./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3919456775 <...> Warning: Permanently added '10.128.0.50' (ED25519) to the list of known hosts. execve("./syz-executor3919456775", ["./syz-executor3919456775"], 0x7fff36091f00 /* 10 vars */) = 0 brk(NULL) = 0x55556cba8000 brk(0x55556cba8e00) = 0x55556cba8e00 arch_prctl(ARCH_SET_FS, 0x55556cba8480) = 0 set_tid_address(0x55556cba8750) = 5826 set_robust_list(0x55556cba8760, 24) = 0 rseq(0x55556cba8da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3919456775", 4096) = 28 getrandom("\x82\x56\x28\xa1\xa8\xa8\x7a\x13", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556cba8e00 brk(0x55556cbc9e00) = 0x55556cbc9e00 brk(0x55556cbca000) = 0x55556cbca000 mprotect(0x7f9a64b1a000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f9a64a6ba60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9a64a74580}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f9a64a6ba60, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9a64a74580}, NULL, 8) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5827 attached , child_tidptr=0x55556cba8750) = 5827 [pid 5827] set_robust_list(0x55556cba8760, 24) = 0 [pid 5827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5827] setpgid(0, 0) = 0 [pid 5827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5827] write(3, "1000", 4) = 4 [pid 5827] close(3) = 0 executing program [pid 5827] write(1, "executing program\n", 18) = 18 [pid 5827] memfd_create("syzkaller", 0) = 3 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9a5c600000 [pid 5827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5827] munmap(0x7f9a5c600000, 138412032) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5827] close(3) = 0 [pid 5827] close(4) = 0 [pid 5827] mkdir("./file0", 0777) = 0 [ 74.155957][ T5827] loop0: detected capacity change from 0 to 32768 [ 74.228273][ T5827] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0 [ 74.252848][ T5827] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256 [ 74.252848][ T5827] allowing incompatible features above 0.0: (unknown version) [ 74.281401][ T5827] bcachefs (loop0): initializing new filesystem [ 74.288992][ T5827] bcachefs (loop0): going read-write [ 74.298950][ T5827] bcachefs (loop0): marking superblocks [ 74.316026][ T5827] bcachefs (loop0): initializing freespace [pid 5827] mount("/dev/loop0", "./file0", "bcachefs", MS_SYNCHRONOUS, "") = 0 [pid 5827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5827] chdir("./file0") = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_CLR_FD) = 0 [pid 5827] close(4) = 0 [ 74.323525][ T5827] bcachefs (loop0): done initializing freespace [ 74.333269][ T5827] bcachefs (loop0): reading snapshots table [ 74.339618][ T5827] bcachefs (loop0): reading snapshots done [ 74.355314][ T5827] bcachefs (loop0): done starting filesystem [pid 5827] munmap(0x200000001000, 16384) = 0 [pid 5827] openat(AT_FDCWD, NULL, O_WRONLY) = -1 EFAULT (Bad address) [pid 5827] openat(AT_FDCWD, "./file1", O_WRONLY|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 5827] pwritev2(4, [{iov_base="\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x63\x61\x63\x68\x65\x66\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=65007}], 1, 3707, 0) = 389 [pid 5827] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 000) = 5 [pid 5827] mmap(0x200000001000, 4096, PROT_WRITE, MAP_SHARED|MAP_FIXED, 5, 0) = 0x200000001000 [pid 5827] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5827] write(-1, NULL, 92) = -1 EBADF (Bad file descriptor) [pid 5827] mount(NULL, NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5827] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_DIRECT|O_NOATIME|O_CLOEXEC, 0673) = 6 [pid 5827] openat(AT_FDCWD, 0x200000001400, O_RDONLY|O_CREAT|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_CLOEXEC|O_PATH|__O_TMPFILE, 000) = 7 [pid 5827] truncate(NULL, 2147483645) = -1 EFAULT (Bad address) [pid 5827] splice(0, NULL, -1, NULL, 10, SPLICE_F_MOVE) = -1 EBADF (Bad file descriptor) [pid 5827] mkdir(NULL, 0777) = -1 EFAULT (Bad address) [pid 5827] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5827] openat(AT_FDCWD, "/proc/self/(null)", O_RDWR) = -1 ENOENT (No such file or directory) [pid 5827] openat(AT_FDCWD, "/proc/self/(null)", O_RDONLY) = -1 ENOENT (No