./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3526128815 <...> no interfaces have a carrier [ 59.471565][ T5485] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.488361][ T5485] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.89' (ED25519) to the list of known hosts. execve("./syz-executor3526128815", ["./syz-executor3526128815"], 0x7ffe6ba895d0 /* 10 vars */) = 0 brk(NULL) = 0x55557b4b7000 brk(0x55557b4b7e00) = 0x55557b4b7e00 arch_prctl(ARCH_SET_FS, 0x55557b4b7480) = 0 set_tid_address(0x55557b4b7750) = 5823 set_robust_list(0x55557b4b7760, 24) = 0 rseq(0x55557b4b7da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3526128815", 4096) = 28 getrandom("\x2a\xe1\xd4\x8c\xae\xd1\x44\xbe", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557b4b7e00 brk(0x55557b4d8e00) = 0x55557b4d8e00 brk(0x55557b4d9000) = 0x55557b4d9000 mprotect(0x7f9246a80000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f92469cca60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f92469d56c0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f92469cca60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f92469d56c0}, NULL, 8) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5824 attached , child_tidptr=0x55557b4b7750) = 5824 [pid 5824] set_robust_list(0x55557b4b7760, 24) = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] setpgid(0, 0) = 0 [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3) = 0 [pid 5824] write(1, "executing program\n", 18executing program ) = 18 [pid 5824] memfd_create("syzkaller", 0) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f923e400000 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5824] munmap(0x7f923e400000, 138412032) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5824] close(3) = 0 [pid 5824] close(4) = 0 [pid 5824] mkdir("./file0", 0777) = 0 syzkaller login: [ 90.657718][ T5824] loop0: detected capacity change from 0 to 32768 [ 90.774128][ T5824] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 90.801372][ T5824] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256 [ 90.801372][ T5824] allowing incompatible features above 0.0: (unknown version) [ 90.830206][ T5824] bcachefs (loop0): initializing new filesystem [ 90.838050][ T5824] bcachefs (loop0): going read-write [ 90.848245][ T5824] bcachefs (loop0): marking superblocks [ 90.866271][ T5824] bcachefs (loop0): initializing freespace [pid 5824] mount("/dev/loop0", "./file0", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5824] chdir("./file0") = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 90.873858][ T5824] bcachefs (loop0): done initializing freespace [ 90.883938][ T5824] bcachefs (loop0): reading snapshots table [ 90.890039][ T5824] bcachefs (loop0): reading snapshots done [ 90.907730][ T5824] bcachefs (loop0): done starting filesystem [pid 5824] ioctl(4, LOOP_CLR_FD) = 0 [pid 5824] close(4) = 0 [pid 5824] munmap(0x200000001000, 16384) = 0 [pid 5824] rename(NULL, NULL) = -1 EFAULT (Bad address) [pid 5824] openat(AT_FDCWD, NULL, O_WRONLY) = -1 EFAULT (Bad address) [pid 5824] openat(AT_FDCWD, "./file1", O_WRONLY|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 5824] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x63\x61\x63\x68\x65\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 389 [pid 5824] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 5 [pid 5824] mmap(0x200000001000, 4096, PROT_WRITE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x200000001000 [pid 5824] read(5, NULL, 0) = 0 [pid 5824] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5824] write(-1, NULL, 92) = -1 EBADF (Bad file descriptor) [pid 5824] mount(NULL, NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5824] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x200000002480} --- [pid 5824] memfd_create("syzkaller", 0) = 6 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f923e400000 [pid 5824] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x200000002482} --- [pid 5824] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0673) = 7 [ 91.039472][ T30] audit: type=1800 audit(1747773694.613:2): pid=5824 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor352" name="file1" dev="loop0" ino=4098 res=0 errno=0 [pid 5824] truncate(NULL, 2147483645) = -1 EFAULT (Bad address) [pid 5824] mkdir(NULL, 0777) = -1 EFAULT (Bad