./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2182649673 <...> Warning: Permanently added '10.128.0.123' (ED25519) to the list of known hosts. execve("./syz-executor2182649673", ["./syz-executor2182649673"], 0x7ffea0d34740 /* 10 vars */) = 0 brk(NULL) = 0x55557cfe0000 brk(0x55557cfe0d00) = 0x55557cfe0d00 arch_prctl(ARCH_SET_FS, 0x55557cfe0380) = 0 set_tid_address(0x55557cfe0650) = 5785 set_robust_list(0x55557cfe0660, 24) = 0 rseq(0x55557cfe0ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2182649673", 4096) = 28 getrandom("\x91\x73\x6c\xac\x8a\x9b\x0f\x39", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557cfe0d00 brk(0x55557d001d00) = 0x55557d001d00 brk(0x55557d002000) = 0x55557d002000 mprotect(0x7efd5618a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cfe0650) = 5786 ./strace-static-x86_64: Process 5786 attached [pid 5786] set_robust_list(0x55557cfe0660, 24) = 0 [pid 5786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5786] setpgid(0, 0) = 0 [pid 5786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5786] write(3, "1000", 4) = 4 [pid 5786] close(3executing program ) = 0 [pid 5786] write(1, "executing program\n", 18) = 18 [pid 5786] openat(AT_FDCWD, NULL, O_WRONLY) = -1 EFAULT (Bad address) [pid 5786] memfd_create("syzkaller", 0) = 3 [pid 5786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd4dc00000 [pid 5786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5786] munmap(0x7efd4dc00000, 138412032) = 0 [pid 5786] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5786] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5786] close(3) = 0 [pid 5786] close(4) = 0 [pid 5786] mkdir("./file1", 0777) = 0 [ 181.329496][ T5786] loop0: detected capacity change from 0 to 32768 [ 181.452901][ T5786] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fsck,fix_errors=yes,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 181.475377][ T5786] invalid bkey u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 unwritten [ 181.475487][ T5786] has unwritten ptrs: delete?, fixing [ 181.497419][ T5786] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 181.506379][ T5786] bcachefs (loop0): Version upgrade required: [ 181.506379][ T5786] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 181.506379][ T5786] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 181.506379][ T5786] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 181.581360][ T5786] bcachefs (loop0): dropping and reconstructing all alloc info [ 181.593814][ T5786] invalid btree root extents, fixing [ 181.599467][ T5786] bcachefs (loop0): will run btree node scan [ 181.605827][ T5786] bcachefs (loop0): flagging btree extents lost data [ 181.628957][ T5786] bcachefs (loop0): flagging btree xattrs lost data [ 181.639025][ T5786] error reading btree root xattrs l=0: btree_node_read_error, fixing [ 181.665024][ T5786] bcachefs (loop0): scan_for_btree_nodes... [ 181.732901][ T5786] bch2_scan_for_btree_nodes: nodes found after overwrites: [ 181.732991][ T5786] extents l=0 seq=1 journal_seq=5 cookie=c6c25c03258c59c5 POS_MIN-SPOS_MAX ptr: 0:27:0 gen 0 [ 181.733079][ T5786] inodes l=0 seq=1 journal_seq=5 cookie=7589ab5e0c11cc7a POS_MIN-SPOS_MAX ptr: 0:38:0 gen 0 [ 181.733165][ T5786] dirents l=0 seq=1 journal_seq=4 cookie=9aa2895aefce4bdf POS_MIN-SPOS_MAX ptr: 0:41:0 gen 0 [ 181.733254][ T5786] xattrs l=0 seq=1 journal_seq=4 cookie=2285c34bed0abe32 POS_MIN-U64_MAX:18374686479671623680:50331647 ptr: 0:31:0 gen 0 [ 181.733350][ T5786] subvolumes l=0 seq=1 journal_seq=4294967297 cookie=c0bef60d07ceb940 POS_MIN-SPOS_MAX ptr: 0:35:0 gen 0 [ 181.733440][ T5786] snapshots l=0 seq=1 journal_seq=1 cookie=ebb8d5a9e3463bdb POS_MIN-SPOS_MAX ptr: 0:32:0 gen 0 [ 181.733533][ T5786] lru l=0 seq=1 journal_seq=5 cookie=28f61e078e70b95c POS_MIN-SPOS_MAX ptr: 0:28:0 gen 0 [ 181.733619][ T5786] deleted_inodes l=0 seq=1 journal_seq=0 cookie=1db8f60c84bb244c POS_MIN-SPOS_MAX ptr: 0:42:0 gen 0 [ 181.733699][ T5786] [ 181.837473][ T5786] done [ 181.840338][ T5786] bcachefs (loop0): check_topology... [ 181.840412][ T5786] bcachefs (loop0): btree root extents unreadable, must recover from scan [ 181.855066][ T5786] bcachefs (loop0): bch2_get_scanned_nodes(): recovering extents l=0 POS_MIN - SPOS_MAX [ 181.865448][ T5786] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 181.888508][ T39] bcachefs (loop0): error validating btree node at btree extents level 0/0 [ 181.888570][ T39] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 181.888645][ T39] node offset 8/16 bset u64s 49 bset byte offset 232: keys out of order: u64s 7 type inline_data 536870976:8:U32_MAX len 8 ver 0 > u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0, fixing [ 181.931087][ T39] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=extents level=0 SPOS_MAX due to error [ 181.943742][ T5786] bcachefs (loop0): btree root xattrs unreadable, must recover from scan [ 181.952852][ T5786] bcachefs (loop0): bch2_get_scanned_nodes(): recovering xattrs l=0 POS_MIN - SPOS_MAX [ 181.963665][ T5786] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 U64_MAX:18374686479671623680:50331647 len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 181.990594][ T5786] btree node with incorrect max_keyat btree xattrs level 1: [ 181.990651][ T5786] parent: u64s 5 type btree_ptr SPOS_MAX len 0 ver 0 [ 181.990704][ T5786] child: u64s 11 type btree_ptr_v2 U64_MAX:18374686479671623680:50331647 len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0, fixing [ 182.023400][ T5786] bcachefs (loop0): bch2_get_scanned_nodes(): recovering xattrs l=0 U64_MAX:18374686479671623680:50331648 - SPOS_MAX [ 182.037338][ T5786] bcachefs (loop0): set_node_max(): u64s 11 type btree_ptr_v2 U64_MAX:18374686479671623680:50331647 len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 -> SPOS_MAX [ 182.058464][ T5786] done [ 182.061373][ T5786] bcachefs (loop0): accounting_read... done [ 182.068395][ T5786] bcachefs (loop0): alloc_read... done [ 182.074366][ T5786] bcachefs (loop0): stripes_read... done [ 182.080418][ T5786] bcachefs (loop0): snapshots_read... done [ 182.087090][ T5786] bcachefs (loop0): check_allocations... done [ 182.166918][ T5786] bcachefs (loop0): going read-write [ 182.180995][ T5786] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 182.189916][ T3761] ===================================================== [pid 5786] mount("/dev/loop0", "./file1", "bcachefs", MS_NOEXEC|MS_I_VERSION, "\x62\x74\x72\x65\x65\x5f\x6e\x6f\x64\x65\x5f\x70\x72\x65\x66\x65\x74\x63\x68\x2c\x66\x73\x63\x6b\x2c\x6e\x6f\x72\x65\x63\x6f\x76\x65\x72\x79\x2c\x66\x73\x63\x6b\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\xe6\x6c\x75\x73\x68\x5f\x64\x69\x73\x61\x62\x6c\x65\x64\x2c\x6e\x6f\x72\x65\x63\x6f\x76\x65\x72\x79\x2c\x66\x69\x78\x5f\x65\x72\x72\x6f\x72\x73\x3d\x79\x65\x73\x2c\x72\x65\x63\x6f\x6e\x73\x74\x72\x75\x63"...) = 0 [pid 5786] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 182.197599][ T3761] BUG: KMSAN: uninit-value