./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor335172169 <...> Warning: Permanently added '10.128.0.250' (ED25519) to the list of known hosts. execve("./syz-executor335172169", ["./syz-executor335172169"], 0x7ffd185ca2e0 /* 10 vars */) = 0 brk(NULL) = 0x555560a02000 brk(0x555560a02d00) = 0x555560a02d00 arch_prctl(ARCH_SET_FS, 0x555560a02380) = 0 set_tid_address(0x555560a02650) = 5052 set_robust_list(0x555560a02660, 24) = 0 rseq(0x555560a02ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor335172169", 4096) = 27 getrandom("\xa2\x27\xa8\xc6\x87\x1b\x30\x67", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555560a02d00 brk(0x555560a23d00) = 0x555560a23d00 brk(0x555560a24000) = 0x555560a24000 mprotect(0x7f8a72b5b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached , child_tidptr=0x555560a02650) = 5053 [pid 5053] set_robust_list(0x555560a02660, 24) = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4executing program ) = 4 [pid 5053] close(3) = 0 [pid 5053] write(1, "executing program\n", 18) = 18 [pid 5053] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 5053] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 5053] memfd_create("syzkaller", 0) = 3 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8a6a600000 [pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5053] munmap(0x7f8a6a600000, 138412032) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5053] close(3) = 0 [pid 5053] close(4) = 0 [pid 5053] mkdir("./bus", 0777) = 0 [ 171.122951][ T5053] loop0: detected capacity change from 0 to 32768 [ 171.150118][ T5053] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor335 (5053) [ 171.175372][ T5053] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 171.186047][ T5053] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 171.197589][ T5053] BTRFS info (device loop0): using free-space-tree [pid 5053] mount("/dev/loop0", "./bus", "btrfs", MS_NODEV|MS_NOEXEC|MS_REC|MS_I_VERSION, "") = 0 [pid 5053] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5053] chdir("./bus") = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5053] ioctl(4, LOOP_CLR_FD) = 0 [pid 5053] close(4) = 0 [pid 5053] creat("./bus", 000) = 4 [pid 5053] open("./bus", O_RDONLY) = 5 [pid 5053] fcntl(5, F_SETFL, O_RDONLY|O_APPEND|O_DIRECT) = 0 [pid 5053] dup3(5, 4, 0) = 4 [pid 5053] io_setup(6, [0x7f8a72a9d000]) = 0 [ 171.318237][ T29] audit: type=1804 audit(1717874693.996:2): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor335" name="/root/bus/bus" dev="loop0" ino=263 res=1 errno=0 [ 171.349779][ T5053] ===================================================== [ 171.360330][ T5053] BUG: KMSAN: uninit-value in iov_iter_alignment_iovec+0x1a8/0x470 [ 171.368847][ T5053] iov_iter_alignment_iovec+0x1a8/0x470 [ 171.374677][ T5053] iov_iter_alignment+0x1aa/0x290 [ 171.379965][ T5053] btrfs_file_read_iter+0x46f/0xc70 [ 171.385440][ T5053] aio_read+0x4b3/0x690 [ 171.389766][ T5053] io_submit_one+0x2809/0x3280 [ 171.394924][ T5053] __se_sys_io_submit+0x275/0x700 [ 171.400199][ T5053] __x64_sys_io_submit+0x96/0xe0 [ 171.405511][ T5053] x64_sys_call+0x3620/0x3b50 [ 171.410396][ T5053] do_syscall_64+0xcf/0x1e0 [ 171.415306][ T5053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.421614][ T5053] [ 171.424045][ T5053] Local variable inline_vecs created at: [ 171.429810][ T5053] aio_read+0x4c/0x690 [ 171.434203][ T5053] io_submit_one+0x2809/0x3280 [ 171.439143][ T5053] [ 171.441695][ T5053] CPU: 1 PID: 5053 Comm: syz-executor335 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 171.452128][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 171.462437][ T5053] ===================================================== [ 171.469495][ T5053] Disabling lock debugging due to kernel taint [ 171.475902][ T5053] Kernel panic - not syncing: kmsan.panic set ... [ 171.482498][ T5053] CPU: 1 PID: 5053 Comm: syz-executor335 Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 171.494233][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 171.504452][ T5053] Call Trace: [ 171.507878][ T5053] [ 171.510935][ T5053] dump_stack_lvl+0x216/0x2d0 [ 171.515874][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 171.521933][ T5053] dump_stack+0x1e/0x30 [ 171.526344][ T5053] panic+0x4e2/0xcd0 [ 171.530521][ T5053] ? kmsan_get_metadata+0xf1/0x1d0 [ 171.535866][ T5053] kmsan_report+0x2d5/0x2e0 [ 171.540618][ T5053] ? __msan_warning+0x95/0x120 [ 171.545583][ T5053] ? iov_iter_alignment_iovec+0x1a8/0x470 [ 171.551523][ T5053] ? iov_iter_alignment+0x1aa/0x290 [ 171.557005][ T5053] ? btrfs_file_read_iter+0x46f/0xc70 [ 171.562629][ T5053] ? aio_read+0x4b3/0x690 [ 171.567166][ T5053] ? io_submit_one+0x2809/0x3280 [ 171.572315][ T5053] ? __se_sys_io_submit+0x275/0x700 [ 171.577780][ T5053] ? __x64_sys_io_submit+0x96/0xe0 [ 171.583142][ T5053] ? x64_sys_call+0x3620/0x3b50 [ 171.588244][ T5053] ? do_syscall_64+0xcf/0x1e0 [ 171.593169][ T5053] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.599509][ T5053] ? kernel_text_address+0x129/0x1b0 [ 171.605072][ T5053] ? kmsan_get_metadata+0x146/0x1d0 [ 171.610492][ T5053] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 171.617012][ T5053] ? kmsan_get_metadata+0x146/0x1d0 [ 171.622428][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 171.628469][ T5053] ? __rcu_read_unlock+0x7b/0xe0 [ 171.633666][ T5053] ? aa_file_perm+0x3e4/0x17a0 [ 171.638749][ T5053] ? kmsan_get_metadata+0x146/0x1d0 [ 171.644251][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 171.650368][ T5053] __msan_warning+0x95/0x120 [ 171.655165][ T5053] iov_iter_alignment_iovec+0x1a8/0x470 [ 171.660927][ T5053] iov_iter_alignment+0x1aa/0x290 [ 171.666219][ T5053] btrfs_file_read_iter+0x46f/0xc70 [ 171.671630][ T5053] ? kmsan_get_metadata+0x146/0x1d0 [ 171.677029][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 171.683056][ T5053] ? kmsan_get_metadata+0x146/0x1d0 [ 171.688465][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 171.694577][ T5053] aio_read+0x4b3/0x690 [ 171.698923][ T5053] ? __pfx_btrfs_file_read_iter+0x10/0x10 [ 171.704859][ T5053] ? kmsan_get_metadata+0x146/0x1d0 [ 171.710286][ T5053] ? kmsan_get_metadata+0x146/0x1d0 [ 171.715697][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 171.721707][ T5053] io_submit_one+0x2809/0x3280 [ 171.726690][ T5053] ? stack_depot_save_flags+0x66d/0x6e0 [ 171.732486][ T5053] __se_sys_io_submit+0x275/0x700 [ 171.737754][ T5053] ? ptrace_notify+0x263/0x320 [ 171.742734][ T5053] ? kmsan_get_metadata+0x146/0x1d0 [ 171.748147][ T5053] __x64_sys_io_submit+0x96/0xe0 [ 171.753368][ T5053] x64_sys_call+0x3620/0x3b50 [ 171.758293][ T5053] do_syscall_64+0xcf/0x1e0 [ 171.763033][ T5053] ? clear_bhb_loop+0x25/0x80 [ 171.767963][ T5053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.774122][ T5053] RIP: 0033:0x7f8a72ae2c19 [ 171.778698][ T5053] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 171.798540][ T5053] RSP: 002b:00007ffe9eba9518 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 171.807150][ T5053] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a72ae2c19 [ 171.815287][ T5053] RDX: 0000000020000540 RSI: 0000000000000001 RDI: 00007f8a72a9d000 [ 171.823457][ T5053] RBP: 00007f8a72b5b5f0 R08: 0000555560a034c0 R09: 0000555560a034c0 [ 171.831617][ T5053] R10: 0000555560a034c0 R11: 0000000000000246 R12: 00007ffe9eba9540 [ 171.839772][ T5053] R13: 00007ffe9eba9768 R14: 431bde82d7b634db R15: 00007f8a72b2b03b [ 171.847969][ T5053] [ 171.851465][ T5053] Kernel Offset: disabled [ 171.855896][ T5053] Rebooting in 86400 seconds..