./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2476079321 <...> Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts. execve("./syz-executor2476079321", ["./syz-executor2476079321"], 0x7ffe0f7d30a0 /* 10 vars */) = 0 brk(NULL) = 0x555582525000 brk(0x555582525d00) = 0x555582525d00 arch_prctl(ARCH_SET_FS, 0x555582525380) = 0 set_tid_address(0x555582525650) = 282 set_robust_list(0x555582525660, 24) = 0 rseq(0x555582525ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2476079321", 4096) = 28 getrandom("\xd2\x65\x88\xc8\xe8\x95\x53\x5f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555582525d00 brk(0x555582546d00) = 0x555582546d00 brk(0x555582547000) = 0x555582547000 mprotect(0x7f5c27238000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555582525650) = 283 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 283 attached ./strace-static-x86_64: Process 284 attached , child_tidptr=0x555582525650) = 284 [pid 283] set_robust_list(0x555582525660, 24 [pid 282] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] <... set_robust_list resumed>) = 0 [pid 283] getrandom( [pid 282] <... clone resumed>, child_tidptr=0x555582525650) = 285 [pid 283] <... getrandom resumed>"\xc6\xc3\x03\x21\x09\xe3\xd7\x67", 8, GRND_NONBLOCK) = 8 [pid 282] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] mkdir("./syzkaller.WPCRV3", 0700 [pid 282] <... clone resumed>, child_tidptr=0x555582525650) = 286 [pid 282] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555582525650) = 287 [pid 283] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 285 attached [pid 285] set_robust_list(0x555582525660, 24) = 0 [pid 285] mkdir("./syzkaller.viUSq5", 0700 [pid 283] chmod("./syzkaller.WPCRV3", 0777) = 0 [pid 283] chdir("./syzkaller.WPCRV3"./strace-static-x86_64: Process 286 attached ) = 0 [pid 286] set_robust_list(0x555582525660, 24 [pid 283] mkdir("./0", 0777 [pid 285] <... mkdir resumed>) = 0 [pid 286] <... set_robust_list resumed>) = 0 [pid 283] <... mkdir resumed>) = 0 [pid 285] chmod("./syzkaller.viUSq5", 0777) = 0 [pid 285] chdir("./syzkaller.viUSq5" [pid 286] mkdir("./syzkaller.xop0dY", 0700 [pid 285] <... chdir resumed>) = 0 [pid 286] <... mkdir resumed>) = 0 [pid 285] mkdir("./0", 0777executing program [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 285] <... mkdir resumed>) = 0 [pid 286] chmod("./syzkaller.xop0dY", 0777) = 0 [pid 286] chdir("./syzkaller.xop0dY") = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 283] <... openat resumed>) = 3 [pid 285] <... openat resumed>) = 3 [pid 286] mkdir("./0", 0777 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] <... mkdir resumed>) = 0 [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] <... clone resumed>, child_tidptr=0x555582525650) = 288 [pid 286] <... clone resumed>, child_tidptr=0x555582525650) = 289 ./strace-static-x86_64: Process 288 attached [pid 288] set_robust_list(0x555582525660, 24) = 0 [pid 288] chdir("./0") = 0 [pid 288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 288] setpgid(0, 0) = 0 [pid 288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 288] write(3, "1000", 4) = 4 [pid 288] close(3) = 0 [pid 288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 288] write(1, "executing program\n", 18) = 18 [pid 288] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 288] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 288] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 288] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 288] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 288] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 288] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 288] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 288] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 288] memfd_create("syzkaller", 0) = 5 [pid 288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c1ed85000 [pid 288] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 289 attached ./strace-static-x86_64: Process 287 attached [pid 284] set_robust_list(0x555582525660, 24 [pid 283] ioctl(3, LOOP_CLR_FD [pid 288] <... write resumed>) = 1048576 [pid 288] munmap(0x7f5c1ed85000, 138412032) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 288] ioctl(6, LOOP_SET_FD, 5 [pid 289] set_robust_list(0x555582525660, 24 [pid 287] set_robust_list(0x555582525660, 24 [pid 284] <... set_robust_list resumed>) = 0 [pid 289] <... set_robust_list resumed>) = 0 [pid 287] <... set_robust_list resumed>) = 0 [pid 284] mkdir("./syzkaller.DpocBd", 0700 [pid 287] mkdir("./syzkaller.bbm5y3", 0700 [pid 289] chdir("./0") = 0 [pid 284] <... mkdir resumed>) = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] <... mkdir resumed>) = 0 [pid 289] <... prctl resumed>) = 0 [pid 289] setpgid(0, 0 [pid 287] chmod("./syzkaller.bbm5y3", 0777 [pid 284] chmod("./syzkaller.DpocBd", 0777 [pid 289] <... setpgid resumed>) = 0 [pid 287] <... chmod resumed>) = 0 [pid 284] <... chmod resumed>) = 0 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 287] chdir("./syzkaller.bbm5y3" [pid 284] chdir("./syzkaller.DpocBd" [pid 289] <... openat resumed>) = 3 [pid 288] <... ioctl resumed>) = 0 [pid 287] <... chdir resumed>) = 0 [pid 284] <... chdir resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 289] write(3, "1000", 4 [pid 283] close(3 [pid 289] <... write resumed>) = 4 [pid 288] close(5 [pid 287] mkdir("./0", 0777 [pid 284] mkdir("./0", 0777 [pid 283] <... close resumed>) = 0 [ 25.066093][ T24] audit: type=1400 audit(1748941836.490:64): avc: denied { execmem } for pid=282 comm="syz-executor247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 25.090674][ T24] audit: type=1400 audit(1748941836.510:65): avc: denied { read write } for pid=283 comm="syz-executor247" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 289] close(3 [pid 288] <... close resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 284] <... mkdir resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 289] <... close resumed>) = 0 [pid 288] close(6 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 289] symlink("/dev/binderfs", "./binderfs" [pid 288] <... close resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 