in bch2_btree_node_check_topology+0x12cc/0x2e40 [ 182.206419][ T3761] bch2_btree_node_check_topology+0x12cc/0x2e40 [ 182.212827][ T3761] btree_split_insert_keys+0x4fd/0x630 [ 182.218570][ T3761] btree_split+0xdc4/0x98e0 [ 182.219315][ T5786] bcachefs (loop0): done starting filesystem [ 182.223191][ T3761] bch2_btree_insert_node+0xaba/0x2810 [ 182.235009][ T3761] bch2_btree_node_rewrite+0x10f8/0x1930 [ 182.240830][ T3761] async_btree_node_rewrite_work+0x485/0x1710 [ 182.247158][ T3761] process_scheduled_works+0xae0/0x1c40 [pid 5786] chdir("./file1") = 0 [pid 5786] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5786] ioctl(4, LOOP_CLR_FD) = 0 [pid 5786] close(4) = 0 [pid 5786] exit_group(0) = ? [pid 5786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5786, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=170 /* 1.70 s */} --- [ 182.252906][ T3761] worker_thread+0xea7/0x14f0 [ 182.258064][ T3761] kthread+0x3e2/0x540 [ 182.262340][ T3761] ret_from_fork+0x6d/0x90 [ 182.267005][ T3761] ret_from_fork_asm+0x1a/0x30 [ 182.271967][ T3761] [ 182.274383][ T3761] Uninit was created at: [ 182.279033][ T3761] ___kmalloc_large_node+0x22c/0x370 [ 182.284514][ T3761] __kmalloc_large_node_noprof+0x3f/0x1e0 [ 182.290732][ T3761] __kmalloc_node_noprof+0x9d6/0xf50 [ 182.296305][ T3761] __kvmalloc_node_noprof+0xc0/0x2d0 restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557cfe0650) = 5801 [ 182.301771][ T3761] bch2_btree_node_mem_alloc+0xa68/0x2e30 [ 182.307775][ T3761] bch2_btree_reserve_get+0x37f/0x2290 [ 182.313428][ T3761] bch2_btree_update_start+0x1af9/0x2d60 [ 182.319383][ T3761] bch2_btree_node_rewrite+0x1da/0x1930 [ 182.325184][ T3761] async_btree_node_rewrite_work+0x485/0x1710 [ 182.331443][ T3761] process_scheduled_works+0xae0/0x1c40 [ 182.337365][ T3761] worker_thread+0xea7/0x14f0 [ 182.342240][ T3761] kthread+0x3e2/0x540 [ 182.346680][ T3761] ret_from_fork+0x6d/0x90 [ 182.351263][ T3761] ret_from_fork_asm+0x1a/0x30 [ 182.356368][ T3761] [ 182.358811][ T3761] CPU: 0 UID: 0 PID: 3761 Comm: kworker/u8:13 Not tainted 6.12.0-rc6-syzkaller-00099-g7758b206117d #0 [ 182.370025][ T3761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 182.380611][ T3761] Workqueue: btree_node_rewrite async_btree_node_rewrite_work [ 182.388363][ T3761] ===================================================== [ 182.395553][ T3761] Disabling lock debugging due to kernel taint [ 182.401826][ T3761] Kernel panic - not syncing: kmsan.panic set ... [ 182.408378][ T3761] CPU: 0 UID: 0 PID: 3761 Comm: kworker/u8:13 Tainted: G B 6.12.0-rc6-syzkaller-00099-g7758b206117d #0 [ 182.421004][ T3761] Tainted: [B]=BAD_PAGE [ 182.425266][ T3761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 182.435480][ T3761] Workqueue: btree_node_rewrite async_btree_node_rewrite_work [ 182.443174][ T3761] Call Trace: [ 182.446571][ T3761] [ 182.449619][ T3761] dump_stack_lvl+0x216/0x2d0 ./strace-static-x86_64: Process 5801 attached [pid 5801] set_robust_list(0x55557cfe0660, 24) = 0 [pid 5801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5801] setpgid(0, 0) = 0 [pid 5801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5801] write(3, "1000", 4) = 4 [pid 5801] close(3) = 0 [pid 5801] write(1, "executing program\n", 18) = 18 [pid 5801] openat(AT_FDCWD, NULL, O_WRONLY) = -1 EFAULT (Bad address) [pid 5801] memfd_create("syzkaller", 0) = 3 [pid 5801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efd4dc00000 [ 182.454530][ T3761] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.460541][ T3761] dump_stack+0x1e/0x30 [ 182.464912][ T3761] panic+0x4e2/0xcf0 [ 182.469021][ T3761] ? kmsan_get_metadata+0x131/0x1c0 [ 182.474408][ T3761] kmsan_report+0x2c7/0x2d0 [ 182.479152][ T3761] ? __msan_warning+0x95/0x120 [ 182.484127][ T3761] ? bch2_btree_node_check_topology+0x12cc/0x2e40 [ 182.490739][ T3761] ? btree_split_insert_keys+0x4fd/0x630 [ 182.496578][ T3761] ? btree_split+0xdc4/0x98e0 [ 182.501428][ T3761] ? bch2_btree_insert_node+0xaba/0x2810 [ 182.507252][ T3761] ? bch2_btree_node_rewrite+0x10f8/0x1930 [ 182.513245][ T3761] ? async_btree_node_rewrite_work+0x485/0x1710 [ 182.519688][ T3761] ? process_scheduled_works+0xae0/0x1c40 [ 182.525615][ T3761] ? worker_thread+0xea7/0x14f0 [ 182.530667][ T3761] ? kthread+0x3e2/0x540 [ 182.535113][ T3761] ? ret_from_fork+0x6d/0x90 [ 182.539875][ T3761] ? ret_from_fork_asm+0x1a/0x30 [ 182.545025][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.550397][ T3761] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.556415][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.561786][ T3761] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.567776][ T3761] __msan_warning+0x95/0x120 [ 182.572574][ T3761] bch2_btree_node_check_topology+0x12cc/0x2e40 [ 182.579042][ T3761] ? bch2_btree_insert_keys_interior+0x1bf6/0x1ca0 [ 182.585804][ T3761] btree_split_insert_keys+0x4fd/0x630 [ 182.591491][ T3761] btree_split+0xdc4/0x98e0 [ 182.596163][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.601531][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.606902][ T3761] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.612893][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.618270][ T3761] ? __bkey_unpack_pos+0x760/0x8e0 [ 182.623612][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.628980][ T3761] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.634973][ T3761] ? __bch2_bkey_cmp_packed_format_checked+0x91c/0x960 [ 182.642018][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.647391][ T3761] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 182.653944][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.659320][ T3761] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.665307][ T3761] ? six_unlock_ip+0x40e/0x460 [ 182.670274][ T3761] ? bch2_btree_node_unlock_write+0x71b/0x740 [ 182.676556][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.681931][ T3761] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.687919][ T3761] bch2_btree_insert_node+0xaba/0x2810 [ 182.693584][ T3761] ? bch2_btree_insert_node+0x55e/0x2810 [ 182.699431][ T3761] bch2_btree_node_rewrite+0x10f8/0x1930 [ 182.705263][ T3761] ? bch2_btree_node_rewrite+0x32e/0x1930 [ 182.711199][ T3761] async_btree_node_rewrite_work+0x485/0x1710 [ 182.717495][ T3761] ? async_btree_node_rewrite_work+0x282/0x1710 [ 182.723946][ T3761] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.729351][ T3761] ? __pfx_async_btree_node_rewrite_work+0x10/0x10 [ 182.736059][ T3761] process_scheduled_works+0xae0/0x1c40 [ 182.741848][ T3761] worker_thread+0xea7/0x14f0 [ 182.746754][ T3761] kthread+0x3e2/0x540 [ 182.751036][ T3761] ? __pfx_worker_thread+0x10/0x10 [ 182.756359][ T3761] ? __pfx_kthread+0x10/0x10 [ 182.761163][ T3761] ret_from_fork+0x6d/0x90 [ 182.765751][ T3761] ? __pfx_kthread+0x10/0x10 [ 182.770558][ T3761] ret_from_fork_asm+0x1a/0x30 [ 182.775541][ T3761] [ 182.778959][ T3761] Kernel Offset: disabled [ 182.783350][ T3761] Rebooting in 86400 seconds..