./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor65401731 <...> Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts. execve("./syz-executor65401731", ["./syz-executor65401731"], 0x7ffee58f7950 /* 10 vars */) = 0 brk(NULL) = 0x55558da8d000 brk(0x55558da8dd00) = 0x55558da8dd00 arch_prctl(ARCH_SET_FS, 0x55558da8d380) = 0 set_tid_address(0x55558da8d650) = 5775 set_robust_list(0x55558da8d660, 24) = 0 rseq(0x55558da8dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor65401731", 4096) = 26 getrandom("\x01\x88\xe1\x31\xf2\xb0\x8b\xa7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558da8dd00 brk(0x55558daaed00) = 0x55558daaed00 brk(0x55558daaf000) = 0x55558daaf000 mprotect(0x7f7913e8b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 executing program clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5777 attached , child_tidptr=0x55558da8d650) = 5777 [pid 5777] set_robust_list(0x55558da8d660, 24) = 0 [pid 5777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5777] setpgid(0, 0) = 0 [pid 5777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5777] write(3, "1000", 4) = 4 [pid 5777] close(3) = 0 [pid 5777] write(1, "executing program\n", 18) = 18 [pid 5777] memfd_create("syzkaller", 0) = 3 [pid 5777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f790b800000 [pid 5777] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5777] munmap(0x7f790b800000, 138412032) = 0 [pid 5777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5777] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5777] close(3) = 0 [pid 5777] close(4) = 0 [pid 5777] mkdir("./file2", 0777) = 0 [ 178.079814][ T5777] loop0: detected capacity change from 0 to 32768 [ 178.195955][ T5777] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=ask,norecovery,nojournal_transaction_names,noexcl,reconstruct_alloc,nocow,no_data_io [ 178.219473][ T5777] bcachefs (loop0): recovering from clean shutdown, journal seq 3338 [ 178.229304][ T5777] bcachefs (loop0): Version upgrade required: [ 178.229304][ T5777] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 178.229304][ T5777] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 178.229304][ T5777] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 178.304604][ T5777] bcachefs (loop0): dropping and reconstructing all alloc info [ 178.357972][ T5777] bcachefs (loop0): error validating btree node on loop0 at btree snapshots level 0/0 [ 178.358073][ T5777] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 178.358176][ T5777] node offset 0/16 bset u64s 0: unknown checksum type 9, fixing [ 178.394169][ T5777] bcachefs (loop0): error validating btree node on loop0 at btree snapshots level 0/0 [ 178.394267][ T5777] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 178.394367][ T5777] node offset 8/16: btree node data missing: expected 16 sectors, found 8, fixing [ 178.430350][ T5777] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=snapshots level=0 SPOS_MAX due to error [ 178.453707][ T5777] bcachefs (loop0): accounting_read... done [ 178.461194][ T5777] bcachefs (loop0): alloc_read... done [ 178.468524][ T5777] bcachefs (loop0): stripes_read... done [ 178.474657][ T5777] bcachefs (loop0): snapshots_read... done [pid 5777] mount("/dev/loop0", "./file2", "bcachefs", MS_NOEXEC|MS_POSIXACL|MS_RELATIME, "\x4a\x61\x63\x6b\x67\x72\x6f\x75\x6e\xfd\xff\x63\x6f\x6d\x70\x72\x65\x33\x73\x69\x6f\x6e\x3d\x6c\x7a\x34\x2c\x72\x65\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x5f\x61\x6c\x6c\x6f\x63\x2c\x6e\x6f\x63\x6f\x77\x2c\x6e\x6f\x65\x78\x63\x6c\x2c\x62\x74\x72\x65\x65\x5f\x6e\x6f\x64\x65\x5f\x70\x72\x65\x66\x65\x74\x63\x68\x2c\x6e\x6f\x72\x65\x63\x6f\x76\x65\x72\x79\x2c\x73\x68\x61\x72\x64\x5f\x69\x6e\x6f\x64\x65"...) = 