Extracting prog: 3m33.123088516s
Minimizing prog: 46m41.015499844s
Simplifying prog options: 0s
Extracting C: 27.050838359s
Simplifying C: 31m37.994136939s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

program crashed: BUG: unable to handle kernel paging request in bfs_get_block
single: successfully extracted reproducer
found reproducer with 4 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone-pwritev2
detailed listing:
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, 0x0, 0x0, 0x5412, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{0x0}], 0x1, 0x5412, 0x0, 0x0)

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)}], 0x1, 0x5412, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program did not crash
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program did not crash
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program did not crash
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: BUG: unable to handle kernel paging request in bfs_get_block
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
program crashed: WARNING in bfs_get_block
a never seen crash title: WARNING in bfs_get_block, ignore
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

program crashed: BUG: unable to handle kernel paging request in bfs_get_block
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

program crashed: BUG: unable to handle kernel paging request in bfs_get_block
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-openat-syz_clone-pwritev2
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x1, 0x90, &(0x7f0000000380)="$eJzs1rEJAkEUBNDxEo2uAQM7uB4sRQw1M1IEK7IVS7ADA1MDV3AVwdDk5HgPdmGYZMJ/uh2naZNySMqXzXa3WqzrHwapSTJOMkkya2u+zGs3evXn6375fn3vBQAAftc8r/x7+eSu63cRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH95BAAA//+K7iUi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

program crashed: BUG: unable to handle kernel paging request in bfs_get_block
validation run: crashed=true
reproducing took 1h26m8.159563749s
repro crashed as (corrupted=false):
Unable to handle kernel paging request at virtual address dfff800000000005
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000005] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4541 Comm: syz.3.26 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : bfs_move_block fs/bfs/file.c:42 [inline]
pc : bfs_move_blocks fs/bfs/file.c:56 [inline]
pc : bfs_get_block+0x438/0x960 fs/bfs/file.c:125
lr : sb_getblk include/linux/buffer_head.h:356 [inline]
lr : bfs_move_block fs/bfs/file.c:41 [inline]
lr : bfs_move_blocks fs/bfs/file.c:56 [inline]
lr : bfs_get_block+0x410/0x960 fs/bfs/file.c:125
sp : ffff800022236c70
x29: ffff800022236ce0 x28: ffff0000cd722018 x27: 1fffe00019ae442c
x26: 0000000000000028 x25: ffff0000f49814a8 x24: 0000000000000000
x23: ffff0000cd722160 x22: ffff0000e1e550e8 x21: dfff800000000000
x20: 0000000000000200 x19: 000000000000000b x18: 0000000000000000
x17: ffff80001835b000 x16: ffff8000082eef80 x15: ffff800008b30250
x14: 0000000000000001 x13: 1fffff8000754b7e x12: 0000000000ff0100
x11: ff00800008a916bc x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000005 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000008 x3 : ffff800008a9148c
x2 : 0000000000000001 x1 : 0000000000000003 x0 : 0000000000000000
Call trace:
 bfs_move_block fs/bfs/file.c:42 [inline]
 bfs_move_blocks fs/bfs/file.c:56 [inline]
 bfs_get_block+0x438/0x960 fs/bfs/file.c:125
 __block_write_begin_int+0x350/0x1388 fs/buffer.c:1991
 __block_write_begin fs/buffer.c:2041 [inline]
 block_write_begin+0x98/0x11c fs/buffer.c:2102
 bfs_write_begin+0x48/0xec fs/bfs/file.c:177
 generic_perform_write+0x234/0x4f4 mm/filemap.c:3862
 __generic_file_write_iter+0x130/0x250 mm/filemap.c:3960
 generic_file_write_iter+0xb4/0x2b0 mm/filemap.c:3989
 __kernel_write_iter+0x208/0x56c fs/read_write.c:517
 __kernel_write+0xe8/0x148 fs/read_write.c:537
 __dump_emit fs/coredump.c:873 [inline]
 dump_emit+0x224/0x324 fs/coredump.c:910
 elf_core_dump+0x230c/0x2da0 fs/binfmt_elf.c:2333
 do_coredump+0x10cc/0x1c68 fs/coredump.c:824
 get_signal+0xdec/0x1304 kernel/signal.c:2857
 do_signal arch/arm64/kernel/signal.c:1095 [inline]
 do_notify_resume+0x28c/0x2aa4 arch/arm64/kernel/signal.c:1148
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_da+0xb4/0x144 arch/arm64/kernel/entry-common.c:516
 el0t_64_sync_handler+0x90/0xf0 arch/arm64/kernel/entry-common.c:658
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 97e628d4 9100a31a f94012d4 d343ff48 (38756908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97e628d4 	bl	0xffffffffff98a350
   4:	9100a31a 	add	x26, x24, #0x28
   8:	f94012d4 	ldr	x20, [x22, #32]
   c:	d343ff48 	lsr	x8, x26, #3
* 10:	38756908 	ldrb	w8, [x8, x21] <-- trapping instruction

