = 0 [pid 549] <... close resumed>) = 0 [pid 549] close(6 [pid 299] <... restart_syscall resumed>) = 0 [pid 549] <... close resumed>) = 0 [pid 299] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 549] mkdir("./file0", 0777 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 549] <... mkdir resumed>) = 0 [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 549] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./8/binderfs") = 0 [pid 299] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 535] chdir("./file0") = 0 [pid 535] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [ 42.276623][ T536] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-530: bg 0: block 234: padding at end of block bitmap is not set [pid 535] ioctl(6, LOOP_CLR_FD [pid 532] <... mount resumed>) = 0 [pid 532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 532] chdir("./file0") = 0 [pid 532] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 530] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=530, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- [pid 535] <... ioctl resumed>) = 0 [pid 295] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 535] close(6 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 535] <... close resumed>) = 0 [pid 295] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 535] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 295] <... openat resumed>) = 3 [pid 535] <... openat resumed>) = 6 [pid 295] newfstatat(3, "", [pid 535] write(6, "#! ./file1\n", 11 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 535] <... write resumed>) = 11 [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [ 42.328370][ T549] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 535] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 295] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 535] <... mmap resumed>) = 0x200000000000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./8/binderfs") = 0 [pid 295] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 532] <... openat resumed>) = 6 [pid 532] ioctl(6, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./8/file0") = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./8") = 0 [pid 299] mkdir("./9", 0777) = 0 [ 42.384080][ T535] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 549] <... mount resumed>) = 0 [pid 535] +++ killed by SIGBUS +++ [pid 532] <... ioctl resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 295] <... umount2 resumed>) = 0 [pid 549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 532] close(6 [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=535, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=6} --- [pid 549] chdir("./file0") = 0 [pid 532] <... close resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 549] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 532] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 299] close(3 [pid 549] ioctl(6, LOOP_CLR_FD) = 0 [pid 532] <... openat resumed>) = 6 [pid 299] <... close resumed>) = 0 [pid 296] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 549] close(6 [pid 532] write(6, "#! ./file1\n", 11 [pid 549] <... close resumed>) = 0 [pid 549] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 532] <... write resumed>) = 11 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 549] <... openat resumed>) = 6 [pid 532] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 296] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 549] write(6, "#! ./file1\n", 11 [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 558 [pid 296] <... openat resumed>) = 3 [pid 532] <... mmap resumed>) = 0x200000000000 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./9/binderfs") = 0 [pid 296] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 549] <... write resumed>) = 11 ./strace-static-x86_64: Process 558 attached [pid 549] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 558] set_robust_list(0x555562cb4660, 24 [pid 549] <... mmap resumed>) = 0x200000000000 [pid 558] <... set_robust_list resumed>) = 0 [pid 558] chdir("./9" [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./8/file0") = 0 [pid 558] <... chdir resumed>) = 0 [pid 558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] getdents64(3, [pid 558] setpgid(0, 0) = 0 [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] close(3 [pid 558] <... openat resumed>) = 3 [pid 295] <... close resumed>) = 0 [pid 558] write(3, "1000", 4) = 4 [pid 295] rmdir("./8" [pid 558] close(3) = 0 [pid 532] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 295] <... rmdir resumed>) = 0 [pid 558] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 295] mkdir("./9", 0777 [pid 558] write(1, "executing program\n", 18) = 18 [pid 295] <... mkdir resumed>) = 0 [pid 558] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 549] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 558] <... openat resumed>) = 3 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 558] ioctl(3, VHOST_SET_OWNER [pid 549] +++ killed by SIGBUS +++ [pid 532] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=532, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=549, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 558] <... ioctl resumed>, 0) = 0 [pid 558] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 558] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 558] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 558] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 558] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 558] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 558] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 558] memfd_create("syzkaller", 0) = 5 [pid 558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 298] <... restart_syscall resumed>) = 0 [pid 297] <... restart_syscall resumed>) = 0 [ 42.511728][ T532] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 42.528429][ T549] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 298] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 558] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 558] <... write resumed>) = 1048576 [pid 298] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./9/binderfs") = 0 [pid 298] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 558] munmap(0x7fe355b57000, 138412032 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 558] <... munmap resumed>) = 0 [pid 297] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] newfstatat(AT_FDCWD, "./9/file0", [pid 295] close(3 [pid 558] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... openat resumed>) = 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(3, "", [pid 296] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] getdents64(3, [pid 296] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] <... openat resumed>) = 4 [pid 297] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] newfstatat(4, "", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(AT_FDCWD, "./9/binderfs", [pid 296] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] unlink("./9/binderfs" [pid 296] getdents64(4, [pid 297] <... unlink resumed>) = 0 [pid 296] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] close(4) = 0 [pid 296] rmdir("./9/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./9") = 0 [pid 296] mkdir("./10", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... umount2 resumed>) = 0 [pid 558] <... openat resumed>) = 6 [pid 295] <... close resumed>) = 0 [pid 558] ioctl(6, LOOP_SET_FD, 5 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 561 [pid 298] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 561 attached ) = -1 EINVAL (Invalid argument) [pid 561] set_robust_list(0x555562cb4660, 24 [pid 558] <... ioctl resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./9/file0", [pid 561] <... set_robust_list resumed>) = 0 [pid 558] close(5 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 561] chdir("./9" [pid 558] <... close resumed>) = 0 [pid 298] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 561] <... chdir resumed>) = 0 [pid 558] close(6 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 561] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 561] <... prctl resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 561] setpgid(0, 0 [pid 298] newfstatat(4, "", [pid 561] <... setpgid resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 561] <... openat resumed>) = 3 [pid 298] getdents64(4, [pid 561] write(3, "1000", 4 [pid 298] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 561] <... write resumed>) = 4 [pid 298] close(4 [pid 561] close(3 [pid 298] <... close resumed>) = 0 [pid 561] <... close resumed>) = 0 [pid 298] rmdir("./9/file0" [pid 561] symlink("/dev/binderfs", "./binderfs" [pid 298] <... rmdir resumed>) = 0 executing program [pid 561] <... symlink resumed>) = 0 [pid 298] getdents64(3, [pid 561] write(1, "executing program\n", 18 [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 561] <... write resumed>) = 18 [pid 298] close(3 [pid 561] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 298] <... close resumed>) = 0 [pid 561] <... openat resumed>) = 3 [pid 298] rmdir("./9" [pid 561] ioctl(3, VHOST_SET_OWNER [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./10", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 561] <... ioctl resumed>, 0) = 0 [pid 561] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 561] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 561] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 561] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 561] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 561] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 561] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 561] memfd_create("syzkaller", 0) = 5 [pid 561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 298] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 561] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 561] munmap(0x7fe355b57000, 138412032) = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 558] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 561] <... openat resumed>) = 6 [pid 558] mkdir("./file0", 0777 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 561] ioctl(6, LOOP_SET_FD, 5 [pid 558] <... mkdir resumed>) = 0 [pid 298] close(3 [pid 296] close(3 [pid 558] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x555562cb4650) = 566 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 565 [pid 561] <... ioctl resumed>) = 0 [pid 561] close(5) = 0 [pid 561] close(6 [pid 297] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./9/file0") = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./9") = 0 ./strace-static-x86_64: Process 565 attached ./strace-static-x86_64: Process 566 attached [pid 566] set_robust_list(0x555562cb4660, 24 [pid 565] set_robust_list(0x555562cb4660, 24 [pid 566] <... set_robust_list resumed>) = 0 [pid 565] <... set_robust_list resumed>) = 0 [pid 566] chdir("./10" [pid 565] chdir("./10") = 0 [pid 565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 566] <... chdir resumed>) = 0 [pid 565] setpgid(0, 0 [pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] mkdir("./10", 0777 [pid 565] <... setpgid resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 566] <... prctl resumed>) = 0 [pid 565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 566] setpgid(0, 0) = 0 [pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 565] <... openat resumed>) = 3 [pid 566] <... openat resumed>) = 3 [pid 565] write(3, "1000", 4 [pid 566] write(3, "1000", 4 [pid 565] <... write resumed>) = 4 [pid 566] <... write resumed>) = 4 [pid 565] close(3 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 566] close(3 [pid 565] <... close resumed>) = 0 [pid 566] <... close resumed>) = 0 [pid 565] symlink("/dev/binderfs", "./binderfs" [pid 566] symlink("/dev/binderfs", "./binderfs" [pid 565] <... symlink resumed>) = 0 executing program [pid 566] <... symlink resumed>) = 0 [pid 565] write(1, "executing program\n", 18executing program [pid 566] write(1, "executing program\n", 18 [pid 565] <... write resumed>) = 18 [pid 566] <... write