0 [pid 5777] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5777] chdir("./file2") = 0 [pid 5777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5777] ioctl(4, LOOP_CLR_FD) = 0 [pid 5777] close(4) = 0 [pid 5777] exit_group(0) = ? [pid 5777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5777, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=81 /* 0.81 s */} --- [ 178.482694][ T5777] bcachefs (loop0): check_allocations... done [ 178.608211][ T5777] bcachefs (loop0): going read-write [ 178.621462][ T5777] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 178.638621][ T5777] bcachefs (loop0): done starting filesystem restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5791 attached , child_tidptr=0x55558da8d650) = 5791 [pid 5791] set_robust_list(0x55558da8d660, 24) = 0 [pid 5791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5791] setpgid(0, 0) = 0 [pid 5791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5791] write(3, "1000", 4) = 4 [pid 5791] close(3) = 0 executing program [pid 5791] write(1, "executing program\n", 18) = 18 [pid 5791] memfd_create("syzkaller", 0) = 3 [pid 5791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f790b800000 [ 178.725568][ T1145] ===================================================== [ 178.733001][ T1145] BUG: KMSAN: uninit-value in rw_aux_tree_set+0x4d2/0x580 [ 178.740570][ T1145] rw_aux_tree_set+0x4d2/0x580 [ 178.745559][ T1145] rw_aux_tree_insert_entry+0x6c3/0x970 [ 178.751549][ T1145] bch2_bset_fix_lookup_table+0xecc/0x13e0 [ 178.757745][ T1145] bch2_bset_insert+0x1621/0x19f0 [ 178.762991][ T1145] bch2_btree_bset_insert_key+0xf4e/0x2b60 [ 178.769189][ T1145] bch2_btree_insert_key_leaf+0x276/0x1050 [ 178.775211][ T1145] __bch2_trans_commit+0xaf5e/0xd190 [ 178.782033][ T1145] btree_interior_update_work+0x2080/0x4870 [ 178.788500][ T1145] process_scheduled_works+0xae0/0x1c40 [ 178.794278][ T1145] worker_thread+0xea7/0x14f0 [ 178.799334][ T1145] kthread+0x3e2/0x540 [ 178.803572][ T1145] ret_from_fork+0x6d/0x90 [ 178.808239][ T1145] ret_from_fork_asm+0x1a/0x30 [ 178.813227][ T1145] [ 178.815740][ T1145] Uninit was created at: [ 178.820471][ T1145] ___kmalloc_large_node+0x22c/0x370 [ 178.825957][ T1145] __kmalloc_large_node_noprof+0x3f/0x1e0 [ 178.832013][ T1145] __kmalloc_node_noprof+0xc96/0x1250 [ 178.837781][ T1145] __kvmalloc_node_noprof+0xc0/0x2d0 [ 178.843295][ T1145] __bch2_btree_node_mem_alloc+0x2be/0xa80 [ 178.849453][ T1145] bch2_fs_btree_cache_init+0x4e4/0xb50 [ 178.855178][ T1145] bch2_fs_open+0x4d3a/0x5b40 [ 178.860203][ T1145] bch2_fs_get_tree+0x983/0x22d0 [ 178.865320][ T1145] vfs_get_tree+0xb1/0x5a0 [ 178.870085][ T1145] do_new_mount+0x71f/0x15e0 [ 178.874875][ T1145] path_mount+0x742/0x1f10 [ 178.879716][ T1145] __se_sys_mount+0x722/0x810 [ 178.884606][ T1145] __x64_sys_mount+0xe4/0x150 [ 178.889621][ T1145] x64_sys_call+0x39bf/0x3c30 [ 178.894503][ T1145] do_syscall_64+0xcd/0x1e0 [ 178.899417][ T1145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.905520][ T1145] [ 178.908116][ T1145] CPU: 1 UID: 0 PID: 1145 Comm: kworker/u8:8 Not tainted 6.12.0-syzkaller-11930-g0e287d31b62b #0 [ 178.918927][ T1145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 178.929294][ T1145] Workqueue: btree_update btree_interior_update_work [ 178.936458][ T1145] ===================================================== [ 178.943509][ T1145] Disabling lock debugging due to kernel taint [ 178.949959][ T1145] Kernel panic - not syncing: kmsan.panic set ... [ 178.956529][ T1145] CPU: 1 UID: 0 PID: 1145 Comm: kworker/u8:8 Tainted: G B 6.12.0-syzkaller-11930-g0e287d31b62b #0 [ 178.968740][ T1145] Tainted: [B]=BAD_PAGE [ 178.973005][ T1145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 178.983235][ T1145] Workqueue: btree_update btree_interior_update_work [ 178.990276][ T1145] Call Trace: [ 178.993681][ T1145] [ 178.996723][ T1145] dump_stack_lvl+0x216/0x2d0 [ 179.001621][ T1145] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 179.007667][ T1145] dump_stack+0x1e/0x30 [ 179.012033][ T1145] panic+0x4e2/0xcf0 [ 179.016163][ T1145] ? kmsan_get_metadata+0xc1/0x1c0 [ 179.021514][ T1145] kmsan_report+0x2c7/0x2d0 [ 179.026240][ T1145] ? __msan_warning+0x95/0x120 [ 179.031203][ T1145] ? rw_aux_tree_set+0x4d2/0x580 [ 179.036372][ T1145] ? rw_aux_tree_insert_entry+0x6c3/0x970 [ 179.042320][ T1145] ? bch2_bset_fix_lookup_table+0xecc/0x13e0 [ 179.048575][ T1145] ? bch2_bset_insert+0x1621/0x19f0 [ 179.054001][ T1145] ? bch2_btree_bset_insert_key+0xf4e/0x2b60 [ 179.060257][ T1145] ? bch2_btree_insert_key_leaf+0x276/0x1050 [ 179.066451][ T1145] ? __bch2_trans_commit+0xaf5e/0xd190 [ 179.072095][ T1145] ? btree_interior_update_work+0x2080/0x4870 [ 179.078399][ T1145] ? process_scheduled_works+0xae0/0x1c40 [ 179.084333][ T1145] ? worker_thread+0xea7/0x14f0 [ 179.089405][ T1145] ? kthread+0x3e2/0x540 [ 179.093804][ T1145] ? ret_from_fork+0x6d/0x90 [ 179.098572][ T1145] ? ret_from_fork_asm+0x1a/0x30 [ 179.103722][ T1145] ? bch2_btree_bset_insert_key+0xf4e/0x2b60 [ 179.109898][ T1145] ? bch2_btree_insert_key_leaf+0x276/0x1050 [ 179.116072][ T1145] ? __bch2_trans_commit+0xaf5e/0xd190 [ 179.121709][ T1145] ? btree_interior_update_work+0x2080/0x4870 [ 179.128015][ T1145] ? process_scheduled_works+0xae0/0x1c40 [ 179.133966][ T1145] ? kmsan_get_metadata+0x13e/0x1c0 [ 179.139407][ T1145] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 179.145454][ T1145] ? rw_aux_tree_set+0x3f/0x580 [ 179.150535][ T1145] ? filter_irq_stacks+0x164/0x1a0 [ 179.155844][ T1145] ? kmsan_get_metadata+0x13e/0x1c0 [ 179.161277][ T1145] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 179.167844][ T1145] ? kmsan_get_metadata+0x13e/0x1c0 [ 179.173360][ T1145] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 179.179410][ T1145] __msan_warning+0x95/0x120 [ 179.184208][ T1145] rw_aux_tree_set+0x4d2/0x580 [ 179.189217][ T1145] ? bset_aux_tree_verify+0x44d/0x4a0 [ 179.194837][ T1145] rw_aux_tree_insert_entry+0x6c3/0x970 [ 179.200647][ T1145] bch2_bset_fix_lookup_table+0xecc/0x13e0 [ 179.206692][ T1145] ? bch2_bkey_pack_key+0x1745/0x1860 [ 179.215615][ T1145] bch2_bset_insert+0x1621/0x19f0 [ 179.220893][ T1145] ? kmsan_get_metadata+0x13e/0x1c0 [ 179.226477][ T1145] bch2_btree_bset_insert_key+0xf4e/0x2b60 [ 179.232546][ T1145] bch2_btree_insert_key_leaf+0x276/0x1050 [ 179.238601][ T1145] __bch2_trans_commit+0xaf5e/0xd190 [ 179.244157][ T1145] btree_interior_update_work+0x2080/0x4870 [ 179.250369][ T1145] ? __pfx_btree_interior_update_work+0x10/0x10 [ 179.256868][ T1145] process_scheduled_works+0xae0/0x1c40 [ 179.262695][ T1145] worker_thread+0xea7/0x14f0 [ 179.267608][ T1145] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 179.273678][ T1145] kthread+0x3e2/0x540 [ 179.277923][ T1145] ? __pfx_worker_thread+0x10/0x10 [ 179.283266][ T1145] ? __pfx_kthread+0x10/0x10 [ 179.288036][ T1145] ret_from_fork+0x6d/0x90 [ 179.292629][ T1145] ? __pfx_kthread+0x10/0x10 [ 179.297393][ T1145] ret_from_fork_asm+0x1a/0x30 [ 179.302400][ T1145] [ 179.305730][ T1145] Kernel Offset: disabled [ 179.310126][ T1145] Rebooting in 86400 seconds..