./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1222498499 <...> Warning: Permanently added '10.128.0.43' (ED25519) to the list of known hosts. execve("./syz-executor1222498499", ["./syz-executor1222498499"], 0x7ffe8b0b5580 /* 10 vars */) = 0 brk(NULL) = 0x55556d900000 brk(0x55556d900d00) = 0x55556d900d00 arch_prctl(ARCH_SET_FS, 0x55556d900380) = 0 set_tid_address(0x55556d900650) = 5182 set_robust_list(0x55556d900660, 24) = 0 rseq(0x55556d900ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1222498499", 4096) = 28 getrandom("\x2b\x1b\xbd\x65\x7d\x2b\x39\x96", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556d900d00 brk(0x55556d921d00) = 0x55556d921d00 brk(0x55556d922000) = 0x55556d922000 mprotect(0x7f6617a10000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556d900650) = 5183 ./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x55556d900660, 24) = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 executing program [pid 5183] close(3) = 0 [pid 5183] write(1, "executing program\n", 18) = 18 [pid 5183] creat("./file0", 000) = 3 [pid 5183] pipe2([4, 5], 0) = 0 [pid 5183] write(5, "\x15\x00\x00\x00\x65\xff\xff\x04\x80\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = 21 [pid 5183] dup(5) = 6 [pid 5183] write(6, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5183] write(6, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311 [pid 5183] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000004,wfdno=0x0000000000000006,cache=mmap,k") = 0 [pid 5183] truncate("./file0", 0) = 0 [pid 5183] creat("./file0", 002) = 7 [pid 5183] write(7, "\x18\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4c\xee\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5183] exit_group(0) = ? [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556d900650) = 5185 ./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x55556d900660, 24) = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 executing program [pid 5185] write(1, "executing program\n", 18) = 18 [pid 5185] creat("./file0", 000) = -1 ENOENT (No such file or directory) [pid 5185] pipe2([3, 4], 0) = 0 [ 159.010009][ T4549] ===================================================== [ 159.018360][ T4549] BUG: KMSAN: uninit-value in netfs_clear_buffer+0x216/0x4e0 [ 159.026215][ T4549] netfs_clear_buffer+0x216/0x4e0 [ 159.033040][ T4549] netfs_free_request+0x51f/0x890 [ 159.038652][ T4549] netfs_put_request+0x161/0x360 [ 159.044097][ T4549] netfs_write_collection_worker+0x7337/0x7c20 [ 159.050635][ T4549] process_scheduled_works+0xae0/0x1c40 [pid 5185] write(4, "\x15\x00\x00\x00\x65\xff\xff\x04\x80\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = 21 [pid 5185] dup(4) = 5 [pid 5185] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5185] write(5, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311 [pid 5185] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,cache=mmap,k") = 0 [pid 5185] truncate("./file0", 0) = 0 [pid 5185] creat("./file0", 002) = 6 [ 159.061727][ T4549] worker_thread+0xea7/0x14f0 [ 159.067693][ T4549] kthread+0x3e2/0x540 [ 159.072173][ T4549] ret_from_fork+0x6d/0x90 [ 159.078057][ T4549] ret_from_fork_asm+0x1a/0x30 [ 159.083147][ T4549] [ 159.085563][ T4549] Uninit was created at: [ 159.090261][ T4549] __kmalloc_cache_noprof+0x4f0/0xb00 [ 159.096532][ T4549] netfs_buffer_append_folio+0x2cf/0x8b0 [ 159.102807][ T4549] netfs_write_folio+0x1120/0x3050 [pid 5185] write(6, "\x18\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4c\xee\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5185] exit_group(0) = ? [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 159.109057][ T4549] netfs_writepages+0xe60/0x1670 [ 159.115008][ T4549] do_writepages+0x427/0xc30 [ 159.120578][ T4549] filemap_fdatawrite_wbc+0x1d8/0x270 [ 159.126146][ T4549] filemap_fdatawrite+0xbf/0xf0 [ 159.131376][ T4549] v9fs_dir_release+0x1f2/0x810 [ 159.136399][ T4549] __fput+0x32c/0x1120 [ 159.141465][ T4549] ____fput+0x25/0x30 [ 159.145599][ T4549] task_work_run+0x268/0x310 [ 159.150512][ T4549] do_exit+0xd88/0x4050 [ 159.154834][ T4549] do_group_exit+0x2fe/0x390 restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5186 attached , child_tidptr=0x55556d900650) = 5186 [pid 5186] set_robust_list(0x55556d900660, 24) = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4executing program ) = 4 [pid 5186] close(3) = 0 [pid 5186] write(1, "executing program\n", 18) = 18 [pid 5186] creat("./file0", 