resumed>) = 18 [pid 565] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 566] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 565] <... openat resumed>) = 3 [pid 566] <... openat resumed>) = 3 [pid 565] ioctl(3, VHOST_SET_OWNER [pid 566] ioctl(3, VHOST_SET_OWNER [pid 561] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 565] <... ioctl resumed>, 0) = 0 [pid 561] mkdir("./file0", 0777 [pid 297] ioctl(3, LOOP_CLR_FD [pid 566] <... ioctl resumed>, 0) = 0 [pid 565] ioctl(3, VHOST_SET_VRING_ADDR [pid 561] <... mkdir resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 566] ioctl(3, VHOST_SET_VRING_ADDR [pid 565] <... ioctl resumed>, 0x200000000300) = 0 [pid 561] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 297] close(3 [pid 566] <... ioctl resumed>, 0x200000000300) = 0 [pid 565] ioctl(3, VHOST_SET_MEM_TABLE [pid 297] <... close resumed>) = 0 [pid 566] ioctl(3, VHOST_SET_MEM_TABLE [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 566] <... ioctl resumed>, 0x200000003380) = 0 [pid 565] <... ioctl resumed>, 0x200000003380) = 0 [pid 566] eventfd2(118, EFD_SEMAPHORE [pid 565] eventfd2(118, EFD_SEMAPHORE [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 571 [pid 566] <... eventfd2 resumed>) = 4 [pid 565] <... eventfd2 resumed>) = 4 [pid 566] ioctl(3, VHOST_SET_VRING_ERR [pid 565] ioctl(3, VHOST_SET_VRING_ERR [pid 566] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 565] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 566] ioctl(3, VHOST_SET_VRING_ADDR [pid 565] ioctl(3, VHOST_SET_VRING_ADDR [pid 566] <... ioctl resumed>, 0x200000000240) = 0 [pid 565] <... ioctl resumed>, 0x200000000240) = 0 [pid 566] ioctl(3, VHOST_SET_VRING_KICK [pid 565] ioctl(3, VHOST_SET_VRING_KICK./strace-static-x86_64: Process 571 attached [pid 566] <... ioctl resumed>, 0x200000000000) = 0 [pid 565] <... ioctl resumed>, 0x200000000000) = 0 [pid 558] <... mount resumed>) = 0 [pid 571] set_robust_list(0x555562cb4660, 24 [pid 566] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 565] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 566] <... ioctl resumed>, 0x200000000140) = 0 [pid 565] <... ioctl resumed>, 0x200000000140) = 0 [pid 566] memfd_create("syzkaller", 0 [pid 565] memfd_create("syzkaller", 0 [pid 566] <... memfd_create resumed>) = 5 [pid 565] <... memfd_create resumed>) = 5 [pid 566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 566] <... mmap resumed>) = 0x7fe355b57000 [pid 565] <... mmap resumed>) = 0x7fe355b57000 [ 42.796908][ T558] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 571] <... set_robust_list resumed>) = 0 [pid 558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 571] chdir("./10" [pid 558] <... openat resumed>) = 5 [pid 571] <... chdir resumed>) = 0 [pid 558] chdir("./file0" [pid 571] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 558] <... chdir resumed>) = 0 [pid 571] <... prctl resumed>) = 0 [pid 558] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 571] setpgid(0, 0 [pid 558] <... openat resumed>) = 6 [pid 571] <... setpgid resumed>) = 0 [pid 558] ioctl(6, LOOP_CLR_FD [pid 571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 558] <... ioctl resumed>) = 0 [pid 571] <... openat resumed>) = 3 [pid 558] close(6 [pid 571] write(3, "1000", 4 [pid 558] <... close resumed>) = 0 [pid 571] <... write resumed>) = 4 [pid 558] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 571] close(3 [pid 558] <... openat resumed>) = 6 [pid 571] <... close resumed>) = 0 [pid 558] write(6, "#! ./file1\n", 11 [pid 571] symlink("/dev/binderfs", "./binderfs" [pid 558] <... write resumed>) = 11 [pid 571] <... symlink resumed>) = 0 [pid 558] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0executing program [pid 571] write(1, "executing program\n", 18 [pid 558] <... mmap resumed>) = 0x200000000000 [pid 571] <... write resumed>) = 18 [pid 571] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 571] ioctl(3, VHOST_SET_OWNER [pid 565] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 566] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 571] <... ioctl resumed>, 0) = 0 [pid 571] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 571] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 571] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 571] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 571] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 571] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 571] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [ 42.914736][ T558] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 42.941834][ T561] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 571] memfd_create("syzkaller", 0) = 5 [pid 571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 558] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 566] <... write resumed>) = 1048576 [pid 561] <... mount resumed>) = 0 [pid 561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 561] chdir("./file0") = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 561] ioctl(6, LOOP_CLR_FD) = 0 [pid 561] close(6) = 0 [pid 561] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 565] <... write resumed>) = 1048576 [pid 566] munmap(0x7fe355b57000, 138412032 [pid 561] <... openat resumed>) = 6 [pid 561] write(6, "#! ./file1\n", 11 [pid 565] munmap(0x7fe355b57000, 138412032) = 0 [pid 566] <... munmap resumed>) = 0 [pid 561] <... write resumed>) = 11 [pid 561] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 566] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 565] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 566] ioctl(6, LOOP_SET_FD, 5 [pid 565] ioctl(6, LOOP_SET_FD, 5 [pid 561] <... mmap resumed>) = 0x200000000000 [pid 571] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 566] <... ioctl resumed>) = 0 [pid 566] close(5) = 0 [pid 566] close(6 [pid 558] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=558, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./9/binderfs") = 0 [pid 299] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 565] <... ioctl resumed>) = 0 [pid 565] close(5) = 0 [pid 565] close(6 [pid 571] <... write resumed>) = 1048576 [pid 561] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 571] munmap(0x7fe355b57000, 138412032 [pid 561] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=561, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [ 43.048094][ T561] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 571] <... munmap resumed>) = 0 [pid 571] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... restart_syscall resumed>) = 0 [pid 295] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./9/binderfs" [pid 565] <... close resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 565] mkdir("./file0", 0777 [pid 295] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 565] <... mkdir resumed>) = 0 [pid 565] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 566] <... close resumed>) = 0 [pid 566] mkdir("./file0", 0777) = 0 [pid 566] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 571] <... openat resumed>) = 6 [pid 295] <... umount2 resumed>) = 0 [pid 571] ioctl(6, LOOP_SET_FD, 5 [pid 295] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./9/file0" [pid 299] <... umount2 resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./9") = 0 [pid 295] mkdir("./10", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./9/file0") = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./9") = 0 [pid 299] mkdir("./10", 0777) = 0 [ 43.277339][ T565] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 571] <... ioctl resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 571] close(5 [pid 295] ioctl(3, LOOP_CLR_FD [pid 571] <... close resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 571] close(6 [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 571] <... close resumed>) = 0 [pid 571] mkdir("./file0", 0777) = 0 [pid 571] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 582 [pid 299] <... openat resumed>) = 3 [ 43.343280][ T566] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue ./strace-static-x86_64: Process 582 attached [pid 582] set_robust_list(0x555562cb4660, 24) = 0 [pid 582] chdir("./10") = 0 [pid 582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 582] setpgid(0, 0) = 0 [pid 582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 582] write(3, "1000", 4) = 4 [pid 582] close(3) = 0 [pid 582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 582] write(1, "executing program\n", 18executing program ) = 18 [pid 582] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 582] ioctl(3, VHOST_SET_OWNER [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 582] <... ioctl resumed>, 0) = 0 [pid 582] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 582] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 582] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 582] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 582] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 582] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 582] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 582] memfd_create("syzkaller", 0) = 5 [pid 582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 582] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 43.388434][ T571] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue ./strace-static-x86_64: Process 586 attached [pid 586] set_robust_list(0x555562cb4660, 24) = 0 [pid 586] chdir("./10") = 0 [pid 586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 586] setpgid(0, 0) = 0 [pid 586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 586] write(3, "1000", 4) = 4 [pid 586] close(3) = 0 [pid 586] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 586] write(1, "executing program\n", 18) = 18 [pid 586] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 586] ioctl(3, VHOST_SET_OWNER [pid 582] munmap(0x7fe355b57000, 138412032) = 0 [pid 582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 582] ioctl(6, LOOP_SET_FD, 5 [pid 586] <... ioctl resumed>, 0) = 0 [pid 586] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 586] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 586 [pid 586] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 586] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 586] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 586] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 586] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 586] memfd_create("syzkaller", 0) = 5 [pid 586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 582] <... ioctl resumed>) = 0 [pid 582] close(5) = 0 [pid 582] close(6) = 0 [pid 582] mkdir("./file0", 0777) = 0 [pid 582] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 586] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 586] munmap(0x7fe355b57000, 138412032) = 0 [pid 586] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 586] ioctl(6, LOOP_SET_FD, 5 [pid 565] <... mount resumed>) = 0 [pid 586] <... ioctl resumed>) = 0 [pid 565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 586] close(5 [pid 565] chdir("./file0" [pid 586] <... close resumed>) = 0 [pid 586] close(6) = 0 [pid 586] mkdir("./file0", 0777 [pid 565] <... chdir resumed>) = 0 [pid 565] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 586] <... mkdir resumed>) = 0 [pid 586] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 565] <... openat resumed>) = 6 [pid 565] ioctl(6, LOOP_CLR_FD) = 0 [pid 565] close(6) = 0 [pid 565] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 565] write(6, "#! ./file1\n", 11) = 11 [pid 565] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 43.523239][ T582] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 571] <... mount resumed>) = 0 [pid 571] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 566] <... mount resumed>) = 0 [ 43.571552][ T565] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 571] <... openat resumed>) = 5 [pid 566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 571] chdir("./file0" [pid 566] <... openat resumed>) = 5 [pid 571] <... chdir resumed>) = 0 [pid 566] chdir("./file0" [pid 571] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 