284] <... openat resumed>) = 3 [pid 289] <... symlink resumed>) = 0 [pid 288] mkdir("./file0", 0777 [pid 287] ioctl(3, LOOP_CLR_FD [pid 284] ioctl(3, LOOP_CLR_FD [pid 283] <... clone resumed>, child_tidptr=0x555582525650) = 294 [pid 289] write(1, "executing program\n", 18executing program [pid 288] <... mkdir resumed>) = 0 [pid 289] <... write resumed>) = 18 ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x555582525660, 24) = 0 [pid 294] chdir("./0" [pid 289] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 288] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 294] <... chdir resumed>) = 0 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 294] setpgid(0, 0 [pid 289] <... openat resumed>) = 3 [pid 287] close(3 [pid 284] close(3 [pid 294] <... setpgid resumed>) = 0 [pid 289] ioctl(3, VHOST_SET_OWNER [pid 287] <... close resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... openat resumed>) = 3 [pid 294] write(3, "1000", 4) = 4 [pid 294] close(3) = 0 executing program [pid 294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 294] write(1, "executing program\n", 18) = 18 [pid 294] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 284] <... clone resumed>, child_tidptr=0x555582525650) = 296 [pid 287] <... clone resumed>, child_tidptr=0x555582525650) = 297 [pid 294] <... openat resumed>) = 3 [pid 294] ioctl(3, VHOST_SET_OWNER./strace-static-x86_64: Process 297 attached ./strace-static-x86_64: Process 296 attached , 0) = 0 [pid 289] <... ioctl resumed>, 0) = 0 [pid 297] set_robust_list(0x555582525660, 24 [pid 296] set_robust_list(0x555582525660, 24 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR [pid 289] ioctl(3, VHOST_SET_VRING_ADDR [pid 297] <... set_robust_list resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 294] <... ioctl resumed>, 0x200000000300) = 0 [pid 289] <... ioctl resumed>, 0x200000000300) = 0 [pid 297] chdir("./0" [pid 296] chdir("./0" [pid 294] ioctl(3, VHOST_SET_MEM_TABLE [pid 289] ioctl(3, VHOST_SET_MEM_TABLE [pid 297] <... chdir resumed>) = 0 [pid 296] <... chdir resumed>) = 0 [pid 294] <... ioctl resumed>, 0x200000003380) = 0 [pid 289] <... ioctl resumed>, 0x200000003380) = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] eventfd2(4294967295, EFD_SEMAPHORE [pid 289] eventfd2(4294967295, EFD_SEMAPHORE [pid 297] <... prctl resumed>) = 0 [pid 296] <... prctl resumed>) = 0 [pid 294] <... eventfd2 resumed>) = 4 [pid 289] <... eventfd2 resumed>) = 4 [pid 297] setpgid(0, 0 [pid 296] setpgid(0, 0 [pid 294] ioctl(3, VHOST_SET_VRING_ERR [pid 289] ioctl(3, VHOST_SET_VRING_ERR [pid 297] <... setpgid resumed>) = 0 [pid 296] <... setpgid resumed>) = 0 [pid 294] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 289] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 294] ioctl(3, VHOST_SET_VRING_ADDR [pid 289] ioctl(3, VHOST_SET_VRING_ADDR [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 294] <... ioctl resumed>, 0x200000000240) = 0 [pid 289] <... ioctl resumed>, 0x200000000240) = 0 [pid 297] write(3, "1000", 4 [pid 296] write(3, "1000", 4 [pid 294] ioctl(3, VHOST_SET_VRING_KICK [pid 289] ioctl(3, VHOST_SET_VRING_KICK [pid 297] <... write resumed>) = 4 [pid 296] <... write resumed>) = 4 [pid 294] <... ioctl resumed>, 0x200000000000) = 0 [pid 289] <... ioctl resumed>, 0x200000000000) = 0 [pid 297] close(3 [pid 296] close(3 [pid 294] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 289] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 294] <... ioctl resumed>, 0x200000000140) = 0 [pid 289] <... ioctl resumed>, 0x200000000140) = 0 [pid 294] memfd_create("syzkaller", 0 [pid 289] memfd_create("syzkaller", 0 [pid 294] <... memfd_create resumed>) = 5 [pid 289] <... memfd_create resumed>) = 5 [pid 297] symlink("/dev/binderfs", "./binderfs" [pid 296] symlink("/dev/binderfs", "./binderfs" [pid 294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] <... symlink resumed>) = 0 [pid 296] <... symlink resumed>) = 0 [ 25.115372][ T24] audit: type=1400 audit(1748941836.510:66): avc: denied { open } for pid=283 comm="syz-executor247" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 294] <... mmap resumed>) = 0x7f5c1ed85000 [pid 289] <... mmap resumed>) = 0x7f5c1ed85000 executing program executing program [pid 297] write(1, "executing program\n", 18 [pid 296] write(1, "executing program\n", 18 [pid 294] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] <... write resumed>) = 18 [pid 296] <... write resumed>) = 18 [pid 297] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 297] ioctl(3, VHOST_SET_OWNER [pid 296] ioctl(3, VHOST_SET_OWNER [pid 289] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 297] <... ioctl resumed>, 0) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 297] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 297] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 297] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 297] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 297] memfd_create("syzkaller", 0) = 5 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c1ed85000 [ 25.155230][ T24] audit: type=1400 audit(1748941836.510:67): avc: denied { ioctl } for pid=285 comm="syz-executor247" path="/dev/loop2" dev="devtmpfs" ino=117 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.181299][ T24] audit: type=1400 audit(1748941836.520:68): avc: denied { read write } for pid=288 comm="syz-executor247" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [pid 297] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 294] <... write resumed>) = 1048576 [pid 296] <... ioctl resumed>, 0) = 0 [pid 296] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 296] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 296] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 296] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 296] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 296] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 296] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 296] memfd_create("syzkaller", 0) = 5 [pid 296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c1ed85000 [pid 296] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 