./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3547101552 <...> Warning: Permanently added '10.128.0.188' (ED25519) to the list of known hosts. execve("./syz-executor3547101552", ["./syz-executor3547101552"], 0x7ffef7a6e6e0 /* 10 vars */) = 0 brk(NULL) = 0x55557c406000 brk(0x55557c406d00) = 0x55557c406d00 arch_prctl(ARCH_SET_FS, 0x55557c406380) = 0 set_tid_address(0x55557c406650) = 5777 set_robust_list(0x55557c406660, 24) = 0 rseq(0x55557c406ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3547101552", 4096) = 28 getrandom("\xfd\x98\xb9\xe3\x9d\xce\xee\x32", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557c406d00 brk(0x55557c427d00) = 0x55557c427d00 brk(0x55557c428000) = 0x55557c428000 mprotect(0x7efe57013000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557c406650) = 5778 ./strace-static-x86_64: Process 5778 attached [pid 5778] set_robust_list(0x55557c406660, 24) = 0 [pid 5778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5778] setpgid(0, 0) = 0 [pid 5778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5778] write(3, "1000", 4executing program ) = 4 [pid 5778] close(3) = 0 [pid 5778] write(1, "executing program\n", 18) = 18 [pid 5778] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=8589934731}, NULL) = 0 [pid 5778] sched_setscheduler(0, SCHED_RR, [4]) = 0 [pid 5778] memfd_create("syzkaller", 0) = 3 [pid 5778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efe4ea00000 [pid 5778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5778] munmap(0x7efe4ea00000, 138412032) = 0 [pid 5778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5778] close(3) = 0 [pid 5778] close(4) = 0 [pid 5778] mkdir("./file1", 0777) = 0 [ 180.582964][ T5778] loop0: detected capacity change from 0 to 32768 [ 180.731132][ T5778] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 180.747735][ T5778] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 180.757164][ T5778] bcachefs (loop0): Version upgrade required: [ 180.757164][ T5778] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 180.757164][ T5778] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.20: directory_size [ 180.757164][ T5778] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 180.847071][ T5778] bcachefs (loop0): error validating btree node on loop0 at btree dirents level 0/0 [ 180.847135][ T5778] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 281474976710656: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 180.847204][ T5778] node offset 0/24: incorrect min_key: got 0:0:7 should be POS_MIN [ 180.880128][ T5778] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 180.892333][ T5778] bcachefs (loop0): flagging btree dirents lost data [ 180.899250][ T5778] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 180.915385][ T5778] error reading btree root btree=dirents level=0: btree_node_read_error, fixing [ 180.936241][ T5778] bcachefs (loop0): error validating btree node on loop0 at btree alloc level 0/0 [ 180.936312][ T5778] u64s 11 type btree_ptr_v2 18446744073709551360:288230376151711743:U32_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 180.936379][ T5778] node offset 0/24 bset u64s 0: incorrect max key SPOS_MAX [ 180.970871][ T5778] bcachefs (loop0): flagging btree alloc lost data [ 180.980634][ T5778] error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 181.008864][ T5778] bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0 [ 181.008928][ T5778] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key 0:3703155162349568:0 durability: 1 ptr: 0:29:0 gen 0 [ 181.008990][ T5778] node offset 0/32: incorrect min_key: got POS_MIN should be 0:3703155162349568:0 [ 181.043828][ T5778] bcachefs (loop0): flagging btree freespace lost data [ 181.054470][ T5778] error reading btree root btree=freespace level=0: btree_node_read_error, fixing [ 181.076182][ T5778] bcachefs (loop0): scan_for_btree_nodes... [ 181.144923][ T5778] bcachefs (loop0): btree node scan found 7 nodes after overwrites [ 181.159204][ T5778] done [ 181.166246][ T5778] bcachefs (loop0): check_topology... [ 181.169528][ T5778] bcachefs (loop0): btree root dirents unreadable, must recover from scan [ 181.184505][ T5778] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=dirents level=0 POS_MIN - SPOS_MAX [ 181.195930][ T5778] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key 0:0:7 durability: 1 ptr: 0:41:0 gen 0 [ 181.220908][ T5778] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=dirents level=0 POS_MIN - 0:0:6 [ 181.233711][ T5778] btree node with incorrect min_key at btree=dirents level=1: [ 181.233762][ T5778] parent: u64s 5 type btree_ptr SPOS_MAX len 0 ver 0 [ 181.233809][ T5778] next: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key 