000) = -1 ENOENT (No such file or directory) [pid 5186] pipe2([3, 4], 0) = 0 [pid 5186] write(4, "\x15\x00\x00\x00\x65\xff\xff\x04\x80\x00\x00\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = 21 [pid 5186] dup(4) = 5 [pid 5186] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5186] write(5, "\x4c\x01\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 311) = 311 [ 159.160344][ T4549] __x64_sys_exit_group+0x3c/0x50 [ 159.166294][ T4549] x64_sys_call+0x3b9a/0x3ba0 [ 159.173436][ T4549] do_syscall_64+0xcd/0x1e0 [ 159.179273][ T4549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.186757][ T4549] [ 159.189206][ T4549] CPU: 0 UID: 0 PID: 4549 Comm: kworker/u8:27 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 159.200233][ T4549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [pid 5186] mount(NULL, "./file0", "9p", 0, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,cache=mmap,k") = 0 [pid 5186] truncate("./file0", 0) = 0 [pid 5186] creat("./file0", 002) = 6 [pid 5186] write(6, "\x18\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4c\xee\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5186] exit_group(0) = ? [ 159.212894][ T4549] Workqueue: events_unbound netfs_write_collection_worker [ 159.221143][ T4549] ===================================================== [ 159.228194][ T4549] Disabling lock debugging due to kernel taint [ 159.235206][ T4549] Kernel panic - not syncing: kmsan.panic set ... [ 159.241777][ T4549] CPU: 0 UID: 0 PID: 4549 Comm: kworker/u8:27 Tainted: G B 6.11.0-syzkaller-04557-g2f27fce67173 #0 [ 159.254083][ T4549] Tainted: [B]=BAD_PAGE [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached , child_tidptr=0x55556d900650) = 5187 [pid 5187] set_robust_list(0x55556d900660, 24) = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [ 159.258345][ T4549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 159.268555][ T4549] Workqueue: events_unbound netfs_write_collection_worker [ 159.275935][ T4549] Call Trace: [ 159.279351][ T4549] [ 159.282394][ T4549] dump_stack_lvl+0x216/0x2d0 [ 159.287256][ T4549] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 159.293351][ T4549] dump_stack+0x1e/0x30 [ 159.297683][ T4549] panic+0x4e2/0xce0 [ 159.301801][ T4549] ? kmsan_get_metadata+0x71/0x1c0 [ 159.307213][ T4549] kmsan_report+0x2c7/0x2d0 [ 159.311898][ T4549] ? __msan_warning+0x95/0x120 [ 159.316880][ T4549] ? netfs_clear_buffer+0x216/0x4e0 [ 159.322371][ T4549] ? netfs_free_request+0x51f/0x890 [ 159.327772][ T4549] ? netfs_put_request+0x161/0x360 [ 159.333101][ T4549] ? netfs_write_collection_worker+0x7337/0x7c20 [ 159.339663][ T4549] ? process_scheduled_works+0xae0/0x1c40 [ 159.345590][ T4549] ? worker_thread+0xea7/0x14f0 [ 159.350641][ T4549] ? kthread+0x3e2/0x540 [ 159.355087][ T4549] ? ret_from_fork+0x6d/0x90 [ 159.359849][ T4549] ? ret_from_fork_asm+0x1a/0x30 [ 159.364999][ T4549] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 159.371559][ T4549] ? kmsan_get_metadata+0x13e/0x1c0 [ 159.376938][ T4549] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 159.382954][ T4549] ? kfree+0x3a7/0xb70 [ 159.387222][ T4549] ? p9_fid_destroy+0xf2/0x2d0 [ 159.392220][ T4549] ? p9_fid_destroy+0xf2/0x2d0 [ 159.397200][ T4549] ? kmsan_get_metadata+0x13e/0x1c0 [ 159.402578][ T4549] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 159.408579][ T4549] __msan_warning+0x95/0x120 [ 159.413385][ T4549] netfs_clear_buffer+0x216/0x4e0 [ 159.418629][ T4549] netfs_free_request+0x51f/0x890 [ 159.423863][ T4549] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 159.430441][ T4549] netfs_put_request+0x161/0x360 [ 159.435601][ T4549] netfs_write_collection_worker+0x7337/0x7c20 [ 159.442001][ T4549] ? kmsan_get_metadata+0x13e/0x1c0 [ 159.447374][ T4549] ? kmsan_get_metadata+0x13e/0x1c0 [ 159.452792][ T4549] ? __pfx_netfs_write_collection_worker+0x10/0x10 [ 159.459543][ T4549] process_scheduled_works+0xae0/0x1c40 [ 159.465330][ T4549] worker_thread+0xea7/0x14f0 [ 159.470208][ T4549] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 159.476216][ T4549] kthread+0x3e2/0x540 [ 159.480493][ T4549] ? __pfx_worker_thread+0x10/0x10 [ 159.485822][ T4549] ? __pfx_kthread+0x10/0x10 [ 159.490636][ T4549] ret_from_fork+0x6d/0x90 [ 159.495236][ T4549] ? __pfx_kthread+0x10/0x10 [ 159.500471][ T4549] ret_from_fork_asm+0x1a/0x30 [ 159.505505][ T4549] [ 159.508771][ T4549] Kernel Offset: disabled [ 159.513161][ T4549] Rebooting in 86400 seconds..