566] <... chdir resumed>) = 0 [pid 571] <... openat resumed>) = 6 [pid 571] ioctl(6, LOOP_CLR_FD [pid 566] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 571] <... ioctl resumed>) = 0 [pid 571] close(6 [pid 566] <... openat resumed>) = 6 [pid 571] <... close resumed>) = 0 [pid 566] ioctl(6, LOOP_CLR_FD [pid 571] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 566] <... ioctl resumed>) = 0 [pid 566] close(6) = 0 [pid 566] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 571] <... openat resumed>) = 6 [pid 566] <... openat resumed>) = 6 [pid 566] write(6, "#! ./file1\n", 11 [pid 571] write(6, "#! ./file1\n", 11 [pid 566] <... write resumed>) = 11 [pid 566] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 571] <... write resumed>) = 11 [pid 571] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 43.612848][ T586] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 43.646359][ T570] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-566: bg 0: block 234: padding at end of block bitmap is not set [pid 586] <... mount resumed>) = 0 [pid 586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 566] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 586] chdir("./file0") = 0 [pid 586] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 586] ioctl(6, LOOP_CLR_FD) = 0 [pid 586] close(6) = 0 [pid 586] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 586] write(6, "#! ./file1\n", 11) = 11 [pid 586] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 582] <... mount resumed>) = 0 [pid 586] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 582] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 582] chdir("./file0") = 0 [pid 582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 582] ioctl(6, LOOP_CLR_FD) = 0 [pid 582] close(6 [pid 571] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 566] +++ killed by SIGBUS +++ [pid 582] <... close resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=566, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 586] +++ killed by SIGBUS +++ [pid 582] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] <... restart_syscall resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=586, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... openat resumed>) = 3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(3, "", [pid 299] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... openat resumed>) = 3 [pid 298] getdents64(3, [pid 299] newfstatat(3, "", [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] getdents64(3, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] newfstatat(AT_FDCWD, "./10/binderfs", [pid 582] <... openat resumed>) = 6 [pid 565] +++ killed by SIGBUS +++ [pid 299] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 582] write(6, "#! ./file1\n", 11 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] unlink("./10/binderfs" [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=565, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=4} --- [pid 582] <... write resumed>) = 11 [pid 299] newfstatat(AT_FDCWD, "./10/binderfs", [pid 298] <... unlink resumed>) = 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 582] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 43.651376][ T571] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 43.696855][ T587] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-586: bg 0: block 234: padding at end of block bitmap is not set [pid 298] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 582] <... mmap resumed>) = 0x200000000000 [pid 299] unlink("./10/binderfs") = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 299] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./10/binderfs") = 0 [pid 296] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 571] +++ killed by SIGBUS +++ [pid 582] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=571, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 582] +++ killed by SIGBUS +++ [pid 297] <... restart_syscall resumed>) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=582, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 297] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 295] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(3, "", [pid 295] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(3, "", [pid 299] <... umount2 resumed>) = 0 [pid 297] getdents64(3, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] getdents64(3, [pid 297] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./10/binderfs", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] newfstatat(AT_FDCWD, "./10/binderfs", [pid 297] unlink("./10/binderfs" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] newfstatat(AT_FDCWD, "./10/file0", [pid 297] <... unlink resumed>) = 0 [pid 295] unlink("./10/binderfs" [pid 297] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... unlink resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./10/file0") = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./10") = 0 [pid 299] mkdir("./11", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 43.744937][ T585] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-582: bg 0: block 234: padding at end of block bitmap is not set [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 296] getdents64(4, [pid 295] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(4, [pid 295] newfstatat(AT_FDCWD, "./10/file0", [pid 296] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] close(4 [pid 295] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... close resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] rmdir("./10/file0" [pid 295] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", [pid 296] <... rmdir resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 295] getdents64(4, [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] close(3 [pid 295] getdents64(4, [pid 296] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] rmdir("./10") = 0 [pid 295] close(4 [pid 296] mkdir("./11", 0777 [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./10/file0" [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./10") = 0 [pid 295] mkdir("./11", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 298] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./10/file0") = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./10") = 0 [pid 298] mkdir("./11", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./10/file0") = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./10") = 0 [pid 297] mkdir("./11", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 296] close(3 [pid 298] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 299] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... openat resumed>) = 3 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... openat resumed>) = 3 [pid 298] <... clone resumed>, child_tidptr=0x555562cb4650) = 595 ./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x555562cb4660, 24 [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 596 [pid 297] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 597 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 295] close(3 [pid 595] <... set_robust_list resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... close resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 595] chdir("./11") = 0 [pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 595] setpgid(0, 0 [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 598 [pid 595] <... setpgid resumed>) = 0 [pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 599 [pid 595] <... openat resumed>) = 3 [pid 595] write(3, "1000", 4) = 4 [pid 595] close(3) = 0 [pid 595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 595] write(1, "executing program\n", 18executing program ) = 18 [pid 595] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 ./strace-static-x86_64: Process 597 attached [pid 595] ioctl(3, VHOST_SET_OWNER [pid 597] set_robust_list(0x555562cb4660, 24) = 0 [pid 597] chdir("./11"./strace-static-x86_64: Process 598 attached ./strace-static-x86_64: Process 596 attached [pid 598] set_robust_list(0x555562cb4660, 24 [pid 597] <... chdir resumed>) = 0 [pid 598] <... set_robust_list resumed>) = 0 [pid 596] set_robust_list(0x555562cb4660, 24 [pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 598] chdir("./11" [pid 596] <... set_robust_list resumed>) = 0 [pid 597] <... prctl resumed>) = 0 [pid 597] setpgid(0, 0) = 0 [pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 597] write(3, "1000", 4) = 4 [pid 597] close(3 [pid 598] <... chdir resumed>) = 0 [pid 597] <... close resumed>) = 0 [pid 595] <... ioctl resumed>, 0) = 0 [pid 598] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 596] chdir("./11" [pid 598] <... prctl resumed>) = 0 [pid 596] <... chdir resumed>) = 0 [pid 598] setpgid(0, 0 [pid 596] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 598] <... setpgid resumed>) = 0 [pid 596] <... prctl resumed>) = 0 [pid 598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 597] symlink("/dev/binderfs", "./binderfs" [pid 596] setpgid(0, 0 [pid 595] ioctl(3, VHOST_SET_VRING_ADDR./strace-static-x86_64: Process 599 attached [pid 598] <... openat resumed>) = 3 [pid 597] <... symlink resumed>) = 0 [pid 596] <... setpgid resumed>) = 0 [pid 595] <... ioctl resumed>, 0x200000000300) = 0 [pid 598] write(3, "1000", 4executing program [pid 599] set_robust_list(0x555562cb4660, 24 [pid 598] <... write resumed>) = 4 [pid 597] write(1, "executing program\n", 18 [pid 596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 595] ioctl(3, VHOST_SET_MEM_TABLE [pid 598] close(3 [pid 599] <... set_robust_list resumed>) = 0 [pid 598] <... close resumed>) = 0 [pid 597] <... write resumed>) = 18 [pid 596] <... openat resumed>) = 3 [pid 598] symlink("/dev/binderfs", "./binderfs" [pid 599] chdir("./11" [pid 598] <... symlink resumed>) = 0 [pid 597] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 596] write(3, "1000", 4 [pid 595] <... ioctl resumed>, 0x200000003380) = 0 executing program [pid 599] <... chdir resumed>) = 0 [pid 598] write(1, "executing program\n", 18 [pid 597] <... openat resumed>) = 3 [pid 596] <... write resumed>) = 4 [pid 595] eventfd2(118, EFD_SEMAPHORE [pid 599] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 598] <... write resumed>) = 18 [pid 597] ioctl(3, VHOST_SET_OWNER [pid 596] close(3 [pid 595] <... eventfd2 resumed>) = 4 [pid 599] <... prctl resumed>) = 0 [pid 598] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 595] ioctl(3, VHOST_SET_VRING_ERR [pid 599] setpgid(0, 0 [pid 598] <... openat resumed>) = 3 [pid 596] <... close resumed>) = 0 [pid 595] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 599] <... setpgid resumed>) = 0 [pid 598] ioctl(3, VHOST_SET_OWNER [pid 596] symlink("/dev/binderfs", "./binderfs" [pid 595] ioctl(3, VHOST_SET_VRING_ADDR [pid 599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 595] <... ioctl resumed>, 0x200000000240) = 0 [pid 599] <... openat resumed>) = 3 [pid 595] ioctl(3, VHOST_SET_VRING_KICK [pid 599] write(3, "1000", 4 [pid 595] <... ioctl resumed>, 0x200000000000) = 0 [pid 599] <... write resumed>) = 4 [pid 595] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 599] close(3 [pid 595] <... ioctl resumed>, 0x200000000140) = 0 [pid 599] <... close resumed>) = 0 [pid 595] memfd_create("syzkaller", 0 [pid 599] symlink("/dev/binderfs", "./binderfs" [pid 595] <... memfd_create resumed>) = 5 [pid 599] <... symlink resumed>) = 0 executing program [pid 595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 599] write(1, "executing program\n", 18 [pid 595] <... mmap resumed>) = 0x7fe355b57000 [pid 599] <... write resumed>) = 18 [pid 596] <... symlink resumed>) = 0 [pid 599] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 executing program [pid 596] write(1, "executing program\n", 18 [pid 599] ioctl(3, VHOST_SET_OWNER [pid 596] <... write resumed>) = 18 [pid 597] <... ioctl resumed>, 0) = 0 [pid 596] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 597] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 596] <... openat resumed>) = 3 [pid 597] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 