./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor634234719 <...> Warning: Permanently added '10.128.0.191' (ED25519) to the list of known hosts. execve("./syz-executor634234719", ["./syz-executor634234719"], 0x7ffcd4dabde0 /* 10 vars */) = 0 brk(NULL) = 0x55555f535000 brk(0x55555f535d00) = 0x55555f535d00 arch_prctl(ARCH_SET_FS, 0x55555f535380) = 0 set_tid_address(0x55555f535650) = 5190 set_robust_list(0x55555f535660, 24) = 0 rseq(0x55555f535ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor634234719", 4096) = 27 getrandom("\x6f\x8b\xf5\x00\xdc\x6f\xb1\xe1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555f535d00 brk(0x55555f556d00) = 0x55555f556d00 brk(0x55555f557000) = 0x55555f557000 mprotect(0x7f01aab66000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f535650) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x55555f535660, 24) = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 executing program [pid 5191] write(1, "executing program\n", 18) = 18 [pid 5191] creat("./file0", 000) = 3 [pid 5191] pipe2([4, 5], 0) = 0 [pid 5191] write(5, "\x15\x00\x00\x00\x65\xff\xff\x04\x80\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = 21 [pid 5191] dup(5) = 6 [pid 5191] write(6, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5191] write(6, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311 [pid 5191] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000004,wfdno=0x0000000000000006,cache=mmap,k") = 0 [pid 5191] truncate("./file0", 0) = 0 [pid 5191] creat("./file0", 002) = 7 [pid 5191] write(7, "\x18\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4c\xee\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5191] exit_group(0) = ? [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555f535650) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x55555f535660, 24) = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] write(1, "executing program\n", 18executing program ) = 18 [pid 5193] creat("./file0", 000) = -1 ENOENT (No such file or directory) [pid 5193] pipe2([3, 4], 0) = 0 [ 161.918416][ T2945] ===================================================== [ 161.925930][ T2945] BUG: KMSAN: uninit-value in netfs_clear_buffer+0x216/0x4e0 [ 161.935582][ T2945] netfs_clear_buffer+0x216/0x4e0 [ 161.941210][ T2945] netfs_free_request+0x51f/0x890 [ 161.947874][ T2945] netfs_put_request+0x161/0x360 [ 161.953262][ T2945] netfs_write_collection_worker+0x7337/0x7c20 [ 161.962289][ T2945] process_scheduled_works+0xae0/0x1c40 [pid 5193] write(4, "\x15\x00\x00\x00\x65\xff\xff\x04\x80\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = 21 [pid 5193] dup(4) = 5 [pid 5193] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5193] write(5, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311 [pid 5193] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,cache=mmap,k") = 0 [pid 5193] truncate("./file0", 0) = 0 [pid 5193] creat("./file0", 002) = 6 [pid 5193] write(6, "\x18\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4c\xee\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5193] exit_group(0) = ? [ 161.970130][ T2945] worker_thread+0xea7/0x14f0 [ 161.975389][ T2945] kthread+0x3e2/0x540 [ 161.980754][ T2945] ret_from_fork+0x6d/0x90 [ 161.985432][ T2945] ret_from_fork_asm+0x1a/0x30 [ 161.990402][ T2945] [ 161.992897][ T2945] Uninit was created at: [ 161.997407][ T2945] __kmalloc_cache_noprof+0x4f0/0xb00 [ 162.003166][ T2945] netfs_buffer_append_folio+0x2cf/0x8b0 [ 162.009668][ T2945] netfs_write_folio+0x1120/0x3050 [ 162.015145][ T2945] netfs_writepages+0xe60/0x1670 [pid 5193] +++ exited with 0 +++ [ 162.022359][ T2945] do_writepages+0x427/0xc30 [ 162.027130][ T2945] filemap_fdatawrite_wbc+0x1d8/0x270 [ 162.032875][ T2945] filemap_fdatawrite+0xbf/0xf0 [ 162.038010][ T2945] v9fs_dir_release+0x1f2/0x810 [ 162.043225][ T2945] __fput+0x32c/0x1120 [ 162.047469][ T2945] ____fput+0x25/0x30 [ 162.052267][ T2945] task_work_run+0x268/0x310 [ 162.057014][ T2945] do_exit+0xd88/0x4050 [ 162.061384][ T2945] do_group_exit+0x2fe/0x390 [ 162.066134][ T2945] __x64_sys_exit_group+0x3c/0x50 [ 162.071450][ T2945] x64_sys_call+0x3b9a/0x3ba0 [ 162.076311][ T2945] do_syscall_64+0xcd/0x1e0 [ 162.080982][ T2945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.087127][ T2945] [ 162.089606][ T2945] CPU: 0 UID: 0 PID: 2945 Comm: kworker/u8:9 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 162.100625][ T2945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 162.110904][ T2945] Workqueue: events_unbound netfs_write_collection_worker [ 162.118332][ T2945] ===================================================== [ 162.125618][ T2945] Disabling lock debugging due to kernel taint [ 162.131932][ T2945] Kernel panic - not syncing: kmsan.panic set ... [ 162.138446][ T2945] CPU: 0 UID: 0 PID: 2945 Comm: kworker/u8:9 Tainted: G B 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 162.150655][ T2945] Tainted: [B]=BAD_PAGE [ 162.154874][ T2945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 162.165031][ T2945] Workqueue: events_unbound netfs_write_collection_worker [ 162.172335][ T2945] Call Trace: [ 162.175688][ T2945] [ 162.178688][ T2945] dump_stack_lvl+0x216/0x2d0 [ 162.183488][ T2945] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 162.189426][ T2945] dump_stack+0x1e/0x30 [ 162.193689][ T2945] panic+0x4e2/0xce0 [ 162.197734][ T2945] ? kmsan_get_metadata+0x71/0x1c0 [ 162.202976][ T2945] kmsan_report+0x2c7/0x2d0 [ 162.207600][ T2945] ? __msan_warning+0x95/0x120 [ 162.212507][ T2945] ? netfs_clear_buffer+0x216/0x4e0 [ 162.217931][ T2945] ? netfs_free_request+0x51f/0x890 [ 162.223297][ T2945] ? netfs_put_request+0x161/0x360 [ 162.228810][ T2945] ? netfs_write_collection_worker+0x7337/0x7c20 [ 162.235312][ T2945] ? process_scheduled_works+0xae0/0x1c40 [ 162.241169][ T2945] ? worker_thread+0xea7/0x14f0 [ 162.246169][ T2945] ? kthread+0x3e2/0x540 [ 162.250560][ T2945] ? ret_from_fork+0x6d/0x90 [ 162.255334][ T2945] ? ret_from_fork_asm+0x1a/0x30 [ 162.260416][ T2945] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 162.266904][ T2945] ? kmsan_get_metadata+0x13e/0x1c0 [ 162.272222][ T2945] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 162.278160][ T2945] ? kfree+0x3a7/0xb70 [ 162.282366][ T2945] ? p9_fid_destroy+0xf2/0x2d0 [ 162.287295][ T2945] ? p9_fid_destroy+0xf2/0x2d0 [ 162.292204][ T2945] ? kmsan_get_metadata+0x13e/0x1c0 [ 162.297522][ T2945] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 162.303543][ T2945] __msan_warning+0x95/0x120 [ 162.308282][ T2945] netfs_clear_buffer+0x216/0x4e0 [ 162.313461][ T2945] netfs_free_request+0x51f/0x890 [ 162.318627][ T2945] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 162.325118][ T2945] netfs_put_request+0x161/0x360 [ 162.330209][ T2945] netfs_write_collection_worker+0x7337/0x7c20 [ 162.336533][ T2945] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 162.342789][ T2945] ? __pfx_netfs_write_collection_worker+0x10/0x10 [ 162.349455][ T2945] process_scheduled_works+0xae0/0x1c40 [ 162.355185][ T2945] worker_thread+0xea7/0x14f0 [ 162.360022][ T2945] kthread+0x3e2/0x540 [ 162.364243][ T2945] ? __pfx_worker_thread+0x10/0x10 [ 162.369496][ T2945] ? __pfx_kthread+0x10/0x10 [ 162.374247][ T2945] ret_from_fork+0x6d/0x90 [ 162.378776][ T2945] ? __pfx_kthread+0x10/0x10 [ 162.383508][ T2945] ret_from_fork_asm+0x1a/0x30 [ 162.388422][ T2945] [ 163.760005][ T2945] Shutting down cpus with NMI [ 163.765045][ T2945] Kernel Offset: disabled [ 163.769429][ T2945] Rebooting in 86400 seconds..