./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2226575900 <...> Warning: Permanently added '10.128.0.34' (ED25519) to the list of known hosts. execve("./syz-executor2226575900", ["./syz-executor2226575900"], 0x7ffc84696b80 /* 10 vars */) = 0 brk(NULL) = 0x55558a1fd000 brk(0x55558a1fdd00) = 0x55558a1fdd00 arch_prctl(ARCH_SET_FS, 0x55558a1fd380) = 0 set_tid_address(0x55558a1fd650) = 5783 set_robust_list(0x55558a1fd660, 24) = 0 rseq(0x55558a1fdca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2226575900", 4096) = 28 getrandom("\xbe\x2f\x2c\xc4\x8d\x16\x1b\x98", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558a1fdd00 brk(0x55558a21ed00) = 0x55558a21ed00 brk(0x55558a21f000) = 0x55558a21f000 mprotect(0x7f7d58d75000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a1fd650) = 5784 ./strace-static-x86_64: Process 5784 attached [pid 5784] set_robust_list(0x55558a1fd660, 24) = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 executing program [pid 5784] write(1, "executing program\n", 18) = 18 [pid 5784] memfd_create("syzkaller", 0) = 3 [pid 5784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7d50800000 [pid 5784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5784] munmap(0x7f7d50800000, 138412032) = 0 [pid 5784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5784] close(3) = 0 [pid 5784] close(4) = 0 [pid 5784] mkdir("./file1", 0777) = 0 [ 182.875733][ T5784] loop0: detected capacity change from 0 to 32768 [ 183.016034][ T5784] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 1791,nojournal_transaction_names [ 183.035433][ T5784] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 183.044853][ T5784] bcachefs (loop0): Version upgrade required: [ 183.044853][ T5784] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 183.044853][ T5784] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.20: directory_size [ 183.044853][ T5784] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 183.142916][ T5784] bcachefs (loop0): error validating btree node on loop0 at btree alloc level 0/0 [ 183.142980][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 183.143039][ T5784] node offset 8/24 bset u64s 375: unsupported bset version 62.24 [ 183.175134][ T5784] bcachefs (loop0): flagging btree alloc lost data [ 183.181881][ T5784] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 183.197189][ T5784] error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 183.226147][ T5784] bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0 [ 183.226216][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key 0:3703155162349568:0 durability: 1 ptr: 0:29:0 gen 0 [ 183.226279][ T5784] node offset 0/32: incorrect min_key: got POS_MIN should be 0:3703155162349568:0 [ 183.261406][ T5784] bcachefs (loop0): flagging btree freespace lost data [ 183.272001][ T5784] error reading btree root btree=freespace level=0: btree_node_read_error, fixing [ 183.295800][ T5784] bcachefs (loop0): check_topology... done [ 183.306353][ T5784] bcachefs (loop0): accounting_read... done [ 183.313573][ T5784] bcachefs (loop0): alloc_read... done [ 183.319719][ T5784] bcachefs (loop0): stripes_read... done [ 183.325609][ T5784] bcachefs (loop0): snapshots_read... done [ 183.332071][ T5784] bcachefs (loop0): check_allocations... [ 183.336410][ T5784] bucket 0:34 data type user ptr gen 0 missing in alloc btree [ 183.336474][ T5784] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, fixing [ 183.372539][ T5784] bucket 0:27 data type btree ptr gen 0 missing in alloc btree [ 183.372598][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0, fixing [ 183.404040][ T5784] bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 183.404099][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 183.434589][ T5784] bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 183.434649][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 281474976710656: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 183.461266][ T5784] bucket 0:31 data type btree ptr gen 0 missing in alloc btree [ 183.461327][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0, fixing [ 183.491659][ T5784] bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 183.491718][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 183.520848][ T5784] bucket 