596] ioctl(3, VHOST_SET_OWNER [pid 597] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 597] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 597] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 597] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 597] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 598] <... ioctl resumed>, 0) = 0 [pid 597] <... ioctl resumed>, 0x200000000140) = 0 [pid 597] memfd_create("syzkaller", 0) = 5 [pid 597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 598] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 598] ioctl(3, VHOST_SET_MEM_TABLE [pid 599] <... ioctl resumed>, 0) = 0 [pid 598] <... ioctl resumed>, 0x200000003380) = 0 [pid 599] ioctl(3, VHOST_SET_VRING_ADDR [pid 598] eventfd2(118, EFD_SEMAPHORE [pid 599] <... ioctl resumed>, 0x200000000300) = 0 [pid 599] ioctl(3, VHOST_SET_MEM_TABLE [pid 598] <... eventfd2 resumed>) = 4 [pid 599] <... ioctl resumed>, 0x200000003380) = 0 [pid 598] ioctl(3, VHOST_SET_VRING_ERR [pid 599] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 598] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 599] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 599] ioctl(3, VHOST_SET_VRING_ADDR [pid 598] ioctl(3, VHOST_SET_VRING_ADDR [pid 599] <... ioctl resumed>, 0x200000000240) = 0 [pid 599] ioctl(3, VHOST_SET_VRING_KICK [pid 598] <... ioctl resumed>, 0x200000000240) = 0 [pid 599] <... ioctl resumed>, 0x200000000000) = 0 [pid 596] <... ioctl resumed>, 0) = 0 [pid 598] ioctl(3, VHOST_SET_VRING_KICK [pid 599] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 598] <... ioctl resumed>, 0x200000000000) = 0 [pid 596] ioctl(3, VHOST_SET_VRING_ADDR [pid 599] memfd_create("syzkaller", 0) = 5 [pid 598] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 596] <... ioctl resumed>, 0x200000000300) = 0 [pid 599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 598] <... ioctl resumed>, 0x200000000140) = 0 [pid 596] ioctl(3, VHOST_SET_MEM_TABLE [pid 599] <... mmap resumed>) = 0x7fe355b57000 [pid 598] memfd_create("syzkaller", 0) = 5 [pid 596] <... ioctl resumed>, 0x200000003380) = 0 [pid 598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 596] eventfd2(118, EFD_SEMAPHORE [pid 598] <... mmap resumed>) = 0x7fe355b57000 [pid 596] <... eventfd2 resumed>) = 4 [pid 596] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 596] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 596] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 596] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 598] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 597] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 596] <... ioctl resumed>, 0x200000000140) = 0 [pid 596] memfd_create("syzkaller", 0) = 5 [pid 596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 599] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 595] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 596] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 599] <... write resumed>) = 1048576 [pid 595] <... write resumed>) = 1048576 [pid 595] munmap(0x7fe355b57000, 138412032) = 0 [pid 595] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_SET_FD, 5 [pid 597] <... write resumed>) = 1048576 [pid 599] munmap(0x7fe355b57000, 138412032 [pid 597] munmap(0x7fe355b57000, 138412032) = 0 [pid 597] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 595] <... ioctl resumed>) = 0 [pid 597] <... openat resumed>) = 6 [pid 595] close(5 [pid 597] ioctl(6, LOOP_SET_FD, 5 [pid 595] <... close resumed>) = 0 [pid 595] close(6 [pid 598] <... write resumed>) = 1048576 [pid 598] munmap(0x7fe355b57000, 138412032) = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 599] <... munmap resumed>) = 0 [pid 599] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 596] <... write resumed>) = 1048576 [pid 596] munmap(0x7fe355b57000, 138412032 [pid 597] <... ioctl resumed>) = 0 [pid 599] <... openat resumed>) = 6 [pid 598] <... openat resumed>) = 6 [pid 597] close(5 [pid 595] <... close resumed>) = 0 [pid 599] ioctl(6, LOOP_SET_FD, 5 [pid 598] ioctl(6, LOOP_SET_FD, 5 [pid 597] <... close resumed>) = 0 [pid 597] close(6 [pid 595] mkdir("./file0", 0777) = 0 [pid 595] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 596] <... munmap resumed>) = 0 [pid 596] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 599] <... ioctl resumed>) = 0 [pid 599] close(5) = 0 [pid 599] close(6 [pid 598] <... ioctl resumed>) = 0 [pid 597] <... close resumed>) = 0 [pid 596] <... openat resumed>) = 6 [pid 597] mkdir("./file0", 0777 [pid 596] ioctl(6, LOOP_SET_FD, 5 [pid 597] <... mkdir resumed>) = 0 [pid 598] close(5 [pid 597] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 598] <... close resumed>) = 0 [pid 598] close(6 [pid 599] <... close resumed>) = 0 [pid 599] mkdir("./file0", 0777) = 0 [pid 599] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 596] <... ioctl resumed>) = 0 [pid 596] close(5) = 0 [ 44.291542][ T595] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 596] close(6 [pid 598] <... close resumed>) = 0 [pid 598] mkdir("./file0", 0777) = 0 [pid 598] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 595] <... mount resumed>) = 0 [pid 595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 595] chdir("./file0") = 0 [pid 595] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 596] <... close resumed>) = 0 [pid 596] mkdir("./file0", 0777) = 0 [pid 596] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 595] <... openat resumed>) = 6 [pid 595] ioctl(6, LOOP_CLR_FD) = 0 [pid 595] close(6) = 0 [pid 595] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 595] write(6, "#! ./file1\n", 11) = 11 [pid 595] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 44.432157][ T597] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.485259][ T595] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 44.553351][ T598] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 44.579197][ T596] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 595] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [ 44.601964][ T599] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 597] <... mount resumed>) = 0 [pid 597] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 597] chdir("./file0") = 0 [pid 595] +++ killed by SIGBUS +++ [pid 597] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 597] ioctl(6, LOOP_CLR_FD) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=595, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 597] close(6 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 597] <... close resumed>) = 0 [pid 597] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 597] write(6, "#! ./file1\n", 11 [pid 298] <... restart_syscall resumed>) = 0 [pid 298] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 597] <... write resumed>) = 11 [pid 298] newfstatat(3, "", [pid 597] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./11/binderfs") = 0 [pid 298] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 598] <... mount resumed>) = 0 [pid 598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 598] chdir("./file0") = 0 [pid 599] <... mount resumed>) = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 596] <... mount resumed>) = 0 [pid 599] <... openat resumed>) = 5 [pid 596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 599] chdir("./file0" [pid 596] <... openat resumed>) = 5 [pid 599] <... chdir resumed>) = 0 [pid 596] chdir("./file0" [pid 599] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 596] <... chdir resumed>) = 0 [ 44.706337][ T597] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 596] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 597] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 597] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=597, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./11/binderfs") = 0 [pid 296] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 598] <... openat resumed>) = 6 [pid 599] <... openat resumed>) = 6 [pid 596] <... openat resumed>) = 6 [pid 598] ioctl(6, LOOP_CLR_FD [pid 599] ioctl(6, LOOP_CLR_FD [pid 598] <... ioctl resumed>) = 0 [pid 596] ioctl(6, LOOP_CLR_FD [pid 599] <... ioctl resumed>) = 0 [pid 599] close(6 [pid 598] close(6 [pid 596] <... ioctl resumed>) = 0 [pid 596] close(6 [pid 599] <... close resumed>) = 0 [pid 598] <... close resumed>) = 0 [pid 599] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 596] <... close resumed>) = 0 [pid 598] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 596] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 598] <... openat resumed>) = 6 [pid 598] write(6, "#! ./file1\n", 11) = 11 [pid 598] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 599] <... openat resumed>) = 6 [pid 596] write(6, "#! ./file1\n", 11 [pid 298] <... umount2 resumed>) = 0 [pid 599] write(6, "#! ./file1\n", 11 [pid 596] <... write resumed>) = 11 [pid 599] <... write resumed>) = 11 [pid 596] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 599] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 596] <... mmap resumed>) = 0x200000000000 [pid 599] <... mmap resumed>) = 0x200000000000 [pid 598] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 598] +++ killed by SIGBUS +++ [ 44.808265][ T598] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 44.831079][ T599] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=598, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=5} --- [pid 295] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] unlink("./11/binderfs" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... unlink resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./11/file0", [pid 295] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", [pid 599] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 596] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 298] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./11/file0") = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./11") = 0 [pid 298] mkdir("./12", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 596] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=596, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 599] +++ killed by SIGBUS +++ [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=599, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=3} --- [pid 299] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(3, "", [pid 299] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 297] getdents64(3, [pid 299] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] unlink("./11/binderfs" [pid 297] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... unlink resumed>) = 0 [pid 297] unlink("./11/binderfs" [pid 299] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... unlink resumed>) = 0 [ 44.849865][ T596] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 297] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./11/file0" [pid 298] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 621 [pid 299] <... rmdir resumed>) = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./11") = 0 [pid 299] mkdir("./12", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = 0 [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 621 attached [pid 621] set_robust_list(0x555562cb4660, 24) = 0 [pid 621] chdir("./12") = 0 [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 622 [pid 621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 621] setpgid(0, 0 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 621] <... setpgid resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 621] write(3, "1000", 4) = 4 [pid 621] close(3) = 0 [pid 621] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 621] write(1, "executing program\n", 18) = 18 [pid 621] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 621] ioctl(3, VHOST_SET_OWNER./strace-static-x86_64: Process 622 attached [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 622] set_robust_list(0x555562cb4660, 24) = 0 [pid 295] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", [pid 622] chdir("./12") = 0 [pid 622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 622] setpgid(0, 0) = 0 [pid 622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 