./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2055874230 <...> Warning: Permanently added '10.128.0.91' (ED25519) to the list of known hosts. execve("./syz-executor2055874230", ["./syz-executor2055874230"], 0x7ffdd6708070 /* 10 vars */) = 0 brk(NULL) = 0x55557de38000 brk(0x55557de38d00) = 0x55557de38d00 arch_prctl(ARCH_SET_FS, 0x55557de38380) = 0 set_tid_address(0x55557de38650) = 5796 set_robust_list(0x55557de38660, 24) = 0 rseq(0x55557de38ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2055874230", 4096) = 28 getrandom("\x5f\xc6\xda\xe1\xe5\xe3\x55\x55", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557de38d00 brk(0x55557de59d00) = 0x55557de59d00 brk(0x55557de5a000) = 0x55557de5a000 mprotect(0x7fafed206000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5797 attached , child_tidptr=0x55557de38650) = 5797 [pid 5797] set_robust_list(0x55557de38660, 24) = 0 [pid 5797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5797] setpgid(0, 0) = 0 [pid 5797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5797] write(3, "1000", 4) = 4 [pid 5797] close(3) = 0 executing program [pid 5797] write(1, "executing program\n", 18) = 18 [pid 5797] memfd_create("syzkaller", 0) = 3 [pid 5797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fafe4c00000 [pid 5797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5797] munmap(0x7fafe4c00000, 138412032) = 0 [pid 5797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5797] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5797] close(3) = 0 [pid 5797] close(4) = 0 [pid 5797] mkdir("./file0", 0777) = 0 [ 204.209225][ T5797] loop0: detected capacity change from 0 to 32768 [ 204.238770][ T5797] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 204.247397][ T5797] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 204.272807][ T5797] gfs2: fsid=syz:syz.0: journal 0 mapped with 7 extents in 0ms [ 204.289872][ T10] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 204.297019][ T10] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 204.385844][ T10] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 88ms [ 204.394056][ T10] gfs2: fsid=syz:syz.0: jid=0: Done [ 204.400231][ T5797] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 204.615406][ T5797] syz-executor205: attempt to access beyond end of device [ 204.615406][ T5797] loop0: rw=12288, sector=2251799813685248, nr_sectors = 8 limit=32768 [ 204.631119][ T5797] ===================================================== [ 204.638573][ T5797] BUG: KMSAN: uninit-value in gfs2_quota_init+0x22c4/0x2950 [ 204.646206][ T5797] gfs2_quota_init+0x22c4/0x2950 [ 204.651301][ T5797] gfs2_make_fs_rw+0x4cf/0x6a0 [ 204.656339][ T5797] gfs2_fill_super+0x43f5/0x45a0 [ 204.661477][ T5797] get_tree_bdev_flags+0x6ec/0x910 [ 204.666929][ T5797] get_tree_bdev+0x37/0x50 [ 204.671656][ T5797] gfs2_get_tree+0x5c/0x340 [ 204.676408][ T5797] vfs_get_tree+0xb1/0x5a0 [ 204.681034][ T5797] do_new_mount+0x71f/0x15e0 [ 204.685973][ T5797] path_mount+0x742/0x1f10 [ 204.690636][ T5797] __se_sys_mount+0x722/0x810 [ 204.695618][ T5797] __x64_sys_mount+0xe4/0x150 [ 204.700623][ T5797] x64_sys_call+0x39bf/0x3c30 [ 204.705682][ T5797] do_syscall_64+0xcd/0x1e0 [ 204.710406][ T5797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.716586][ T5797] [ 204.719015][ T5797] Uninit was created at: [ 204.723491][ T5797] __alloc_pages_noprof+0x9a7/0xe00 [ 204.729041][ T5797] alloc_pages_mpol_noprof+0x299/0x990 [ 204.734845][ T5797] folio_alloc_noprof+0x1db/0x310 [ 204.739998][ T5797] filemap_alloc_folio_noprof+0xa6/0x440 [ 204.745970][ T5797] __filemap_get_folio+0xac4/0x1550 [ 204.751451][ T5797] gfs2_getbuf+0x23f/0xcd0 [ 204.756158][ T5797] gfs2_meta_ra+0x17f/0x7b0 [ 204.760892][ T5797] gfs2_quota_init+0x78d/0x2950 [ 204.766089][ T5797] gfs2_make_fs_rw+0x4cf/0x6a0 [ 204.771080][ T5797] gfs2_fill_super+0x43f5/0x45a0 [ 204.776345][ T5797] get_tree_bdev_flags+0x6ec/0x910 [ 204.781701][ T5797] get_tree_bdev+0x37/0x50 [ 204.786489][ T5797] gfs2_get_tree+0x5c/0x340 [ 204.791167][ T5797] vfs_get_tree+0xb1/0x5a0 [ 204.795855][ T5797] do_new_mount+0x71f/0x15e0 [ 204.800675][ T5797] path_mount+0x742/0x1f10 [ 204.805507][ T5797] __se_sys_mount+0x722/0x810 [ 204.810410][ T5797] __x64_sys_mount+0xe4/0x150 [ 204.815424][ T5797] x64_sys_call+0x39bf/0x3c30 [ 204.820330][ T5797] do_syscall_64+0xcd/0x1e0 [ 204.825160][ T5797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.831268][ T5797] [ 204.833681][ T5797] CPU: 0 UID: 0 PID: 5797 Comm: syz-executor205 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 204.844846][ T5797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 204.855166][ T5797] ===================================================== [ 204.862168][ T5797] Disabling lock debugging due to kernel taint [ 204.868655][ T5797] Kernel panic - not syncing: kmsan.panic set ... [ 204.875221][ T5797] CPU: 0 UID: 0 PID: 5797 Comm: syz-executor205 Tainted: G B 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 204.887677][ T5797] Tainted: [B]=BAD_PAGE [ 204.891977][ T5797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 204.902173][ T5797] Call Trace: [ 204.905542][ T5797] [ 204.908573][ T5797] dump_stack_lvl+0x216/0x2d0 [ 204.913418][ T5797] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 204.919492][ T5797] dump_stack+0x1e/0x30 [ 204.923815][ T5797] panic+0x4e2/0xcf0 [ 204.927870][ T5797] ? kmsan_get_metadata+0x81/0x1c0 [ 204.933180][ T5797] kmsan_report+0x2c7/0x2d0 [ 204.937950][ T5797] ? __msan_warning+0x95/0x120 [ 204.942884][ T5797] ? gfs2_quota_init+0x22c4/0x2950 [ 204.948182][ T5797] ? gfs2_make_fs_rw+0x4cf/0x6a0 [ 204.953268][ T5797] ? gfs2_fill_super+0x43f5/0x45a0 [ 204.958531][ T5797] ? get_tree_bdev_flags+0x6ec/0x910 [ 204.964008][ T5797] ? get_tree_bdev+0x37/0x50 [ 204.968787][ T5797] ? gfs2_get_tree+0x5c/0x340 [ 204.973672][ T5797] ? vfs_get_tree+0xb1/0x5a0 [ 204.978410][ T5797] ? do_new_mount+0x71f/0x15e0 [ 204.983327][ T5797] ? path_mount+0x742/0x1f10 [ 204.988067][ T5797] ? __se_sys_mount+0x722/0x810 [ 204.993110][ T5797] ? __x64_sys_mount+0xe4/0x150 [ 204.998230][ T5797] ? x64_sys_call+0x39bf/0x3c30 [ 205.003229][ T5797] ? do_syscall_64+0xcd/0x1e0 [ 205.008138][ T5797] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.014349][ T5797] ? submit_bio+0x58a/0x5b0 [ 205.018987][ T5797] ? submit_bh_wbc+0x82b/0x8a0 [ 205.023913][ T5797] ? kmsan_get_metadata+0x13e/0x1c0 [ 205.029286][ T5797] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 205.035266][ T5797] ? kmsan_get_metadata+0x13e/0x1c0 [ 205.040716][ T5797] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 205.046691][ T5797] __msan_warning+0x95/0x120 [ 205.051435][ T5797] gfs2_quota_init+0x22c4/0x2950 [ 205.056565][ T5797] gfs2_make_fs_rw+0x4cf/0x6a0 [ 205.061613][ T5797] gfs2_fill_super+0x43f5/0x45a0 [ 205.066765][ T5797] ? sb_set_blocksize+0x12a/0x160 [ 205.071926][ T5797] ? setup_bdev_super+0xa2c/0xa90 [ 205.077114][ T5797] ? init_locking+0xf0/0x510 [ 205.081861][ T5797] get_tree_bdev_flags+0x6ec/0x910 [ 205.087144][ T5797] ? __pfx_gfs2_fill_super+0x10/0x10 [ 205.092567][ T5797] ? __pfx_gfs2_fill_super+0x10/0x10 [ 205.097993][ T5797] get_tree_bdev+0x37/0x50 [ 205.102590][ T5797] gfs2_get_tree+0x5c/0x340 [ 205.107246][ T5797] ? __pfx_gfs2_get_tree+0x10/0x10 [ 205.112508][ T5797] vfs_get_tree+0xb1/0x5a0 [ 205.117096][ T5797] ? mount_capable+0x97/0x120 [ 205.121940][ T5797] do_new_mount+0x71f/0x15e0 [ 205.126704][ T5797] ? kmsan_get_metadata+0x13e/0x1c0 [ 205.132120][ T5797] path_mount+0x742/0x1f10 [ 205.136876][ T5797] ? user_path_at+0x374/0x3e0 [ 205.141737][ T5797] __se_sys_mount+0x722/0x810 [ 205.146607][ T5797] ? ptrace_notify+0x263/0x320 [ 205.151560][ T5797] __x64_sys_mount+0xe4/0x150 [ 205.156430][ T5797] x64_sys_call+0x39bf/0x3c30 [ 205.161311][ T5797] do_syscall_64+0xcd/0x1e0 [ 205.165990][ T5797] ? clear_bhb_loop+0x25/0x80 [ 205.170877][ T5797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.176938][ T5797] RIP: 0033:0x7fafed181daa [ 205.181475][ T5797] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 205.201286][ T5797] RSP: 002b:00007ffd28338678 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 205.209928][ T5797] RAX: ffffffffffffffda RBX: 00007ffd28338690 RCX: 00007fafed181daa [ 205.218020][ T5797] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 00007ffd28338690 [ 205.226126][ T5797] RBP: 0000000000000004 R08: 00007ffd283386d0 R09: 000000000001254b [ 205.234206][ T5797] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 205.242280][ T5797] R13: 00007ffd283386d0 R14: 0000000000000003 R15: 0000000001000000 [ 205.250385][ T5797] [ 205.253808][ T5797] Kernel Offset: disabled [ 205.258223][ T5797] Rebooting in 86400 seconds..