289] munmap(0x7f5c1ed85000, 138412032) = 0 [pid 294] munmap(0x7f5c1ed85000, 138412032) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... openat resumed>) = 6 [pid 294] <... openat resumed>) = 6 [pid 294] ioctl(6, LOOP_SET_FD, 5 [ 25.206001][ T24] audit: type=1400 audit(1748941836.520:69): avc: denied { open } for pid=288 comm="syz-executor247" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 25.230639][ T24] audit: type=1400 audit(1748941836.520:70): avc: denied { ioctl } for pid=288 comm="syz-executor247" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [pid 289] ioctl(6, LOOP_SET_FD, 5 [pid 297] munmap(0x7f5c1ed85000, 138412032 [pid 296] munmap(0x7f5c1ed85000, 138412032 [pid 297] <... munmap resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... munmap resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 294] <... ioctl resumed>) = 0 [pid 294] close(5) = 0 [pid 294] close(6 [pid 297] <... openat resumed>) = 6 [pid 289] <... ioctl resumed>) = 0 [pid 297] ioctl(6, LOOP_SET_FD, 5 [pid 296] <... openat resumed>) = 6 [pid 294] <... close resumed>) = 0 [pid 296] ioctl(6, LOOP_SET_FD, 5 [pid 294] mkdir("./file0", 0777 [pid 289] close(5 [pid 294] <... mkdir resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 294] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 289] close(6 [pid 297] <... ioctl resumed>) = 0 [pid 297] close(5 [pid 296] <... ioctl resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] close(5 [pid 297] close(6 [pid 296] <... close resumed>) = 0 [ 25.256908][ T24] audit: type=1400 audit(1748941836.570:71): avc: denied { mounton } for pid=288 comm="syz-executor247" path="/root/syzkaller.viUSq5/0/file0" dev="sda1" ino=2036 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.282673][ T288] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 296] close(6 [pid 288] <... mount resumed>) = 0 [pid 288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 288] chdir("./file0") = 0 [pid 288] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 289] <... close resumed>) = 0 [pid 289] mkdir("./file0", 0777) = 0 [pid 289] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 297] <... close resumed>) = 0 [pid 297] mkdir("./file0", 0777) = 0 [ 25.384534][ T24] audit: type=1400 audit(1748941836.810:72): avc: denied { mount } for pid=288 comm="syz-executor247" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 297] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 296] <... close resumed>) = 0 [pid 288] <... openat resumed>) = 6 [pid 296] mkdir("./file0", 0777 [pid 288] ioctl(6, LOOP_CLR_FD [pid 296] <... mkdir resumed>) = 0 [pid 288] <... ioctl resumed>) = 0 [pid 288] close(6 [pid 296] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 288] <... close resumed>) = 0 [pid 288] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 288] write(6, "#! ./file1\n", 11) = 11 [pid 288] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 25.444780][ T294] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 25.517535][ T288] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor247: bg 0: block 234: padding at end of block bitmap is not set [ 25.555237][ T296] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 25.576684][ T297] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 25.598130][ T289] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 294] <... mount resumed>) = 0 [pid 294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 294] chdir("./file0") = 0 [pid 294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 294] ioctl(6, LOOP_CLR_FD) = 0 [pid 294] close(6) = 0 [pid 294] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 294] write(6, "#! ./file1\n", 11) = 11 [pid 294] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 288] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [ 25.640094][ T24] audit: type=1400 audit(1748941836.940:73): avc: denied { write } for pid=288 comm="syz-executor247" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 288] +++ killed by SIGBUS +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=288, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 296] <... mount resumed>) = 0 [pid 296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 296] chdir("./file0") = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 296] ioctl(6, LOOP_CLR_FD) = 0 [pid 296] close(6) = 0 [pid 285] <... restart_syscall resumed>) = 0 [pid 296] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 285] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", [pid 296] <... openat resumed>) = 6 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 285] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] write(6, "#! ./file1\n", 11) = 11 [pid 296] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 297] <... mount resumed>) = 0 [pid 297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 289] <... mount resumed>) = 0 [pid 297] <... openat resumed>) = 5 [ 25.702402][ T294] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor247: bg 0: block 234: padding at end of block bitmap is not set [pid 289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] chdir("./file0" [pid 296] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 289] <... openat resumed>) = 5 [pid 297] <... chdir resumed>) = 0 [pid 289] chdir("./file0" [pid 294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 297] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 289] <... chdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] +++ killed by SIGBUS +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=296, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 284] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 6 [pid 289] <... openat resumed>) = 6 [pid 297] ioctl(6, LOOP_CLR_FD [pid 289] ioctl(6, LOOP_CLR_FD [pid 297] <... ioctl resumed>) = 0 [pid 289] <... ioctl resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 297] close(6 [pid 289] close(6 [pid 297] <... close resumed>) = 0 [pid 289] <... close resumed>) = 0 [pid 285] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 289] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 297] <... openat resumed>) = 6 [pid 289] <... openat