0:32 data type btree ptr gen 0 missing in alloc btree [ 183.520907][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 183.546370][ T5784] bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 183.546429][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 183.573258][ T5784] bucket 0:37 data type btree ptr gen 0 missing in alloc btree [ 183.573317][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 183.599080][ T5784] bucket 0:42 data type btree ptr gen 0 missing in alloc btree [ 183.599139][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 183.650799][ T5784] done [ 183.658624][ T5784] bcachefs (loop0): going read-write [ 183.668195][ T5784] bcachefs (loop0): journal_replay... [ 183.701975][ T3737] bucket incorrectly unset in freespace btree [ 183.702031][ T3737] u64s 5 type deleted 0:26:0 len 0 ver 0, , continuing [ 183.722982][ T5784] ===================================================== [ 183.730251][ T5784] BUG: KMSAN: uninit-value in rw_aux_tree_set+0x4d2/0x580 [ 183.737511][ T5784] rw_aux_tree_set+0x4d2/0x580 [ 183.742521][ T5784] rw_aux_tree_insert_entry+0x6c3/0x970 [ 183.748235][ T5784] bch2_bset_fix_lookup_table+0xecc/0x13e0 [ 183.754277][ T5784] bch2_bset_insert+0x1621/0x19f0 [ 183.759442][ T5784] bch2_btree_bset_insert_key+0xf4e/0x2b60 [ 183.765538][ T5784] bch2_btree_insert_key_leaf+0x276/0x1050 [ 183.771659][ T5784] __bch2_trans_commit+0xbbb7/0xd310 [ 183.777111][ T5784] bch2_journal_replay+0x3082/0x4d30 [ 183.782673][ T5784] bch2_run_recovery_passes+0x5a2/0x1160 [ 183.788510][ T5784] bch2_fs_recovery+0x489c/0x6230 [ 183.793793][ T5784] bch2_fs_start+0x7ca/0xc20 [ 183.798561][ T5784] bch2_fs_get_tree+0x143a/0x2330 [ 183.803840][ T5784] vfs_get_tree+0xb1/0x5a0 [ 183.808444][ T5784] do_new_mount+0x71f/0x15e0 [ 183.813332][ T5784] path_mount+0x742/0x1f10 [ 183.817893][ T5784] __se_sys_mount+0x71f/0x800 [ 183.822810][ T5784] __x64_sys_mount+0xe4/0x150 [ 183.827647][ T5784] x64_sys_call+0x39bf/0x3c30 [ 183.832592][ T5784] do_syscall_64+0xcd/0x1e0 [ 183.837247][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.843484][ T5784] [ 183.845893][ T5784] Uninit was created at: [ 183.850482][ T5784] ___kmalloc_large_node+0x22c/0x370 [ 183.855969][ T5784] __kmalloc_large_node_noprof+0x3f/0x1e0 [ 183.861973][ T5784] __kmalloc_node_noprof+0xc96/0x1250 [ 183.867548][ T5784] __kvmalloc_node_noprof+0xc0/0x2d0 [ 183.873057][ T5784] __bch2_btree_node_mem_alloc+0x2be/0xa80 [ 183.879044][ T5784] bch2_fs_btree_cache_init+0x4f0/0xb60 [ 183.884843][ T5784] bch2_fs_open+0x4b24/0x59c0 [ 183.889830][ T5784] bch2_fs_get_tree+0x986/0x2330 [ 183.894922][ T5784] vfs_get_tree+0xb1/0x5a0 [ 183.899426][ T5784] do_new_mount+0x71f/0x15e0 [ 183.904279][ T5784] path_mount+0x742/0x1f10 [ 183.908893][ T5784] __se_sys_mount+0x71f/0x800 [ 183.913797][ T5784] __x64_sys_mount+0xe4/0x150 [ 183.918673][ T5784] x64_sys_call+0x39bf/0x3c30 [ 183.923682][ T5784] do_syscall_64+0xcd/0x1e0 [ 183.928337][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.934547][ T5784] [ 183.936961][ T5784] CPU: 1 UID: 0 PID: 5784 Comm: syz-executor222 Not tainted 6.14.0-rc1-syzkaller-00187-g8f6629c004b1 #0 [ 183.948339][ T5784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 183.958717][ T5784] ===================================================== [ 183.965884][ T5784] Disabling lock debugging due to kernel taint [ 183.972204][ T5784] Kernel panic - not syncing: kmsan.panic set ... [ 183.978698][ T5784] CPU: 1 UID: 0 PID: 5784 Comm: syz-executor222 Tainted: G B 6.14.0-rc1-syzkaller-00187-g8f6629c004b1 #0 [ 183.991421][ T5784] Tainted: [B]=BAD_PAGE [ 183.995639][ T5784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 184.005775][ T5784] Call Trace: [ 184.009118][ T5784] [ 184.012098][ T5784] dump_stack_lvl+0x216/0x2d0 [ 184.016884][ T5784] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 184.022802][ T5784] dump_stack+0x1e/0x24 [ 184.027066][ T5784] panic+0x4e2/0xcf0 [ 184.031144][ T5784] ? kmsan_get_metadata+0x91/0x1c0 [ 184.036365][ T5784] kmsan_report+0x2c7/0x2d0 [ 184.040959][ T5784] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 184.046895][ T5784] ? __msan_warning+0x95/0x120 [ 184.051746][ T5784] ? rw_aux_tree_set+0x4d2/0x580 [ 184.056793][ T5784] ? rw_aux_tree_insert_entry+0x6c3/0x970 [ 184.062617][ T5784] ? bch2_bset_fix_lookup_table+0xecc/0x13e0 [ 184.068691][ T5784] ? bch2_bset_insert+0x1621/0x19f0 [ 184.073975][ T5784] ? bch2_btree_bset_insert_key+0xf4e/0x2b60 [ 184.080078][ T5784] ? bch2_btree_insert_key_leaf+0x276/0x1050 [ 184.086175][ T5784] ? __bch2_trans_commit+0xbbb7/0xd310 [ 184.091743][ T5784] ? bch2_journal_replay+0x3082/0x4d30 [ 184.097333][ T5784] ? bch2_run_recovery_passes+0x5a2/0x1160 [ 184.103252][ T5784] ? bch2_fs_recovery+0x489c/0x6230 [ 184.108554][ T5784] ? bch2_fs_start+0x7ca/0xc20 [ 184.113408][ T5784] ? bch2_fs_get_tree+0x143a/0x2330 [ 184.118738][ T5784] ? vfs_get_tree+0xb1/0x5a0 [ 184.123426][ T5784] ? do_new_mount+0x71f/0x15e0 [ 184.128304][ T5784] ? path_mount+0x742/0x1f10 [ 184.133040][ T5784] ? __se_sys_mount+0x71f/0x800 [ 184.137983][ T5784] ? __x64_sys_mount+0xe4/0x150 [ 184.142927][ T5784] ? x64_sys_call+0x39bf/0x3c30 [ 184.147875][ T5784] ? do_syscall_64+0xcd/0x1e0 [ 184.152634][ T5784] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.158810][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.164127][ T5784] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 184.170045][ T5784] ? rw_aux_tree_set+0x3f/0x580 [ 184.175006][ T5784] ? filter_irq_stacks+0x60/0x1a0 [ 184.180179][ T5784] ? stack_depot_save_flags+0x2c/0x750 [ 184.185834][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.191199][ T5784] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 184.197699][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.202999][ T5784] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 184.208917][ T5784] __msan_warning+0x95/0x120 [ 184.213595][ T5784] rw_aux_tree_set+0x4d2/0x580 [ 184.218446][ T5784] ? bset_aux_tree_verify+0x44d/0x4a0 [ 184.223920][ T5784] rw_aux_tree_insert_entry+0x6c3/0x970 [ 184.229598][ T5784] bch2_bset_fix_lookup_table+0xecc/0x13e0 [ 184.235562][ T5784] ? bch2_bkey_pack_key+0x1745/0x1860 [ 184.241073][ T5784] bch2_bset_insert+0x1621/0x19f0 [ 184.246189][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.251504][ T5784] bch2_btree_bset_insert_key+0xf4e/0x2b60 [ 184.257456][ T5784] bch2_btree_insert_key_leaf+0x276/0x1050 [ 184.263395][ T5784] __bch2_trans_commit+0xbbb7/0xd310 [ 184.268829][ T5784] bch2_journal_replay+0x3082/0x4d30 [ 184.274229][ T5784] ? vprintk_emit+0xd5c/0xea0 [ 184.279016][ T5784] ? stack_depot_save_flags+0x2c/0x750 [ 184.284599][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.289923][ T5784] ? vprintk+0x35/0x40 [ 184.294079][ T5784] ? __bch2_print+0x392/0x470 [ 184.298891][ T5784] ? __pfx_bch2_journal_replay+0x10/0x10 [ 184.304713][ T5784] bch2_run_recovery_passes+0x5a2/0x1160 [ 184.310520][ T5784] bch2_fs_recovery+0x489c/0x6230 [ 184.315712][ T5784] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 184.322199][ T5784] ? __closure_wake_up+0x16a/0x180 [ 184.327447][ T5784] bch2_fs_start+0x7ca/0xc20 [ 184.332172][ T5784] bch2_fs_get_tree+0x143a/0x2330 [ 184.337411][ T5784] vfs_get_tree+0xb1/0x5a0 [ 184.341918][ T5784] ? mount_capable+0x97/0x120 [ 184.346711][ T5784] do_new_mount+0x71f/0x15e0 [ 184.351396][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.356710][ T5784] path_mount+0x742/0x1f10 [ 184.361223][ T5784] ? user_path_at+0x374/0x3e0 [ 184.366020][ T5784] __se_sys_mount+0x71f/0x800 [ 184.370856][ T5784] __x64_sys_mount+0xe4/0x150 [ 184.375661][ T5784] x64_sys_call+0x39bf/0x3c30 [ 184.380438][ T5784] do_syscall_64+0xcd/0x1e0 [ 184.385050][ T5784] ? clear_bhb_loop+0x25/0x80 [ 184.389878][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.395965][ T5784] RIP: 0033:0x7f7d58cfe0aa [ 184.400477][ T5784] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 184.420251][ T5784] RSP: 002b:00007ffefdfa5458 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 184.428778][ T5784] RAX: ffffffffffffffda RBX: 00007ffefdfa5470 RCX: 00007f7d58cfe0aa [ 184.436832][ T5784] RDX: 0000400000000100 RSI: 0000400000000000 RDI: 00007ffefdfa5470 [ 184.444879][ T5784] RBP: 0000400000000000 R08: 00007ffefdfa54b0 R09: 0000000000005967 [ 184.452927][ T5784] R10: 0000000000800000 R11: 0000000000000282 R12: 0000400000000100 [ 184.460972][ T5784] R13: 00007ffefdfa54b0 R14: 0000000000000003 R15: 0000000000800000 [ 184.469068][ T5784] [ 184.472436][ T5784] Kernel Offset: disabled [ 184.476822][ T5784] Rebooting in 86400 seconds..