622] write(3, "1000", 4) = 4 [pid 622] close(3) = 0 [pid 622] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 622] write(1, "executing program\n", 18) = 18 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 622] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 295] getdents64(4, [pid 622] <... openat resumed>) = 3 [pid 295] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 622] ioctl(3, VHOST_SET_OWNER [pid 295] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./11/file0" [pid 622] <... ioctl resumed>, 0) = 0 [pid 622] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 622] ioctl(3, VHOST_SET_MEM_TABLE [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./11/file0", [pid 295] rmdir("./11" [pid 622] <... ioctl resumed>, 0x200000003380) = 0 [pid 622] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 622] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 622] ioctl(3, VHOST_SET_VRING_ADDR [pid 295] <... rmdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] mkdir("./12", 0777 [pid 622] <... ioctl resumed>, 0x200000000240) = 0 [pid 622] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 622] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 622] memfd_create("syzkaller", 0 [pid 296] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... mkdir resumed>) = 0 [pid 622] <... memfd_create resumed>) = 5 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 296] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 621] <... ioctl resumed>, 0) = 0 [pid 621] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 296] <... openat resumed>) = 4 [pid 621] ioctl(3, VHOST_SET_MEM_TABLE [pid 296] newfstatat(4, "", [pid 621] <... ioctl resumed>, 0x200000003380) = 0 [pid 621] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 621] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 296] getdents64(4, [pid 621] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 621] ioctl(3, VHOST_SET_VRING_KICK [pid 296] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 621] <... ioctl resumed>, 0x200000000000) = 0 [pid 621] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 621] memfd_create("syzkaller", 0 [pid 296] getdents64(4, [pid 621] <... memfd_create resumed>) = 5 [pid 621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 296] <... getdents64 resumed>0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = 0 [pid 296] rmdir("./11/file0" [pid 295] close(3 [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./11") = 0 [pid 296] mkdir("./12", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 621] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./11/file0") = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./11") = 0 [pid 297] mkdir("./12", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 622] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 621] <... write resumed>) = 1048576 [pid 621] munmap(0x7fe355b57000, 138412032) = 0 [pid 621] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 622] <... write resumed>) = 1048576 [pid 622] munmap(0x7fe355b57000, 138412032) = 0 [pid 622] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 621] <... openat resumed>) = 6 [pid 621] ioctl(6, LOOP_SET_FD, 5 [pid 295] <... close resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 621] <... ioctl resumed>) = 0 [pid 621] close(5) = 0 [pid 621] close(6 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 626 attached [pid 626] set_robust_list(0x555562cb4660, 24) = 0 [pid 626] chdir("./12" [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 626 [pid 626] <... chdir resumed>) = 0 [pid 626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 626] setpgid(0, 0) = 0 [pid 626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 626] write(3, "1000", 4) = 4 [pid 626] close(3) = 0 [pid 626] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 626] write(1, "executing program\n", 18) = 18 [pid 626] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 626] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 626] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 626] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 626] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 626] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 626] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 626] memfd_create("syzkaller", 0) = 5 [pid 626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 626] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 621] <... close resumed>) = 0 [pid 621] mkdir("./file0", 0777) = 0 [pid 621] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 622] <... openat resumed>) = 6 [pid 297] close(3 [pid 296] close(3 [pid 622] ioctl(6, LOOP_SET_FD, 5 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 630 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 631 [pid 622] <... ioctl resumed>) = 0 [pid 622] close(5) = 0 [pid 622] close(6./strace-static-x86_64: Process 630 attached ./strace-static-x86_64: Process 631 attached [pid 631] set_robust_list(0x555562cb4660, 24 [pid 630] set_robust_list(0x555562cb4660, 24 [pid 631] <... set_robust_list resumed>) = 0 [pid 630] <... set_robust_list resumed>) = 0 [pid 631] chdir("./12" [pid 630] chdir("./12" [pid 631] <... chdir resumed>) = 0 [pid 630] <... chdir resumed>) = 0 [pid 631] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 630] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 631] <... prctl resumed>) = 0 [pid 630] <... prctl resumed>) = 0 [pid 631] setpgid(0, 0 [pid 630] setpgid(0, 0) = 0 [pid 631] <... setpgid resumed>) = 0 [pid 630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 630] <... openat resumed>) = 3 [pid 631] <... openat resumed>) = 3 [pid 631] write(3, "1000", 4) = 4 [pid 630] write(3, "1000", 4) = 4 [pid 631] close(3) = 0 [pid 630] close(3) = 0 [pid 631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 630] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 630] write(1, "executing program\n", 18) = 18 [pid 630] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWRexecuting program [pid 631] write(1, "executing program\n", 18) = 18 [pid 631] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 630] <... openat resumed>) = 3 [pid 631] <... openat resumed>) = 3 [pid 630] ioctl(3, VHOST_SET_OWNER [pid 631] ioctl(3, VHOST_SET_OWNER [pid 630] <... ioctl resumed>, 0) = 0 [pid 630] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 630] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 630] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 630] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 630] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 630] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 630] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 630] memfd_create("syzkaller", 0) = 5 [pid 630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [ 45.182327][ T621] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 622] <... close resumed>) = 0 [pid 631] <... ioctl resumed>, 0) = 0 [pid 631] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 631] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 631] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 631] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 631] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 631] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 631] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 631] memfd_create("syzkaller", 0) = 5 [pid 631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 622] mkdir("./file0", 0777) = 0 [pid 622] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 626] <... write resumed>) = 1048576 [pid 626] munmap(0x7fe355b57000, 138412032) = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 621] <... mount resumed>) = 0 [pid 621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 626] close(5 [pid 621] <... openat resumed>) = 5 [pid 626] <... close resumed>) = 0 [pid 621] chdir("./file0" [pid 626] close(6 [pid 621] <... chdir resumed>) = 0 [pid 626] <... close resumed>) = 0 [pid 621] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 626] mkdir("./file0", 0777) = 0 [pid 621] <... openat resumed>) = 6 [pid 626] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 621] ioctl(6, LOOP_CLR_FD) = 0 [pid 621] close(6) = 0 [pid 621] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 621] write(6, "#! ./file1\n", 11) = 11 [pid 622] <... mount resumed>) = 0 [pid 621] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 45.366635][ T622] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 631] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 622] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 630] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 622] chdir("./file0") = 0 [pid 622] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 622] ioctl(6, LOOP_CLR_FD) = 0 [pid 622] close(6) = 0 [pid 622] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 622] write(6, "#! ./file1\n", 11) = 11 [ 45.424991][ T621] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 622] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 631] <... write resumed>) = 1048576 [pid 630] <... write resumed>) = 1048576 [pid 622] <... mmap resumed>) = 0x200000000000 [pid 631] munmap(0x7fe355b57000, 138412032) = 0 [pid 631] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 631] ioctl(6, LOOP_SET_FD, 5 [pid 630] munmap(0x7fe355b57000, 138412032) = 0 [pid 630] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 631] <... ioctl resumed>) = 0 [pid 631] close(5) = 0 [pid 631] close(6) = 0 [pid 631] mkdir("./file0", 0777) = 0 [pid 630] <... openat resumed>) = 6 [pid 630] ioctl(6, LOOP_SET_FD, 5 [pid 631] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 621] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 630] <... ioctl resumed>) = 0 [pid 630] close(5) = 0 [pid 630] close(6) = 0 [pid 630] mkdir("./file0", 0777) = 0 [pid 630] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 622] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [ 45.506124][ T624] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-622: bg 0: block 234: padding at end of block bitmap is not set [pid 621] +++ killed by SIGBUS +++ [pid 622] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=621, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=622, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=3} --- [pid 298] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] getdents64(3, [pid 299] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] unlink("./12/binderfs") = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./12/binderfs") = 0 [ 45.603290][ T630] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 298] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./12/file0") = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 630] <... mount resumed>) = 0 [pid 626] <... mount resumed>) = 0 [pid 299] rmdir("./12") = 0 [pid 299] mkdir("./13", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 45.638054][ T626] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 45.661023][ T631] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 631] <... mount resumed>) = 0 [pid 630] chdir("./file0") = 0 [pid 630] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 647 ./strace-static-x86_64: Process 647 attached [pid 630] <... openat resumed>) = 6 [pid 630] ioctl(6, LOOP_CLR_FD) = 0 [pid 631] <... openat resumed>) = 5 [pid 630] close(6) = 0 [pid 631] chdir("./file0") = 0 [pid 630] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 647] set_robust_list(0x555562cb4660, 24 [pid 630] <... openat resumed>) = 6 [pid 631] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 631] ioctl(6, LOOP_CLR_FD) = 0 [pid 631] close(6) = 0 [pid 631] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 647] <... set_robust_list resumed>) = 0 [pid 630] write(6, "#! ./file1\n", 11 [pid 647] chdir("./13" [pid 630] <... write resumed>) = 11 [pid 647] <... chdir resumed>) = 0 [pid 630] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 647] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 630] <... mmap resumed>) = 0x200000000000 [pid 647] <... prctl resumed>) = 0 [pid 631] <... openat resumed>) = 6 [pid 631] write(6, "#! ./file1\n", 