resumed>) = 6 [pid 297] write(6, "#! ./file1\n", 11 [pid 289] write(6, "#! ./file1\n", 11 [pid 297] <... write resumed>) = 11 [pid 289] <... write resumed>) = 11 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 25.748306][ T296] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor247: bg 0: block 234: padding at end of block bitmap is not set [pid 297] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 289] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 297] <... mmap resumed>) = 0x200000000000 [pid 289] <... mmap resumed>) = 0x200000000000 [pid 285] newfstatat(AT_FDCWD, "./0/file0", [pid 297] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 25.784738][ T298] EXT4-fs error (device loop0): ext4_map_blocks:740: inode #18: block 62218: comm vhost-294: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 297] +++ killed by SIGBUS +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=297, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 287] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 287] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55558252e730 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55558252e730 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./0/file0") = 0 [pid 285] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 285] unlink("./0/binderfs") = 0 [pid 285] getdents64(3, [pid 284] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 285] <... getdents64 resumed>0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 284] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] close(3 [pid 294] +++ killed by SIGBUS +++ [pid 289] +++ killed by SIGBUS +++ [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... close resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=294, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 287] newfstatat(AT_FDCWD, "./0/file0", [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=289, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 285] rmdir("./0" [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] newfstatat(AT_FDCWD, "./0/file0", [pid 286] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... rmdir resumed>) = 0 [pid 287] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] mkdir("./1", 0777 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... mkdir resumed>) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... openat resumed>) = 3 [pid 287] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] newfstatat(3, "", [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 283] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... openat resumed>) = 4 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(4, "", [pid 285] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, [pid 285] ioctl(3, LOOP_CLR_FD [pid 283] newfstatat(3, "", [pid 287] getdents64(4, [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... getdents64 resumed>0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] <... getdents64 resumed>0x55558252e730 /* 2 entries */, 32768) = 48 [pid 286] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] getdents64(4, [pid 283] getdents64(3, [pid 285] close(3 [pid 283] <... getdents64 resumed>0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x55558252e730 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 283] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./0/file0" [pid 284] <... openat resumed>) = 4 [pid 287] <... rmdir resumed>) = 0 [pid 284] newfstatat(4, "", [pid 287] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./0/binderfs") = 0 [pid 287] getdents64(3, 0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./0" [pid 284] getdents64(4, 0x55558252e730 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, [pid 287] <... rmdir resumed>) = 0 [pid 284] <... getdents64 resumed>0x55558252e730 /* 0 entries */, 32768) = 0 [ 25.821838][ T295] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-289: bg 0: block 234: padding at end of block bitmap is not set [ 25.821987][ T297] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor247: bg 0: block 234: padding at end of block bitmap is not set [ 25.836661][ T298] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-294: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 284] close(4) = 0 [pid 284] rmdir("./0/file0" [pid 287] mkdir("./1", 0777) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 284] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./0/binderfs") = 0 [pid 284] getdents64(3, 0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./0") = 0 [pid 284] mkdir("./1", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... openat resumed>) = 3 [pid 285] <... close resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555582525650) = 317 ./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x555582525660, 24) = 0 [pid 317] chdir("./1") = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 317] setpgid(0, 0) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 317] close(3) = 0 [pid 317] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 317] write(1, "executing program\n", 18) = 18 [pid 317] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 317] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 317] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 317] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 317] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 317] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 317] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 317] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 317] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 317] memfd_create("syzkaller", 0) = 5 [pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c1ed85000 [pid 317] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 317] munmap(0x7f5c1ed85000, 138412032) = 0 [ 25.874445][ T298] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #18: block 62218: comm vhost-294: lblock 0 mapped to illegal pblock 62218 (length 1) [pid 317] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555582525650) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555582525660, 24) = 0 [pid 