final repro crashed as (corrupted=false):
Unable to handle kernel paging request at virtual address dfff800000000005
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000005] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4541 Comm: syz.3.26 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : bfs_move_block fs/bfs/file.c:42 [inline]
pc : bfs_move_blocks fs/bfs/file.c:56 [inline]
pc : bfs_get_block+0x438/0x960 fs/bfs/file.c:125
lr : sb_getblk include/linux/buffer_head.h:356 [inline]
lr : bfs_move_block fs/bfs/file.c:41 [inline]
lr : bfs_move_blocks fs/bfs/file.c:56 [inline]
lr : bfs_get_block+0x410/0x960 fs/bfs/file.c:125
sp : ffff800022236c70
x29: ffff800022236ce0 x28: ffff0000cd722018 x27: 1fffe00019ae442c
x26: 0000000000000028 x25: ffff0000f49814a8 x24: 0000000000000000
x23: ffff0000cd722160 x22: ffff0000e1e550e8 x21: dfff800000000000
x20: 0000000000000200 x19: 000000000000000b x18: 0000000000000000
x17: ffff80001835b000 x16: ffff8000082eef80 x15: ffff800008b30250
x14: 0000000000000001 x13: 1fffff8000754b7e x12: 0000000000ff0100
x11: ff00800008a916bc x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000005 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000008 x3 : ffff800008a9148c
x2 : 0000000000000001 x1 : 0000000000000003 x0 : 0000000000000000
Call trace:
 bfs_move_block fs/bfs/file.c:42 [inline]
 bfs_move_blocks fs/bfs/file.c:56 [inline]
 bfs_get_block+0x438/0x960 fs/bfs/file.c:125
 __block_write_begin_int+0x350/0x1388 fs/buffer.c:1991
 __block_write_begin fs/buffer.c:2041 [inline]
 block_write_begin+0x98/0x11c fs/buffer.c:2102
 bfs_write_begin+0x48/0xec fs/bfs/file.c:177
 generic_perform_write+0x234/0x4f4 mm/filemap.c:3862
 __generic_file_write_iter+0x130/0x250 mm/filemap.c:3960
 generic_file_write_iter+0xb4/0x2b0 mm/filemap.c:3989
 __kernel_write_iter+0x208/0x56c fs/read_write.c:517
 __kernel_write+0xe8/0x148 fs/read_write.c:537
 __dump_emit fs/coredump.c:873 [inline]
 dump_emit+0x224/0x324 fs/coredump.c:910
 elf_core_dump+0x230c/0x2da0 fs/binfmt_elf.c:2333
 do_coredump+0x10cc/0x1c68 fs/coredump.c:824
 get_signal+0xdec/0x1304 kernel/signal.c:2857
 do_signal arch/arm64/kernel/signal.c:1095 [inline]
 do_notify_resume+0x28c/0x2aa4 arch/arm64/kernel/signal.c:1148
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_da+0xb4/0x144 arch/arm64/kernel/entry-common.c:516
 el0t_64_sync_handler+0x90/0xf0 arch/arm64/kernel/entry-common.c:658
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 97e628d4 9100a31a f94012d4 d343ff48 (38756908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97e628d4 	bl	0xffffffffff98a350
   4:	9100a31a 	add	x26, x24, #0x28
   8:	f94012d4 	ldr	x20, [x22, #32]
   c:	d343ff48 	lsr	x8, x26, #3
* 10:	38756908 	ldrb	w8, [x8, x21] <-- trapping instruction