11 [pid 647] setpgid(0, 0 [pid 626] chdir("./file0" [pid 298] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 647] <... setpgid resumed>) = 0 [pid 631] <... write resumed>) = 11 [pid 298] newfstatat(AT_FDCWD, "./12/file0", [pid 626] <... chdir resumed>) = 0 [pid 631] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 647] <... openat resumed>) = 3 [pid 631] <... mmap resumed>) = 0x200000000000 [pid 626] <... openat resumed>) = 6 [pid 298] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 647] write(3, "1000", 4 [pid 626] ioctl(6, LOOP_CLR_FD [pid 298] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./12/file0") = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./12") = 0 [pid 298] mkdir("./13", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 648 [pid 647] <... write resumed>) = 4 [pid 626] <... ioctl resumed>) = 0 [pid 647] close(3 [pid 626] close(6 [pid 647] <... close resumed>) = 0 [pid 631] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 647] symlink("/dev/binderfs", "./binderfs" [pid 626] <... close resumed>) = 0 [pid 647] <... symlink resumed>) = 0 [pid 647] write(1, "executing program\n", 18executing program [pid 626] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 647] <... write resumed>) = 18 [pid 647] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 626] <... openat resumed>) = 6 [pid 647] ioctl(3, VHOST_SET_OWNER [pid 631] +++ killed by SIGBUS +++ [pid 626] write(6, "#! ./file1\n", 11./strace-static-x86_64: Process 648 attached [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=631, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 648] set_robust_list(0x555562cb4660, 24 [pid 626] <... write resumed>) = 11 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 626] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 648] <... set_robust_list resumed>) = 0 [pid 626] <... mmap resumed>) = 0x200000000000 [pid 648] chdir("./13") = 0 [pid 648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 648] setpgid(0, 0) = 0 [ 45.782487][ T630] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 45.803443][ T634] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-631: bg 0: block 234: padding at end of block bitmap is not set [pid 648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 648] write(3, "1000", 4) = 4 [pid 648] close(3) = 0 [pid 648] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 648] write(1, "executing program\n", 18) = 18 [pid 648] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 648] ioctl(3, VHOST_SET_OWNER [pid 630] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 647] <... ioctl resumed>, 0) = 0 [pid 647] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 647] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 647] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 647] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 647] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 647] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 647] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 647] memfd_create("syzkaller", 0) = 5 [pid 647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 296] <... restart_syscall resumed>) = 0 [pid 296] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 648] <... ioctl resumed>, 0) = 0 [pid 296] getdents64(3, [pid 648] ioctl(3, VHOST_SET_VRING_ADDR [pid 630] +++ killed by SIGBUS +++ [pid 648] <... ioctl resumed>, 0x200000000300) = 0 [pid 648] ioctl(3, VHOST_SET_MEM_TABLE [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=630, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 296] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./12/binderfs") = 0 [pid 296] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... restart_syscall resumed>) = 0 [pid 648] <... ioctl resumed>, 0x200000003380) = 0 [pid 297] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 648] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 648] ioctl(3, VHOST_SET_VRING_ERR [pid 297] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 648] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 648] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 297] <... openat resumed>) = 3 [pid 648] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 297] newfstatat(3, "", [pid 648] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 648] memfd_create("syzkaller", 0) = 5 [pid 648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 297] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./12/binderfs") = 0 [pid 297] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 45.844192][ T626] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 647] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] <... umount2 resumed>) = 0 [pid 626] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 647] <... write resumed>) = 1048576 [pid 648] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 626] +++ killed by SIGBUS +++ [pid 296] <... close resumed>) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=626, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 296] rmdir("./12/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3 [pid 295] <... restart_syscall resumed>) = 0 [pid 648] <... write resumed>) = 1048576 [pid 647] munmap(0x7fe355b57000, 138412032 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 648] munmap(0x7fe355b57000, 138412032 [pid 647] <... munmap resumed>) = 0 [pid 296] rmdir("./12" [pid 295] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./12/binderfs") = 0 [pid 295] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 647] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... rmdir resumed>) = 0 [pid 647] <... openat resumed>) = 6 [pid 296] mkdir("./13", 0777 [pid 297] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 647] ioctl(6, LOOP_SET_FD, 5 [pid 297] <... openat resumed>) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, [pid 296] <... mkdir resumed>) = 0 [pid 648] <... munmap resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 648] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] rmdir("./12/file0") = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./12") = 0 [pid 297] mkdir("./13", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 647] <... ioctl resumed>) = 0 [pid 648] <... openat resumed>) = 6 [pid 648] ioctl(6, LOOP_SET_FD, 5 [pid 647] close(5 [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 647] <... close resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 647] close(6 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./12/file0") = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./12" [pid 648] <... ioctl resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 648] close(5 [pid 647] <... close resumed>) = 0 [pid 297] close(3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 648] <... close resumed>) = 0 [pid 648] close(6 [pid 647] mkdir("./file0", 0777 [pid 297] <... close resumed>) = 0 [pid 296] close(3 [pid 647] <... mkdir resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 647] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 297] <... clone resumed>, child_tidptr=0x555562cb4650) = 653 [pid 295] <... rmdir resumed>) = 0 [pid 295] mkdir("./13", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 653 attached [pid 653] set_robust_list(0x555562cb4660, 24) = 0 [pid 653] chdir("./13") = 0 [pid 653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 653] setpgid(0, 0) = 0 [pid 653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 653] write(3, "1000", 4) = 4 [pid 653] close(3) = 0 [pid 653] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 653] write(1, "executing program\n", 18) = 18 [pid 653] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 653] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 653] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 653] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 653] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 653] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 653] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 653] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 653] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 653] memfd_create("syzkaller", 0) = 5 [pid 653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 648] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 648] mkdir("./file0", 0777 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 655 [pid 648] <... mkdir resumed>) = 0 [pid 648] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"..../strace-static-x86_64: Process 655 attached [pid 655] set_robust_list(0x555562cb4660, 24) = 0 [pid 655] chdir("./13") = 0 [pid 655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] setpgid(0, 0) = 0 [pid 655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] write(3, "1000", 4) = 4 [pid 655] close(3) = 0 [pid 655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 655] write(1, "executing program\n", 18executing program ) = 18 [pid 655] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 653] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 655] ioctl(3, VHOST_SET_OWNER [pid 653] <... write resumed>) = 1048576 [pid 655] <... ioctl resumed>, 0) = 0 [pid 655] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 655] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 655] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 655] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 655] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 655] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 655] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 655] memfd_create("syzkaller", 0) = 5 [pid 655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 653] munmap(0x7fe355b57000, 138412032) = 0 [pid 653] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 295] <... openat resumed>) = 3 [pid 653] ioctl(6, LOOP_SET_FD, 5 [pid 295] ioctl(3, LOOP_CLR_FD [pid 653] <... ioctl resumed>) = 0 [pid 653] close(5) = 0 [pid 653] close(6 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3 [pid 653] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 653] mkdir("./file0", 0777 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 653] <... mkdir resumed>) = 0 [pid 653] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 295] <... clone resumed>, child_tidptr=0x555562cb4650) = 662 ./strace-static-x86_64: Process 662 attached [pid 662] set_robust_list(0x555562cb4660, 24) = 0 [pid 662] chdir("./13") = 0 [pid 662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 662] setpgid(0, 0) = 0 [pid 662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 662] write(3, "1000", 4) = 4 [pid 662] close(3) = 0 [pid 662] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 662] write(1, "executing program\n", 18) = 18 [pid 662] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [ 46.242267][ T648] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 662] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 662] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 662] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 662] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 662] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 662] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [ 46.303174][ T647] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 662] memfd_create("syzkaller", 0 [pid 655] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 662] <... memfd_create resumed>) = 5 [pid 662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 653] <... mount resumed>) = 0 [pid 653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 653] chdir("./file0") = 0 [pid 653] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 653] ioctl(6, LOOP_CLR_FD) = 0 [pid 653] close(6) = 0 [pid 653] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 46.340026][ T653] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 653] write(6, "#! ./file1\n", 11) = 11 [pid 653] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 655] <... write resumed>) = 1048576 [pid 662] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 655] munmap(0x7fe355b57000, 138412032 [pid 647] <... mount resumed>) = 0 [pid 