319] chdir("./1") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs" [pid 317] <... openat resumed>) = 6 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] <... umount2 resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 317] ioctl(6, LOOP_SET_FD, 5 [pid 287] close(3 [pid 286] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] newfstatat(AT_FDCWD, "./0/file0", [pid 286] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, [pid 286] getdents64(4, 0x55558252e730 /* 2 entries */, 32768) = 48 [pid 283] <... getdents64 resumed>0x55558252e730 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55558252e730 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 286] getdents64(4, 0x55558252e730 /* 0 entries */, 32768) = 0 [pid 286] close(4 [pid 283] rmdir("./0/file0" [pid 286] <... close resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 286] rmdir("./0/file0") = 0 [pid 286] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./0/binderfs", [pid 283] newfstatat(AT_FDCWD, "./0/binderfs", [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./0/binderfs") = 0 [pid 283] unlink("./0/binderfs") = 0 [pid 286] getdents64(3, [pid 283] getdents64(3, [pid 286] <... getdents64 resumed>0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 283] <... getdents64 resumed>0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 286] close(3 [pid 283] close(3 [pid 286] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 286] rmdir("./0" [pid 283] rmdir("./0"executing program ) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 286] mkdir("./1", 0777) = 0 [pid 283] mkdir("./1", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 319] <... symlink resumed>) = 0 [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 319] ioctl(3, VHOST_SET_OWNER [pid 317] <... ioctl resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 317] close(5 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 317] <... close resumed>) = 0 [pid 286] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 286] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 317] close(6 [pid 286] close(3 [pid 283] close(3 [pid 287] <... clone resumed>, child_tidptr=0x555582525650) = 324 [pid 319] <... ioctl resumed>, 0) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 319] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 319] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 319] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 319] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 319] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 319] memfd_create("syzkaller", 0) = 5 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c1ed85000 [pid 319] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555582525660, 24) = 0 [pid 324] chdir("./1") = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 319] <... write resumed>) = 1048576 [pid 324] <... openat resumed>) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 324] write(1, "executing program\n", 18) = 18 [pid 324] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 324] ioctl(3, VHOST_SET_OWNER [pid 319] munmap(0x7f5c1ed85000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 324] <... ioctl resumed>, 0) = 0 [pid 324] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 324] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 324] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 324] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 324] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 324] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 324] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 324] memfd_create("syzkaller", 0) = 5 [pid 324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c1ed85000 [pid 324] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 317] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 317] mkdir("./file0", 0777 [pid 286] <... close resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 317] <... mkdir resumed>) = 0 [pid 317] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 286] <... clone resumed>, child_tidptr=0x555582525650) = 327 [pid 283] <... clone resumed>, child_tidptr=0x555582525650) = 326 [pid 319] <... openat resumed>) = 6 [pid 319] ioctl(6, LOOP_SET_FD, 5./strace-static-x86_64: Process 327 attached executing program executing program [pid 324] <... write resumed>) = 1048576 [pid 327] set_robust_list(0x555582525660, 24) = 0 [pid 327] chdir("./1") = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x555582525660, 24) = 0 [pid 326] chdir("./1" [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 326] <... chdir resumed>) = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(1, "executing program\n", 18) = 18 [pid 327] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 319] <... ioctl resumed>) = 0 [pid 319] close(5) = 0 [pid 319] close(6 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [pid 327] ioctl(3, VHOST_SET_OWNER [pid 326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 326] write(1, "executing program\n", 18) = 18 [pid 326] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 326] ioctl(3, VHOST_SET_OWNER [pid 324] munmap(0x7f5c1ed85000, 138412032) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 317] <... mount resumed>) = 0 [pid 317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 327] <... ioctl resumed>, 0) = 0 [pid 326] <... ioctl resumed>, 0) = 0 [pid 317] <... openat resumed>) = 5 [pid 327] ioctl(3, VHOST_SET_VRING_ADDR [pid 326] ioctl(3, VHOST_SET_VRING_ADDR [pid 317] chdir("./file0" [pid 327] <... ioctl resumed>, 0x200000000300) = 0 [pid 326] <... ioctl resumed>, 0x200000000300) = 0 [pid 327] ioctl(3, VHOST_SET_MEM_TABLE [pid 326] ioctl(3, VHOST_SET_MEM_TABLE [pid 327] <... ioctl resumed>, 0x200000003380) = 0 [pid 326] <... ioctl resumed>, 0x200000003380) = 0 [pid 317] <... chdir resumed>) = 0 [pid 327] eventfd2(4294967295, EFD_SEMAPHORE [pid 326] eventfd2(4294967295, EFD_SEMAPHORE [pid 327] <... eventfd2 resumed>) = 4 [pid 326] <... eventfd2 resumed>) = 4 [pid 327] ioctl(3, VHOST_SET_VRING_ERR [pid 326] ioctl(3, VHOST_SET_VRING_ERR [pid 327] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 326] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 327] ioctl(3, VHOST_SET_VRING_ADDR [pid 326] ioctl(3, VHOST_SET_VRING_ADDR [pid 327] <... ioctl resumed>, 0x200000000240) = 0 [pid 326] <... ioctl resumed>, 0x200000000240) = 0 [pid 327] ioctl(3, VHOST_SET_VRING_KICK [pid 326] ioctl(3, VHOST_SET_VRING_KICK [pid 327] <... ioctl resumed>, 0x200000000000) = 0 [pid 326] <... ioctl resumed>, 0x200000000000) = 0 [pid 327] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 326] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 327] <... ioctl resumed>, 0x200000000140) = 0 [pid 326] <... ioctl resumed>, 0x200000000140) = 0 [pid 327] memfd_create("syzkaller", 0 [pid 326] memfd_create("syzkaller", 0 [pid 327] <... memfd_create resumed>) = 5 [pid 326] <... memfd_create resumed>) = 5 [pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 327] <... mmap resumed>) = 0x7f5c1ed85000 [pid 326] <... mmap resumed>) = 0x7f5c1ed85000 [pid 327] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 317] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 326] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 327] <... write resumed>) = 1048576 [pid 326] <... write resumed>) = 1048576 [pid 327] munmap(0x7f5c1ed85000, 138412032) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 326] munmap(0x7f5c1ed85000, 138412032) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 319] <... close resumed>) = 0 [pid 317] <... openat resumed>) = 6 [pid 319] mkdir("./file0", 0777 [pid 317] ioctl(6, LOOP_CLR_FD [pid 319] <... mkdir resumed>) = 0 [ 26.115599][ T317] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 319] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 327] <... openat resumed>) = 6 [pid 326] <... openat resumed>) = 6 [pid 324] <... openat resumed>) = 6 [pid 317] <... ioctl resumed>) = 0 [pid 317] close(6 [pid 327] ioctl(6, LOOP_SET_FD, 5 [pid 326] ioctl(6, LOOP_SET_FD, 5 [pid 324] ioctl(6, LOOP_SET_FD, 5 [pid 317] <... close resumed>) = 0 [pid 317] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 317] write(6, "#! ./file1\n", 11) = 11 [pid 317] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 327] <... ioctl resumed>) = 0 [pid 327] close(5 [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 327] <... close resumed>) = 0 [pid 327] close(6 [pid 317] +++ killed by SIGBUS +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=317, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 285] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 326] <... ioctl resumed>) = 0 [pid 326] close(5) = 0 [pid 326] close(6 [pid 324] <... ioctl resumed>) = 0 [pid 324] close(5) = 0 [ 26.236240][ T317] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor247: bg 0: block 234: padding at end of block bitmap is not set [pid 324] close(6 [pid 327] <... close resumed>) = 0 [pid 327] mkdir("./file0", 0777) = 0 [pid 327] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 319] <... mount resumed>) = 0 [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 319] chdir("./file0") = 0 [pid 319] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 326] <... close resumed>) = 0 [pid 326] mkdir("./file0", 0777) = 0 [ 26.314948][ T319] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 326] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 324] <... close resumed>) = 0 [pid 324] mkdir("./file0", 0777) = 0 [pid 324] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 319] <... openat resumed>) = 6 [pid 285] <... umount2 resumed>) = 0 [pid 319] ioctl(6, LOOP_CLR_FD) = 0 [pid 319] close(6) = 0 [pid 319] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 319] write(6, "#! ./file1\n", 11) = 11 [pid 319] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 285] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55558252e730 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55558252e730 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./1/file0") = 0 [pid 285] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./1/binderfs") = 0 [pid 285] getdents64(3, 0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./1") = 0 [pid 285] mkdir("./2", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555582525650) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555582525660, 24) = 0 [pid 339] chdir("./2") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 executing program [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18) = 18 [pid 339] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [ 26.525664][ T319] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor247: bg 0: block 234: padding at end of block bitmap is not set [pid 339] ioctl(3, VHOST_SET_OWNER [pid 319] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 339] <... ioctl resumed>, 0) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 339] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 339] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 339] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 339] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 339] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 339] memfd_create("syzkaller", 0) = 5 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c1ed85000 [ 26.565576][ T324] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 339] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 339] munmap(0x7f5c1ed85000, 138412032 [pid 319] +++ killed by SIGBUS +++ [pid 339] <... munmap resumed>) = 0 [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=319, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 339] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 339] ioctl(6, LOOP_SET_FD, 5 [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 339] <... ioctl resumed>) = 0 [pid 339] close(5) = 0 [pid 339] close(6 [pid 284] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 284] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 324] <... mount resumed>) = 0 [pid 324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 324] chdir("./file0") = 0 [pid 324] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 327] <... mount resumed>) = 0 [pid 327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 327] chdir("./file0") = 0 [pid 327] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 326] <... mount resumed>) = 0 [pid 326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 326] chdir("./file0") = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 339] <... close resumed>) = 0 [pid 339] mkdir("./file0", 0777) = 0 [ 26.610904][ T326] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [ 26.644898][ T327] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 339] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inline"... [pid 324] <... openat resumed>) = 6 [pid 327] <... openat resumed>) = 6 [pid 326] <... openat resumed>) = 6 [pid 326] ioctl(6, LOOP_CLR_FD [pid 327] ioctl(6, LOOP_CLR_FD [pid 324] ioctl(6, LOOP_CLR_FD [pid 284] <... umount2 resumed>) = 0 [pid 327] <... ioctl resumed>) = 0 [pid 326] <... ioctl resumed>) = 0 [pid 324] <... ioctl resumed>) = 0 [pid 326] close(6 [pid 327] close(6 [pid 324] close(6 [pid 326] <... close resumed>) = 0 [pid 324] <... close resumed>) = 0 [pid 327] <... close resumed>) = 0 [pid 326] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 324] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 327] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 324] <... openat resumed>) = 6 [pid 327] <... openat resumed>) = 6 [pid 326] <... openat resumed>) = 6 [pid 324] write(6, "#! ./file1\n", 11 [pid 327] write(6, "#! ./file1\n", 11 [pid 326] write(6, "#! ./file1\n", 11 [pid 327] <... write resumed>) = 11 [pid 326] <... write resumed>) = 11 [pid 324] <... write resumed>) = 11 [pid 324] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 327] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 326] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 327] <... mmap resumed>) = 0x200000000000 [pid 326] <... mmap resumed>) = 0x200000000000 [pid 324] <... mmap resumed>) = 0x200000000000 [pid 284] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 327] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 327] +++ killed by SIGBUS +++ [pid 284] <... openat resumed>) = 4 [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=327, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 284] newfstatat(4, "", [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, [pid 324] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 284] <... getdents64 resumed>0x55558252e730 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55558252e730 /* 0 entries */, 32768) = 0 [pid 284] close(4 [pid 324] +++ killed by SIGBUS +++ [pid 284] <... close resumed>) = 0 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=324, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [ 26.826544][ T326] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor247: bg 0: block 234: padding at end of block bitmap is not set [ 26.832765][ T325] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm vhost-324: bg 0: block 234: padding at end of block bitmap is not set [ 26.841472][ T327] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor247: bg 0: block 234: padding at end of block bitmap is not set [pid 284] rmdir("./1/file0" [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 286] <... restart_syscall resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 284] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] newfstatat(AT_FDCWD, "./1/binderfs", [pid 286] getdents64(3, [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... getdents64 resumed>0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] unlink("./1/binderfs" [pid 287] <... openat resumed>) = 3 [pid 284] <... unlink resumed>) = 0 [pid 287] newfstatat(3, "", [pid 284] getdents64(3, [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... getdents64 resumed>0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 287] getdents64(3, [pid 284] close(3 [pid 287] <... getdents64 resumed>0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 284] <... close resumed>) = 0 [pid 287] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] rmdir("./1" [pid 326] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 284] <... rmdir resumed>) = 0 [pid 284] mkdir("./2", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 326] +++ killed by SIGBUS +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=326, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 339] <... mount resumed>) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 339] chdir("./file0") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x5555825266f0 /* 4 entries */, 32768) = 112 [pid 283] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 286] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] ioctl(3, LOOP_CLR_FD [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55558252e730 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55558252e730 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./1/file0") = 0 [pid 286] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./1/binderfs") = 0 [pid 286] getdents64(3, 0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./1") = 0 [pid 286] mkdir("./2", 0777) = 0 [ 26.879584][ T339] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,norecovery,auto_da_alloc,noquota,data_err=abort,inlinecrypt,grpjquota=,nouid32,grpid,,errors=continue [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 339] <... openat resumed>) = 6 [pid 339] ioctl(6, LOOP_CLR_FD [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = 0 [pid 339] <... ioctl resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 339] close(6 [pid 286] ioctl(3, LOOP_CLR_FD [pid 284] close(3 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] <... close resumed>) = 0 [pid 339] <... close resumed>) = 0 [pid 286] close(3 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] <... close resumed>) = 0 [pid 339] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... clone resumed>, child_tidptr=0x555582525650) = 350 [pid 283] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 339] <... openat resumed>) = 6 [pid 339] write(6, "#! ./file1\n", 11 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... clone resumed>, child_tidptr=0x555582525650) = 351 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./1/file0", [pid 339] <... write resumed>) = 11 [pid 339] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 287] newfstatat(AT_FDCWD, "./1/file0", [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", [pid 283] newfstatat(4, "", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 283] getdents64(4, 0x55558252e730 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x55558252e730 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55558252e730 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 283] getdents64(4, [pid 287] <... close resumed>) = 0 [pid 283] <... getdents64 resumed>0x55558252e730 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 287] rmdir("./1/file0") = 0 [pid 283] rmdir("./1/file0") = 0 ./strace-static-x86_64: Process 350 attached [pid 283] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 350] set_robust_list(0x555582525660, 24 [pid 287] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./1/binderfs" [pid 350] <... set_robust_list resumed>) = 0 [pid 283] <... unlink resumed>) = 0 [pid 287] unlink("./1/binderfs") = 0 [pid 350] chdir("./2" [pid 287] getdents64(3, [pid 283] getdents64(3, [pid 287] <... getdents64 resumed>0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 283] <... getdents64 resumed>0x5555825266f0 /* 0 entries */, 32768) = 0 [pid 283] close(3 [pid 287] close(3) = 0 [pid 350] <... chdir resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 283] rmdir("./1" [pid 287] rmdir("./1" [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 283] <... rmdir resumed>) = 0 [pid 350] <... prctl resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 350] setpgid(0, 0) = 0 [pid 283] mkdir("./2", 0777 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 283] <... mkdir resumed>) = 0 [pid 287] mkdir("./2", 0777 [pid 350] <... openat resumed>) = 3 [pid 287] <... mkdir resumed>) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 350] write(3, "1000", 4 [pid 283] <... openat resumed>) = 3 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD [pid 287] ioctl(3, LOOP_CLR_FD [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] close(3 [pid 350] <... write resumed>) = 4 [pid 287] close(3 [pid 283] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 350] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 350] symlink("/dev/binderfs", "./binderfs" [pid 287] <... clone resumed>, child_tidptr=0x555582525650) = 353 [pid 350] <... symlink resumed>) = 0 [pid 283] <... clone resumed>, child_tidptr=0x555582525650) = 352 executing program executing program executing program executing program ./strace-static-x86_64: Process 352 attached [pid 350] write(1, "executing program\n", 18 [pid 352] set_robust_list(0x555582525660, 24 [pid 350] <... write resumed>) = 18 [pid 350] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 352] <... set_robust_list resumed>) = 0 [pid 352] chdir("./2" [pid 350] <... openat resumed>) = 3 ./strace-static-x86_64: Process 351 attached ./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x555582525660, 24 [pid 350] ioctl(3, VHOST_SET_OWNER [pid 351] set_robust_list(0x555582525660, 24 [pid 353] <... set_robust_list resumed>) = 0 [pid 351] <... set_robust_list resumed>) = 0 [pid 353] chdir("./2" [pid 352] <... chdir resumed>) = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 351] chdir("./2") = 0 [pid 352] <... prctl resumed>) = 0 [pid 353] <... chdir resumed>) = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 351] <... prctl resumed>) = 0 [pid 353] <... prctl resumed>) = 0 [pid 351] setpgid(0, 0 [pid 353] setpgid(0, 0 [pid 352] setpgid(0, 0 [pid 353] <... setpgid resumed>) = 0 [pid 351] <... setpgid resumed>) = 0 [pid 352] <... setpgid resumed>) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 353] <... openat resumed>) = 3 [pid 352] <... openat resumed>) = 3 [pid 351] <... openat resumed>) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3 [pid 351] write(3, "1000", 4) = 4 [pid 353] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [pid 353] close(3 [pid 352] <... close resumed>) = 0 [pid 353] <... close resumed>) = 0 [pid 351] symlink("/dev/binderfs", "./binderfs" [pid 352] symlink("/dev/binderfs", "./binderfs" [pid 353] symlink("/dev/binderfs", "./binderfs" [pid 351] <... symlink resumed>) = 0 [pid 352] <... symlink resumed>) = 0 [pid 353] <... symlink resumed>) = 0 [pid 352] write(1, "executing program\n", 18 [pid 353] write(1, "executing program\n", 18) = 18 [pid 353] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 351] write(1, "executing program\n", 18) = 18 [pid 351] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 352] <... write resumed>) = 18 [pid 353] <... openat resumed>) = 3 [pid 352] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 351] <... openat resumed>) = 3 [pid 353] ioctl(3, VHOST_SET_OWNER [pid 352] <... openat resumed>) = 3 [pid 351] ioctl(3, VHOST_SET_OWNER [pid 339] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000000006c0} --- [pid 352] ioctl(3, VHOST_SET_OWNER [pid 353] <... ioctl resumed>, 0) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 353] ioctl(3, VHOST_SET_MEM_TABLE [pid 350] <... ioctl resumed>, 0) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 350] ioctl(3, VHOST_SET_MEM_TABLE [pid 353] <... ioctl resumed>, 0x200000003380) = 0 [pid 353] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 353] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 353] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 353] memfd_create("syzkaller", 0) = 5 [pid 350] <... ioctl resumed>, 0x200000003380) = 0 [pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5c1ed85000 [pid 350] eventfd2(4294967295, EFD_SEMAPHORE) = 4 [pid 350] ioctl(3, VHOST_SET_VRING_ERR [pid 352] <... ioctl resumed>, 0) = 0 [pid 352] ioctl(3, VHOST_SET_VRING_ADDR [pid 350] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 339] +++ killed by SIGBUS +++ [pid 352] <... ioctl resumed>, 0x200000000300) = 0 [pid 350] ioctl(3, VHOST_SET_VRING_ADDR [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=339, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 352] ioctl(3, VHOST_SET_MEM_TABLE [pid 350] <... ioctl resumed>, 0x200000000240) = 0 [pid 285] restart_syscall(<... resuming interrupted clone ...>