address) [pid 5824] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5824] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR) = -1 EISDIR (Is a directory) [pid 5824] openat(AT_FDCWD, "/proc/self/fd/3", O_RDONLY) = 8 [ 91.094512][ T30] audit: type=1800 audit(1747773694.663:3): pid=5824 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor352" name="file1" dev="loop0" ino=4098 res=0 errno=0 [ 91.279182][ C0] ------------[ cut here ]------------ [ 91.285303][ C0] kernel BUG at block/blk-mq.c:1146! [ 91.290738][ C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 91.297023][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) [ 91.307391][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.317480][ C0] RIP: 0010:blk_mq_end_request+0x6c/0x70 [ 91.323148][ C0] Code: e8 79 f1 2b fd 48 89 df 89 ee 5b 5d e9 bd f9 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 7c ce e8 ec c5 8b fd eb c7 e8 55 f1 2b fd 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 91.342783][ C0] RSP: 0018:ffffc90000147bb8 EFLAGS: 00010246 [ 91.348882][ C0] RAX: ffffffff8493ff8b RBX: ffff888024517500 RCX: ffff88801c6cbc00 [ 91.356883][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 91.364972][ C0] RBP: 0000000000000000 R08: ffff88801c6cbc00 R09: 0000000000000003 [ 91.372980][ C0] R10: 0000000000000009 R11: 0000000000000100 R12: dffffc0000000000 [ 91.380978][ C0] R13: 0000000000000005 R14: ffff888024517500 R15: ffffffff8be81688 [ 91.388983][ C0] FS: 0000000000000000(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000 [ 91.397946][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.404550][ C0] CR2: 0000000000000000 CR3: 0000000075daa000 CR4: 00000000003526f0 [ 91.412548][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 91.420543][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 91.428539][ C0] Call Trace: [ 91.431842][ C0] [ 91.434793][ C0] blk_done_softirq+0x10a/0x160 [ 91.439682][ C0] handle_softirqs+0x283/0x870 [ 91.444488][ C0] ? schedule+0x165/0x360 [ 91.448860][ C0] ? run_ksoftirqd+0x9b/0x100 [ 91.453565][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 91.458972][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 91.464050][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 91.469105][ C0] run_ksoftirqd+0x9b/0x100 [ 91.473632][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 91.478776][ C0] smpboot_thread_fn+0x53f/0xa60 [ 91.483759][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 91.488820][ C0] kthread+0x711/0x8a0 [ 91.492919][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 91.498419][ C0] ? __pfx_kthread+0x10/0x10 [ 91.503037][ C0] ? __pfx_kthread+0x10/0x10 [ 91.507650][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.512876][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.518105][ C0] ? __pfx_kthread+0x10/0x10 [ 91.522721][ C0] ret_from_fork+0x4b/0x80 [ 91.527182][ C0] ? __pfx_kthread+0x10/0x10 [ 91.531801][ C0] ret_from_fork_asm+0x1a/0x30 [ 91.536639][ C0] [ 91.539681][ C0] Modules linked in: [ 91.543743][ C0] ---[ end trace 0000000000000000 ]--- [ 91.549251][ C0] RIP: 0010:blk_mq_end_request+0x6c/0x70 [ 91.554918][ C0] Code: e8 79 f1 2b fd 48 89 df 89 ee 5b 5d e9 bd f9 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 7c ce e8 ec c5 8b fd eb c7 e8 55 f1 2b fd 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 91.574895][ C0] RSP: 0018:ffffc90000147bb8 EFLAGS: 00010246 [ 91.581046][ C0] RAX: ffffffff8493ff8b RBX: ffff888024517500 RCX: ffff88801c6cbc00 [ 91.589076][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 91.597117][ C0] RBP: 0000000000000000 R08: ffff88801c6cbc00 R09: 0000000000000003 [ 91.605120][ C0] R10: 0000000000000009 R11: 0000000000000100 R12: dffffc0000000000 [ 91.613169][ C0] R13: 0000000000000005 R14: ffff888024517500 R15: ffffffff8be81688 [ 91.621204][ C0] FS: 0000000000000000(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000 [ 91.630206][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.636834][ C0] CR2: 0000000000000000 CR3: 0000000075daa000 CR4: 00000000003526f0 [ 91.644833][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 91.652880][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 91.660923][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 91.668291][ C0] Kernel Offset: disabled [ 91.672628][ C0] Rebooting in 86400 seconds..