647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [ 46.419097][ T654] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm vhost-653: bg 0: block 234: padding at end of block bitmap is not set [pid 647] chdir("./file0" [pid 648] <... mount resumed>) = 0 [pid 648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 647] <... chdir resumed>) = 0 [pid 648] <... openat resumed>) = 5 [pid 647] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 648] chdir("./file0") = 0 [pid 647] <... openat resumed>) = 6 [pid 648] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 647] ioctl(6, LOOP_CLR_FD [pid 648] <... openat resumed>) = 6 [pid 647] <... ioctl resumed>) = 0 [pid 648] ioctl(6, LOOP_CLR_FD [pid 647] close(6 [pid 648] <... ioctl resumed>) = 0 [pid 648] close(6 [pid 647] <... close resumed>) = 0 [pid 648] <... close resumed>) = 0 [pid 647] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 648] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 647] <... openat resumed>) = 6 [pid 648] <... openat resumed>) = 6 [pid 647] write(6, "#! ./file1\n", 11 [pid 648] write(6, "#! ./file1\n", 11 [pid 655] <... munmap resumed>) = 0 [pid 648] <... write resumed>) = 11 [pid 647] <... write resumed>) = 11 [pid 648] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 647] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 648] <... mmap resumed>) = 0x200000000000 [pid 647] <... mmap resumed>) = 0x200000000000 [pid 655] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 655] ioctl(6, LOOP_SET_FD, 5 [pid 653] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 662] <... write resumed>) = 1048576 [pid 655] <... ioctl resumed>) = 0 [pid 647] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 655] close(5) = 0 [pid 655] close(6) = 0 [pid 655] mkdir("./file0", 0777) = 0 [pid 655] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 662] munmap(0x7fe355b57000, 138412032 [pid 647] +++ killed by SIGBUS +++ [pid 662] <... munmap resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=647, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_SET_FD, 5 [pid 299] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./13/binderfs") = 0 [ 46.505920][ T648] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 46.522715][ T647] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 299] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 653] +++ killed by SIGBUS +++ [pid 648] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=653, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=2} --- [pid 297] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./13/binderfs") = 0 [pid 297] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 662] <... ioctl resumed>) = 0 [pid 662] close(5) = 0 [pid 662] close(6 [pid 648] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=648, si_uid=0, si_status=SIGBUS, si_utime=2, si_stime=3} --- [pid 298] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./13/binderfs") = 0 [pid 298] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./13/file0") = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./13") = 0 [pid 297] mkdir("./14", 0777) = 0 [ 46.626250][ T655] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 655] <... mount resumed>) = 0 [pid 655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 655] chdir("./file0") = 0 [pid 655] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] <... umount2 resumed>) = 0 [pid 662] <... close resumed>) = 0 [pid 655] <... openat resumed>) = 6 [pid 297] <... openat resumed>) = 3 [pid 662] mkdir("./file0", 0777 [pid 655] ioctl(6, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 662] <... mkdir resumed>) = 0 [pid 662] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 299] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./13/file0" [pid 655] <... ioctl resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 655] close(6 [pid 297] close(3 [pid 655] <... close resumed>) = 0 [pid 655] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 655] write(6, "#! ./file1\n", 11) = 11 [pid 655] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 298] <... umount2 resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 671 [pid 299] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./13") = 0 [pid 299] mkdir("./14", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] newfstatat(AT_FDCWD, "./13/file0", [pid 299] close(3) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] <... clone resumed>, child_tidptr=0x555562cb4650) = 673 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./13/file0") = 0 ./strace-static-x86_64: Process 671 attached [pid 671] set_robust_list(0x555562cb4660, 24) = 0 [pid 671] chdir("./14") = 0 ./strace-static-x86_64: Process 673 attached [pid 671] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 673] set_robust_list(0x555562cb4660, 24) = 0 [pid 671] <... prctl resumed>) = 0 [pid 671] setpgid(0, 0 [pid 673] chdir("./14" [pid 298] getdents64(3, [pid 673] <... chdir resumed>) = 0 [pid 671] <... setpgid resumed>) = 0 [pid 298] <... getdents64 resumed>0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] close(3 [pid 673] setpgid(0, 0) = 0 [pid 671] <... openat resumed>) = 3 [pid 298] <... close resumed>) = 0 [pid 673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 671] write(3, "1000", 4 [pid 298] rmdir("./13" [pid 673] write(3, "1000", 4) = 4 [pid 673] close(3) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 671] <... write resumed>) = 4 [pid 655] <... mmap resumed>) = 0x200000000000 [pid 298] mkdir("./14", 0777executing program [pid 673] write(1, "executing program\n", 18 [pid 671] close(3 [pid 298] <... mkdir resumed>) = 0 [pid 673] <... write resumed>) = 18 [pid 671] <... close resumed>) = 0 [pid 671] symlink("/dev/binderfs", "./binderfs" [pid 673] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 671] <... symlink resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 673] ioctl(3, VHOST_SET_OWNER [pid 671] write(1, "executing program\n", 18 [pid 298] <... openat resumed>) = 3 [pid 671] <... write resumed>) = 18 [pid 298] ioctl(3, LOOP_CLR_FD [pid 671] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 671] <... openat resumed>) = 3 [pid 298] close(3 [pid 671] ioctl(3, VHOST_SET_OWNER [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555562cb4650) = 677 ./strace-static-x86_64: Process 677 attached [pid 677] set_robust_list(0x555562cb4660, 24) = 0 [pid 677] chdir("./14" [pid 673] <... ioctl resumed>, 0) = 0 [pid 677] <... chdir resumed>) = 0 [pid 673] ioctl(3, VHOST_SET_VRING_ADDR [pid 677] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 673] <... ioctl resumed>, 0x200000000300) = 0 [pid 677] <... prctl resumed>) = 0 [pid 677] setpgid(0, 0 [pid 673] ioctl(3, VHOST_SET_MEM_TABLE [pid 677] <... setpgid resumed>) = 0 [pid 677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 677] write(3, "1000", 4) = 4 [pid 677] close(3) = 0 [pid 677] symlink("/dev/binderfs", "./binderfs" [pid 671] <... ioctl resumed>, 0) = 0 [pid 671] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 671] ioctl(3, VHOST_SET_MEM_TABLE [pid 673] <... ioctl resumed>, 0x200000003380) = 0 [ 46.869431][ T662] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 46.895780][ T656] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm vhost-655: bg 0: block 234: padding at end of block bitmap is not set [pid 673] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 677] <... symlink resumed>) = 0 [pid 673] ioctl(3, VHOST_SET_VRING_ERR [pid 677] write(1, "executing program\n", 18 [pid 673] <... ioctl resumed>, 0x2000000001c0) = 0 executing program [pid 677] <... write resumed>) = 18 [pid 673] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 673] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 673] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 677] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 673] memfd_create("syzkaller", 0 [pid 677] <... openat resumed>) = 3 [pid 673] <... memfd_create resumed>) = 5 [pid 677] ioctl(3, VHOST_SET_OWNER [pid 673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 671] <... ioctl resumed>, 0x200000003380) = 0 [pid 671] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 671] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 671] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 671] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 671] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 671] memfd_create("syzkaller", 0) = 5 [pid 671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 671] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 673] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 677] <... ioctl resumed>, 0) = 0 [pid 677] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 677] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 677] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 677] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 677] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 677] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 677] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 677] memfd_create("syzkaller", 0) = 5 [pid 677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [pid 655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 662] <... mount resumed>) = 0 [pid 662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 655] +++ killed by SIGBUS +++ [pid 662] chdir("./file0" [pid 677] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 662] <... chdir resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=655, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 662] <... openat resumed>) = 6 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 662] ioctl(6, LOOP_CLR_FD [pid 296] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 662] <... ioctl resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 662] close(6 [pid 296] newfstatat(3, "", [pid 671] <... write resumed>) = 1048576 [pid 662] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 671] munmap(0x7fe355b57000, 138412032 [pid 662] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 296] getdents64(3, [pid 662] <... openat resumed>) = 6 [pid 296] <... getdents64 resumed>0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 671] <... munmap resumed>) = 0 [pid 662] write(6, "#! ./file1\n", 11 [pid 296] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 671] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 662] <... write resumed>) = 11 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 671] <... openat resumed>) = 6 [pid 662] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 296] newfstatat(AT_FDCWD, "./13/binderfs", [pid 671] ioctl(6, LOOP_SET_FD, 5 [pid 662] <... mmap resumed>) = 0x200000000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./13/binderfs" [pid 662] setsockopt(-1, SOL_SOCKET, SO_REUSEADDR, [127], 4 [pid 296] <... unlink resumed>) = 0 [pid 296] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 662] <... setsockopt resumed>) = -1 EBADF (Bad file descriptor) [pid 662] exit_group(0) = ? [pid 677] <... write resumed>) = 1048576 [pid 677] munmap(0x7fe355b57000, 138412032 [pid 671] <... ioctl resumed>) = 0 [pid 671] close(5) = 0 [pid 671] close(6 [pid 677] <... munmap resumed>) = 0 [pid 677] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 662] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=662, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 673] <... write resumed>) = 1048576 [pid 295] <... restart_syscall resumed>) = 0 [pid 295] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./13/binderfs") = 0 [ 47.082803][ T665] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-662: bg 0: block 234: padding at end of block bitmap is not set [pid 295] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 673] munmap(0x7fe355b57000, 138412032) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 673] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... getdents64 resumed>0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./13/file0") = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./13") = 0 [pid 296] mkdir("./14", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 677] <... openat resumed>) = 6 [pid 671] <... close resumed>) = 