such file or directory) [ 74.474806][ T30] audit: type=1800 audit(1747762899.947:2): pid=5827 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor391" name="file1" dev="loop0" ino=4098 res=0 errno=0 [ 74.497842][ T30] audit: type=1800 audit(1747762899.977:3): pid=5827 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor391" name="file1" dev="loop0" ino=4098 res=0 errno=0 [ 74.737862][ C0] ------------[ cut here ]------------ [ 74.743456][ C0] kernel BUG at block/blk-mq.c:1146! [ 74.749247][ C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 74.755536][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) [ 74.765702][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 74.775788][ C0] RIP: 0010:blk_mq_end_request+0x6c/0x70 [ 74.781449][ C0] Code: e8 79 f1 2b fd 48 89 df 89 ee 5b 5d e9 bd f9 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 7c ce e8 ec c5 8b fd eb c7 e8 55 f1 2b fd 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 74.801074][ C0] RSP: 0018:ffffc90000147bb8 EFLAGS: 00010246 [ 74.807158][ C0] RAX: ffffffff8493ff8b RBX: ffff8880242d1200 RCX: ffff88801c6d3c00 [ 74.815141][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 74.823125][ C0] RBP: 0000000000000000 R08: ffff88801c6d3c00 R09: 0000000000000003 [ 74.831105][ C0] R10: 0000000000000009 R11: 0000000000000100 R12: dffffc0000000000 [ 74.839086][ C0] R13: 0000000000000005 R14: ffff8880242d1200 R15: ffffffff8be81688 [ 74.847073][ C0] FS: 0000000000000000(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000 [ 74.856015][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.862752][ C0] CR2: 0000000000000000 CR3: 000000007cdd8000 CR4: 00000000003526f0 [ 74.870751][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.878739][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.886740][ C0] Call Trace: [ 74.890032][ C0] [ 74.892966][ C0] blk_done_softirq+0x10a/0x160 [ 74.897838][ C0] handle_softirqs+0x283/0x870 [ 74.902619][ C0] ? schedule+0x165/0x360 [ 74.906975][ C0] ? run_ksoftirqd+0x9b/0x100 [ 74.911667][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 74.916969][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 74.922019][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 74.927065][ C0] run_ksoftirqd+0x9b/0x100 [ 74.931585][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 74.936719][ C0] smpboot_thread_fn+0x53f/0xa60 [ 74.941677][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 74.946741][ C0] kthread+0x711/0x8a0 [ 74.950917][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 74.956396][ C0] ? __pfx_kthread+0x10/0x10 [ 74.961082][ C0] ? __pfx_kthread+0x10/0x10 [ 74.965679][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 74.970888][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.976103][ C0] ? __pfx_kthread+0x10/0x10 [ 74.980723][ C0] ret_from_fork+0x4b/0x80 [ 74.985147][ C0] ? __pfx_kthread+0x10/0x10 [ 74.989746][ C0] ret_from_fork_asm+0x1a/0x30 [ 74.994534][ C0] [ 74.997554][ C0] Modules linked in: [ 75.001520][ C0] ---[ end trace 0000000000000000 ]--- [ 75.007008][ C0] RIP: 0010:blk_mq_end_request+0x6c/0x70 [ 75.012654][ C0] Code: e8 79 f1 2b fd 48 89 df 89 ee 5b 5d e9 bd f9 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 7c ce e8 ec c5 8b fd eb c7 e8 55 f1 2b fd 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 75.032385][ C0] RSP: 0018:ffffc90000147bb8 EFLAGS: 00010246 [ 75.038514][ C0] RAX: ffffffff8493ff8b RBX: ffff8880242d1200 RCX: ffff88801c6d3c00 [ 75.046529][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 75.054525][ C0] RBP: 0000000000000000 R08: ffff88801c6d3c00 R09: 0000000000000003 [ 75.062569][ C0] R10: 0000000000000009 R11: 0000000000000100 R12: dffffc0000000000 [ 75.070582][ C0] R13: 0000000000000005 R14: ffff8880242d1200 R15: ffffffff8be81688 [ 75.078605][ C0] FS: 0000000000000000(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000 [ 75.087566][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.094168][ C0] CR2: 0000000000000000 CR3: 000000007cdd8000 CR4: 00000000003526f0 [ 75.102210][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.110311][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.118333][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 75.125811][ C0] Kernel Offset: disabled [ 75.130122][ C0] Rebooting in 86400 seconds..