0:0:7 durability: 1 ptr: 0:41:0 gen 0, fixing [ 181.264048][ T5778] bcachefs (loop0): set_node_min(): u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key 0:0:7 durability: 1 ptr: 0:41:0 gen 0 -> POS_MIN [ 181.282595][ T5778] done [ 181.288672][ T5778] bcachefs (loop0): accounting_read... done [ 181.295758][ T5778] bcachefs (loop0): alloc_read... done [ 181.301794][ T5778] bcachefs (loop0): stripes_read... done [ 181.307708][ T5778] bcachefs (loop0): snapshots_read... done [ 181.314069][ T5778] bcachefs (loop0): check_allocations... [ 181.318511][ T5778] bucket 0:34 data type user ptr gen 0 missing in alloc btree [ 181.318573][ T5778] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, fixing [ 181.354821][ T5778] bucket 0:27 data type btree ptr gen 0 missing in alloc btree [ 181.354878][ T5778] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0, fixing [ 181.386489][ T5778] bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 181.386547][ T5778] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 181.416326][ T5778] bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 181.416414][ T5778] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key R POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 181.442257][ T5778] bucket 0:31 data type btree ptr gen 0 missing in alloc btree [ 181.442314][ T5778] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0, fixing [ 181.472152][ T5778] bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 181.472216][ T5778] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 181.501450][ T5778] bucket 0:32 data type btree ptr gen 0 missing in alloc btree [ 181.501654][ T5778] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 181.528283][ T5778] bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 181.528341][ T5778] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 181.555254][ T5778] bucket 0:37 data type btree ptr gen 0 missing in alloc btree [ 181.555314][ T5778] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 181.581134][ T5778] bucket 0:42 data type btree ptr gen 0 missing in alloc btree [ 181.581191][ T5778] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 181.632914][ T5778] done [ 181.640770][ T5778] bcachefs (loop0): going read-write [ 181.650270][ T5778] bcachefs (loop0): journal_replay... [ 181.708930][ T1092] bucket incorrectly unset in freespace btree [ 181.708984][ T1092] u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing [ 181.731139][ T1092] ===================================================== [ 181.738369][ T1092] BUG: KMSAN: uninit-value in bch2_btree_ptr_v2_validate+0x51c/0xb20 [ 181.746675][ T1092] bch2_btree_ptr_v2_validate+0x51c/0xb20 [ 181.752805][ T1092] bch2_bkey_val_validate+0x357/0x530 [ 181.758366][ T1092] validate_bset_keys+0x20e3/0x2350 [ 181.764921][ T1092] validate_bset_for_write+0x2b3/0x410 [ 181.770529][ T1092] __bch2_btree_node_write+0x53df/0x6830 [ 181.776564][ T1092] bch2_btree_node_write_trans+0xd7/0x890 [ 181.782551][ T1092] btree_interior_update_work+0x3e3f/0x4820 [ 181.788575][ T1092] process_scheduled_works+0xae0/0x1c40 [ 181.794468][ T1092] worker_thread+0xea7/0x14f0 [ 181.799333][ T1092] kthread+0x6b9/0xef0 [ 181.803599][ T1092] ret_from_fork+0x6d/0x90 [ 181.808194][ T1092] ret_from_fork_asm+0x1a/0x30 [ 181.813232][ T1092] [ 181.815630][ T1092] Uninit was stored to memory at: [ 181.820811][ T1092] bch2_sort_keys_keep_unwritten_whiteouts+0x17d1/0x19d0 [ 181.828075][ T1092] __bch2_btree_node_write+0x3ae8/0x6830 [ 181.834006][ T1092] bch2_btree_node_write_trans+0xd7/0x890 [ 181.839876][ T1092] btree_interior_update_work+0x3e3f/0x4820 [ 181.846163][ T1092] process_scheduled_works+0xae0/0x1c40 [ 181.852039][ T1092] worker_thread+0xea7/0x14f0 [ 181.856839][ T1092] kthread+0x6b9/0xef0 [ 181.860989][ T1092] ret_from_fork+0x6d/0x90 [ 181.865662][ T1092] ret_from_fork_asm+0x1a/0x30 [ 181.870577][ T1092] [ 181.873071][ T1092] Uninit was created at: [ 181.877565][ T1092] ___kmalloc_large_node+0x22c/0x370 [ 181.883139][ T1092] __kmalloc_large_node_noprof+0x3f/0x1e0 [ 181.889080][ T1092] __kmalloc_node_noprof+0xc96/0x1250 [ 181.894800][ T1092] __kvmalloc_node_noprof+0xc0/0x2d0 [ 181.900266][ T1092] bch2_btree_node_mem_alloc+0xa72/0x2ee0 [ 181.906257][ T1092] bch2_btree_reserve_get+0x37f/0x2290 [ 181.912034][ T1092] bch2_btree_update_start+0x1af9/0x2d60 [ 181.918006][ T1092] bch2_btree_split_leaf+0x120/0xc90 [ 181.923600][ T1092] bch2_trans_commit_error+0x1c0/0x1d60 [ 181.929326][ T1092] __bch2_trans_commit+0x1d60/0xd310 [ 181.934866][ T1092] bch2_journal_replay+0x3082/0x4d30 [ 181.940318][ T1092] bch2_run_recovery_passes+0x5a2/0x1160 [ 181.946177][ T1092] bch2_fs_recovery+0x489c/0x6230 [ 181.951385][ T1092] bch2_fs_start+0x7ca/0xc20 [ 181.956201][ T1092] bch2_fs_get_tree+0x143a/0x2330 [ 181.961385][ T1092] vfs_get_tree+0xb1/0x5a0 [ 181.966010][ T1092] do_new_mount+0x71f/0x15e0 [ 181.970786][ T1092] path_mount+0x742/0x1f10 [ 181.975541][ T1092] __se_sys_mount+0x71f/0x800 [ 181.980369][ T1092] __x64_sys_mount+0xe4/0x150 [ 181.985325][ T1092] x64_sys_call+0x39bf/0x3c30 [ 181.990152][ T1092] do_syscall_64+0xcd/0x1e0 [ 181.994921][ T1092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.000997][ T1092] [ 182.003628][ T1092] CPU: 1 UID: 0 PID: 1092 Comm: kworker/u8:7 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 182.014700][ T1092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 182.024984][ T1092] Workqueue: btree_update btree_interior_update_work [ 182.032094][ T1092] ===================================================== [ 182.039077][ T1092] Disabling lock debugging due to kernel taint [ 182.045420][ T1092] Kernel panic - not syncing: kmsan.panic set ... [ 182.051984][ T1092] CPU: 1 UID: 0 PID: 1092 Comm: kworker/u8:7 Tainted: G B 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0 [ 182.064501][ T1092] Tainted: [B]=BAD_PAGE [ 182.068709][ T1092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 182.078847][ T1092] Workqueue: btree_update btree_interior_update_work [ 182.085768][ T1092] Call Trace: [ 182.089179][ T1092] [ 182.092166][ T1092] dump_stack_lvl+0x216/0x2d0 [ 182.096929][ T1092] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.102854][ T1092] dump_stack+0x1e/0x24 [ 182.107103][ T1092] panic+0x4e2/0xcf0 [ 182.111124][ T1092] ? kmsan_get_metadata+0xa1/0x1c0 [ 182.116531][ T1092] kmsan_report+0x2c7/0x2d0 [ 182.121164][ T1092] ? kthread+0x6b9/0xef0 [ 182.125526][ T1092] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.131461][ T1092] ? __msan_warning+0x95/0x120 [ 182.136425][ T1092] ? bch2_btree_ptr_v2_validate+0x51c/0xb20 [ 182.142442][ T1092] ? bch2_bkey_val_validate+0x357/0x530 [ 182.148116][ T1092] ? validate_bset_keys+0x20e3/0x2350 [ 182.153605][ T1092] ? validate_bset_for_write+0x2b3/0x410 [ 182.159359][ T1092] ? __bch2_btree_node_write+0x53df/0x6830 [ 182.165287][ T1092] ? bch2_btree_node_write_trans+0xd7/0x890 [ 182.171310][ T1092] ? btree_interior_update_work+0x3e3f/0x4820 [ 182.177515][ T1092] ? process_scheduled_works+0xae0/0x1c40 [ 182.183443][ T1092] ? worker_thread+0xea7/0x14f0 [ 182.188528][ T1092] ? kthread+0x6b9/0xef0 [ 182.192907][ T1092] ? ret_from_fork+0x6d/0x90 [ 182.197596][ T1092] ? ret_from_fork_asm+0x1a/0x30 [ 182.202632][ T1092] ? bch2_bkey_ptrs_validate+0x870/0x3840 [ 182.208470][ T1092] ? filter_irq_stacks+0x60/0x1a0 [ 182.213602][ T1092] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.218928][ T1092] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.224247][ T1092] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.230217][ T1092] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.235539][ T1092] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.241559][ T1092] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.246938][ T1092] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.252931][ T1092] __msan_warning+0x95/0x120 [ 182.257664][ T1092] bch2_btree_ptr_v2_validate+0x51c/0xb20 [ 182.263596][ T1092] ? __pfx_bch2_btree_ptr_v2_validate+0x10/0x10 [ 182.269975][ T1092] bch2_bkey_val_validate+0x357/0x530 [ 182.275504][ T1092] validate_bset_keys+0x20e3/0x2350 [ 182.280912][ T1092] validate_bset_for_write+0x2b3/0x410 [ 182.286607][ T1092] __bch2_btree_node_write+0x53df/0x6830 [ 182.292400][ T1092] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.297763][ T1092] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.303702][ T1092] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.309072][ T1092] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.314446][ T1092] bch2_btree_node_write_trans+0xd7/0x890 [ 182.320386][ T1092] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.326335][ T1092] btree_interior_update_work+0x3e3f/0x4820 [ 182.332456][ T1092] ? btree_interior_update_work+0x3bf7/0x4820 [ 182.338659][ T1092] ? __pfx_btree_interior_update_work+0x10/0x10 [ 182.345040][ T1092] process_scheduled_works+0xae0/0x1c40 [ 182.350754][ T1092] worker_thread+0xea7/0x14f0 [ 182.355557][ T1092] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.361534][ T1092] kthread+0x6b9/0xef0 [ 182.365763][ T1092] ? __pfx_worker_thread+0x10/0x10 [ 182.371000][ T1092] ? __pfx_kthread+0x10/0x10 [ 182.375758][ T1092] ret_from_fork+0x6d/0x90 [ 182.380288][ T1092] ? __pfx_kthread+0x10/0x10 [ 182.384994][ T1092] ret_from_fork_asm+0x1a/0x30 [ 182.389872][ T1092] [ 182.393258][ T1092] Kernel Offset: disabled [ 182.397646][ T1092] Rebooting in 86400 seconds..