0 [pid 677] ioctl(6, LOOP_SET_FD, 5 [pid 671] mkdir("./file0", 0777) = 0 [ 47.139161][ T330] ------------[ cut here ]------------ [ 47.160693][ T330] kernel BUG at fs/ext4/inode.c:2777! [ 47.212282][ T330] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 47.219432][ T330] CPU: 0 PID: 330 Comm: kworker/u4:4 Not tainted 5.10.234-syzkaller-00157-ge0b88ee5f09c #0 [ 47.231309][ T330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 47.245483][ T330] Workqueue: writeback wb_workfn (flush-7:0) [ 47.252884][ T330] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [ 47.261455][ T330] Code: 28 8c ff 31 ff 89 de e8 7f 28 8c ff 45 84 f6 75 27 e8 e5 25 8c ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 d1 25 8c ff <0f> 0b e8 ca 25 8c ff e8 71 e2 21 ff eb 9b e8 be 25 8c ff e8 65 e2 [ 47.283806][ T330] RSP: 0018:ffffc90000d170a0 EFLAGS: 00010293 [ 47.289916][ T330] RAX: ffffffff81de999f RBX: 0000008000000000 RCX: ffff88810d7ccf00 [ 47.298120][ T330] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 47.306115][ T330] RBP: ffffc90000d17490 R08: ffffffff81de6413 R09: ffffed10242a02ff [ 47.315662][ T330] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 47.323724][ T330] R13: ffffc90000d177d0 R14: 0000008410000000 R15: ffffc90000d17360 [ 47.332085][ T330] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 47.340922][ T330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.347337][ T330] CR2: 0000000000000002 CR3: 000000011a79f000 CR4: 00000000003506b0 [ 47.355539][ T330] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 671] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 677] <... ioctl resumed>) = 0 [pid 673] <... openat resumed>) = 6 [pid 296] <... openat resumed>) = 3 [pid 677] close(5 [pid 673] ioctl(6, LOOP_SET_FD, 5 [pid 296] ioctl(3, LOOP_CLR_FD [pid 677] <... close resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 677] close(6 [pid 296] close(3 [pid 677] <... close resumed>) = 0 [pid 673] <... ioctl resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 677] mkdir("./file0", 0777 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 677] <... mkdir resumed>) = 0 [pid 673] close(5) = 0 [pid 677] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 673] close(6) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555562cb4650) = 682 [pid 673] mkdir("./file0", 0777) = 0 [ 47.363729][ T330] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.372076][ T330] Call Trace: [ 47.375269][ T330] ? __die_body+0x62/0xb0 [ 47.379436][ T330] ? die+0x88/0xb0 [ 47.383484][ T330] ? do_trap+0x1a4/0x310 [ 47.387688][ T330] ? ext4_writepages+0x3bdf/0x3c00 [ 47.393763][ T330] ? handle_invalid_op+0x95/0xc0 [ 47.398824][ T330] ? ext4_writepages+0x3bdf/0x3c00 [ 47.403918][ T330] ? exc_invalid_op+0x32/0x50 [ 47.408517][ T330] ? asm_exc_invalid_op+0x12/0x20 [pid 673] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"..../strace-static-x86_64: Process 682 attached [pid 682] set_robust_list(0x555562cb4660, 24) = 0 [pid 682] chdir("./14") = 0 [pid 682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 682] setpgid(0, 0) = 0 [pid 682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 682] write(3, "1000", 4) = 4 [pid 682] close(3) = 0 [pid 682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 682] write(1, "executing program\n", 18executing program ) = 18 [pid 682] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 682] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 682] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 682] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 682] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 682] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 682] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 682] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 682] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 682] memfd_create("syzkaller", 0) = 5 [pid 682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe355b57000 [ 47.413570][ T330] ? ext4_writepages+0x653/0x3c00 [ 47.418637][ T330] ? ext4_writepages+0x3bdf/0x3c00 [ 47.423671][ T330] ? ext4_writepages+0x3bdf/0x3c00 [ 47.429081][ T330] ? __kasan_check_write+0x14/0x20 [ 47.434491][ T330] ? _raw_spin_lock+0xa4/0x1b0 [ 47.440562][ T330] ? _raw_spin_trylock_bh+0x190/0x190 [ 47.447800][ T330] ? pagecache_get_page+0x86c/0x950 [ 47.455696][ T330] ? __kasan_check_write+0x14/0x20 [ 47.462091][ T330] ? __find_get_block+0xfbe/0x1320 [ 47.468324][ T330] ? write_boundary_block+0x150/0x150 [ 47.474207][ T330] ? ext4_readpage+0x230/0x230 [ 47.479358][ T330] ? __getblk_gfp+0x3d/0x7e0 [ 47.483874][ T330] ? memset+0x35/0x40 [ 47.488130][ T330] ? ext4_get_group_desc+0x260/0x2b0 [ 47.494121][ T330] ? __ext4_get_inode_loc+0x5af/0xbf0 [ 47.499344][ T330] ? ext4_readpage+0x230/0x230 [ 47.505248][ T330] do_writepages+0x12e/0x270 [pid 682] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 47.510524][ T330] ? __writepage+0x130/0x130 [ 47.515241][ T330] ? __kasan_check_write+0x14/0x20 [ 47.521046][ T330] ? _raw_spin_lock+0xa4/0x1b0 [ 47.525779][ T330] __writeback_single_inode+0xd7/0xac0 [ 47.531598][ T330] writeback_sb_inodes+0x99c/0x16b0 [ 47.538486][ T330] ? _raw_spin_lock+0xa4/0x1b0 [ 47.543276][ T330] ? queue_io+0x520/0x520 [ 47.548627][ T330] ? writeback_sb_inodes+0x16b0/0x16b0 [ 47.555374][ T330] ? queue_io+0x3d3/0x520 [pid 682] munmap(0x7fe355b57000, 138412032) = 0 [pid 682] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [ 47.559857][ T330] wb_writeback+0x404/0xc60 [ 47.565099][ T330] ? wb_io_lists_depopulated+0x180/0x180 [ 47.570531][ T330] ? set_worker_desc+0x158/0x1c0 [ 47.575402][ T330] ? update_load_avg+0x541/0x1690 [ 47.580344][ T330] ? __kasan_check_write+0x14/0x20 [ 47.585741][ T330] wb_workfn+0x3d9/0x1110 [ 47.590374][ T330] ? inode_wait_for_writeback+0x280/0x280 [ 47.595898][ T330] ? _raw_spin_unlock_irq+0x4e/0x70 [ 47.601115][ T330] ? finish_task_switch+0x130/0x5a0 [ 47.606218][ T330] ? switch_mm_irqs_off+0x33c/0x9a0 [ 47.611419][ T330] ? __switch_to_asm+0x34/0x60 [ 47.616331][ T330] ? __kasan_check_read+0x11/0x20 [ 47.622056][ T330] ? read_word_at_a_time+0x12/0x20 [ 47.627197][ T330] ? strscpy+0x9c/0x260 [ 47.631538][ T330] process_one_work+0x6dc/0xbd0 [ 47.636563][ T330] worker_thread+0xaea/0x1510 [ 47.641720][ T330] ? _raw_spin_lock+0x1b0/0x1b0 [ 47.647974][ T330] ? __kasan_check_read+0x11/0x20 [ 47.655076][ T330] kthread+0x34b/0x3d0 [pid 682] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 682] close(5) = 0 [pid 682] close(6) = 0 [pid 682] mkdir("./file0", 0777) = 0 [ 47.660511][ T330] ? worker_clr_flags+0x180/0x180 [ 47.668020][ T330] ? kthread_blkcg+0xd0/0xd0 [ 47.673251][ T330] ret_from_fork+0x1f/0x30 [ 47.681082][ T330] Modules linked in: [ 47.735264][ T682] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 682] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,"... [pid 671] <... mount resumed>) = 0 [pid 671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 671] chdir("./file0") = 0 [ 47.735679][ T671] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 47.788429][ T677] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 671] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 671] ioctl(6, LOOP_CLR_FD) = 0 [pid 671] close(6) = 0 [pid 671] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 677] <... mount resumed>) = 0 [pid 677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 677] chdir("./file0") = 0 [pid 677] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 677] ioctl(6, LOOP_CLR_FD) = 0 [pid 677] close(6) = 0 [pid 677] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 671] <... openat resumed>) = 6 [pid 677] <... openat resumed>) = 6 [pid 671] write(6, "#! ./file1\n", 11 [pid 677] write(6, "#! ./file1\n", 11 [pid 671] <... write resumed>) = 11 [pid 677] <... write resumed>) = 11 [ 47.831740][ T673] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 677] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 671] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 677] <... mmap resumed>) = 0x200000000000 [pid 671] <... mmap resumed>) = 0x200000000000 [pid 682] <... mount resumed>) = 0 [pid 682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 682] chdir("./file0") = 0 [pid 682] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 682] ioctl(6, LOOP_CLR_FD) = 0 [pid 682] close(6) = 0 [ 47.870040][ T671] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 47.908230][ T677] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 682] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 682] write(6, "#! ./file1\n", 11) = 11 [pid 682] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 682] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 673] <... mount resumed>) = 0 [pid 673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 673] chdir("./file0") = 0 [pid 673] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 673] ioctl(6, LOOP_CLR_FD) = 0 [pid 673] close(6) = 0 [pid 673] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 673] write(6, "#! ./file1\n", 11) = 11 [pid 673] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 47.944181][ T682] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [pid 677] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 682] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=682, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 673] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 296] <... restart_syscall resumed>) = 0 [pid 296] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./14/binderfs") = 0 [ 47.986512][ T673] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor115: bg 0: block 234: padding at end of block bitmap is not set [ 48.007486][ T330] ---[ end trace 0f5fb57f4a657c29 ]--- [ 48.014065][ T330] RIP: 0010:ext4_writepages+0x3bdf/0x3c00 [pid 296] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 671] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000000040} --- [pid 677] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=677, si_uid=0, si_status=SIGBUS, si_utime=2, si_stime=5} --- [pid 298] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./14/binderfs") = 0 [pid 298] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 671] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=671, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 673] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=673, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [ 48.024702][ T330] Code: 28 8c ff 31 ff 89 de e8 7f 28 8c ff 45 84 f6 75 27 e8 e5 25 8c ff 49 be 00 00 00 00 00 fc ff df e9 0e f7 ff ff e8 d1 25 8c ff <0f> 0b e8 ca 25 8c ff e8 71 e2 21 ff eb 9b e8 be 25 8c ff e8 65 e2 [ 48.062817][ T330] RSP: 0018:ffffc90000d170a0 EFLAGS: 00010293 [ 48.069956][ T330] RAX: ffffffff81de999f RBX: 0000008000000000 RCX: ffff88810d7ccf00 [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./14/binderfs") = 0 [pid 299] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555562cb56f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./14/binderfs") = 0 [ 48.079775][ T330] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 48.089562][ T330] RBP: ffffc90000d17490 R08: ffffffff81de6413 R09: ffffed10242a02ff [ 48.098956][ T330] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 48.108645][ T330] R13: ffffc90000d177d0 R14: 0000008410000000 R15: ffffc90000d17360 [ 48.118891][ T330] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [pid 297] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555562cbd730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555562cbd730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./14/file0") = 0 [pid 298] getdents64(3, 0x555562cb56f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./14") = 0 [ 48.136018][ T330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.146950][ T330] CR2: 0000200000000500 CR3: 000000010d216000 CR4: 00000000003506b0 [ 48.160240][ T330] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 298] mkdir("./15", 0777) = 0 [ 48.174107][ T330] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.191250][ T330] Kernel panic - not syncing: Fatal exception [ 48.197721][ T330] Kernel Offset: disabled [ 48.202842][ T330] Rebooting in 86400 seconds..