./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3779412878 <...> Warning: Permanently added '10.128.10.2' (ED25519) to the list of known hosts. execve("./syz-executor3779412878", ["./syz-executor3779412878"], 0x7ffc14e53f10 /* 10 vars */) = 0 brk(NULL) = 0x55557806f000 brk(0x55557806fd00) = 0x55557806fd00 arch_prctl(ARCH_SET_FS, 0x55557806f380) = 0 set_tid_address(0x55557806f650) = 5780 set_robust_list(0x55557806f660, 24) = 0 rseq(0x55557806fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3779412878", 4096) = 28 getrandom("\xfa\xb6\x31\xe8\x23\x1b\x54\x9e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557806fd00 brk(0x555578090d00) = 0x555578090d00 brk(0x555578091000) = 0x555578091000 mprotect(0x7f464e395000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.tjAYB3", 0700) = 0 chmod("./syzkaller.tjAYB3", 0777) = 0 chdir("./syzkaller.tjAYB3") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5781 attached , child_tidptr=0x55557806f650) = 5781 [pid 5781] set_robust_list(0x55557806f660, 24) = 0 [pid 5781] chdir("./0") = 0 [pid 5781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5781] setpgid(0, 0) = 0 [pid 5781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5781] write(3, "1000", 4) = 4 [pid 5781] close(3) = 0 [pid 5781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5781] write(1, "executing program\n", 18executing program ) = 18 [pid 5781] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=8589934731}, NULL) = 0 [pid 5781] sched_setscheduler(0, SCHED_FIFO, [5]) = 0 [pid 5781] memfd_create("syzkaller", 0) = 3 [pid 5781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4645e00000 [pid 5781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5781] munmap(0x7f4645e00000, 138412032) = 0 [pid 5781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5781] close(3) = 0 [pid 5781] close(4) = 0 [pid 5781] mkdir("./bus", 0777) = 0 [ 209.948710][ T5781] loop0: detected capacity change from 0 to 32768 [ 209.968437][ T5781] btrfs: Deprecated parameter 'usebackuproot' [ 209.976295][ T5781] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 209.989519][ T5781] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor377 (5781) [ 210.014212][ T5781] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 210.024980][ T5781] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm [ 210.036706][ T5781] BTRFS info (device loop0): using free-space-tree [pid 5781] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC|MS_SYNCHRONOUS|MS_DIRSYNC|MS_NODIRATIME|MS_LAZYTIME, "barrier,autodefrag,ref_verify,enospc_debug,noflushoncommit,usebackuproot,max_inline=77k7,thread_pool"...) = 0 [ 210.211857][ T5781] BTRFS info (device loop0): rebuilding free space tree [pid 5781] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5781] chdir("./bus") = 0 [pid 5781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5781] ioctl(4, LOOP_CLR_FD) = 0 [pid 5781] close(4) = 0 [pid 5781] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0733) = 4 [pid 5781] io_uring_setup(9464, {flags=IORING_SETUP_COOP_TASKRUN|0x10000, sq_thread_cpu=0x1, sq_thread_idle=4294967293, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE|0x3e000, sq_off={head=0, tail=4, ring_mask=16, ring_entries=24, flags=36, dropped=32, array=0}, cq_off={head=8, tail=12, ring_mask=20, ring_entries=28, overflow=44, cqes=64, flags=40}}) = 5 [pid 5781] mmap(NULL, 524352, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 5, 0) = 0x7f464e254000 [pid 5781] mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 5, 0x10000000) = 0x7f464e154000 [ 210.287084][ T30] audit: type=1800 audit(1747130277.941:2): pid=5781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor377" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 210.305075][ T5781] ===================================================== [ 210.315783][ T5781] BUG: KMSAN: uninit-value in iov_iter_alignment_iovec+0x19e/0x470 [ 210.324062][ T5781] iov_iter_alignment_iovec+0x19e/0x470 [ 210.331402][ T5781] iov_iter_alignment+0x174/0x2d0 [ 210.336699][ T5781] btrfs_direct_read+0x204/0xa20 [ 210.342053][ T5781] btrfs_file_read_iter+0xce/0x310 [ 210.347471][ T5781] __io_read+0xbe6/0x2490 [ 210.352235][ T5781] io_read+0x3e/0x100 [ 210.356433][ T5781] io_issue_sqe+0x392/0x1fa0 [ 210.361342][ T5781] io_submit_sqes+0x11a4/0x2d80 [ 210.366420][ T5781] __se_sys_io_uring_enter+0x3b7/0x4c40 [ 210.372524][ T5781] __x64_sys_io_uring_enter+0x114/0x1a0 [ 210.378330][ T5781] x64_sys_call+0x317f/0x3db0 [ 210.383424][ T5781] do_syscall_64+0xd9/0x1b0 [ 210.388294][ T5781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.394643][ T5781] [ 210.397102][ T5781] Uninit was created at: [ 210.401822][ T5781] __alloc_frozen_pages_noprof+0x689/0xf00 [ 210.407894][ T5781] alloc_pages_mpol+0x328/0x860 [ 210.413170][ T5781] alloc_frozen_pages_noprof+0xf7/0x200 [ 210.419022][ T5781] allocate_slab+0x24d/0x1210 [ 210.424162][ T5781] ___slab_alloc+0xfec/0x3480 [ 210.429140][ T5781] __kmalloc_cache_noprof+0x8ff/0xed0 [ 210.435436][ T5781] set_kthread_struct+0xee/0x530 [ 210.441110][ T5781] copy_process+0x18d1/0x5d10 [ 210.446193][ T5781] kernel_clone+0x416/0x1070 [ 210.451477][ T5781] kernel_thread+0x13f/0x170 [ 210.456348][ T5781] kthreadd+0x55d/0x9f0 [ 210.461017][ T5781] ret_from_fork+0x6e/0x90 [ 210.465708][ T5781] ret_from_fork_asm+0x1a/0x30 [ 210.471233][ T5781] [ 210.473863][ T5781] CPU: 0 UID: 0 PID: 5781 Comm: syz-executor377 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) [ 210.486892][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.497322][ T5781] ===================================================== [ 210.504643][ T5781] Disabling lock debugging due to kernel taint [ 210.511159][ T5781] Kernel panic - not syncing: kmsan.panic set ... [ 210.517789][ T5781] CPU: 0 UID: 0 PID: 5781 Comm: syz-executor377 Tainted: G B 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(undef) [ 210.532768][ T5781] Tainted: [B]=BAD_PAGE [ 210.537097][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.547501][ T5781] Call Trace: [ 210.551029][ T5781] [ 210.554127][ T5781] __dump_stack+0x26/0x30 [ 210.559253][ T5781] dump_stack_lvl+0x53/0x270 [ 210.564099][ T5781] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 210.570186][ T5781] dump_stack+0x1e/0x25 [ 210.574584][ T5781] panic+0x4bd/0xd50 [ 210.578788][ T5781] kmsan_report+0x29d/0x2a0 [ 210.583625][ T5781] ? __msan_warning+0x96/0x120 [ 210.588623][ T5781] ? iov_iter_alignment_iovec+0x19e/0x470 [ 210.594620][ T5781] ? iov_iter_alignment+0x174/0x2d0 [ 210.600107][ T5781] ? btrfs_direct_read+0x204/0xa20 [ 210.605499][ T5781] ? btrfs_file_read_iter+0xce/0x310 [ 210.611037][ T5781] ? __io_read+0xbe6/0x2490 [ 210.615807][ T5781] ? io_read+0x3e/0x100 [ 210.620206][ T5781] ? io_issue_sqe+0x392/0x1fa0 [ 210.625216][ T5781] ? io_submit_sqes+0x11a4/0x2d80 [ 210.630484][ T5781] ? __se_sys_io_uring_enter+0x3b7/0x4c40 [ 210.636467][ T5781] ? __x64_sys_io_uring_enter+0x114/0x1a0 [ 210.642497][ T5781] ? x64_sys_call+0x317f/0x3db0 [ 210.647637][ T5781] ? do_syscall_64+0xd9/0x1b0 [ 210.652581][ T5781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.658920][ T5781] ? kernel_text_address+0x10e/0x1a0 [ 210.665024][ T5781] ? kmsan_get_metadata+0x105/0x1b0 [ 210.670485][ T5781] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 210.677120][ T5781] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 210.683586][ T5781] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 210.689669][ T5781] ? kmsan_get_metadata+0x105/0x1b0 [ 210.695154][ T5781] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 210.701885][ T5781] ? kmsan_get_metadata+0x105/0x1b0 [ 210.707380][ T5781] __msan_warning+0x96/0x120 [ 210.712242][ T5781] iov_iter_alignment_iovec+0x19e/0x470 [ 210.718114][ T5781] iov_iter_alignment+0x174/0x2d0 [ 210.723441][ T5781] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 210.729987][ T5781] btrfs_direct_read+0x204/0xa20 [ 210.735250][ T5781] ? end_current_label_crit_section+0x112/0x290 [ 210.741778][ T5781] ? common_file_perm+0x33f/0x400 [ 210.747081][ T5781] ? kmsan_get_metadata+0x105/0x1b0 [ 210.752584][ T5781] btrfs_file_read_iter+0xce/0x310 [ 210.757941][ T5781] ? kmsan_get_metadata+0x105/0x1b0 [ 210.763466][ T5781] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 210.769559][ T5781] ? __pfx_btrfs_file_read_iter+0x10/0x10 [ 210.775493][ T5781] __io_read+0xbe6/0x2490 [ 210.780018][ T5781] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 210.786189][ T5781] ? kmsan_get_metadata+0x105/0x1b0 [ 210.791635][ T5781] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 210.797701][ T5781] io_read+0x3e/0x100 [ 210.801882][ T5781] ? __pfx_io_read+0x10/0x10 [ 210.806842][ T5781] io_issue_sqe+0x392/0x1fa0 [ 210.811752][ T5781] io_submit_sqes+0x11a4/0x2d80 [ 210.816848][ T5781] ? kmsan_get_metadata+0xa0/0x1b0 [ 210.822233][ T5781] __se_sys_io_uring_enter+0x3b7/0x4c40 [ 210.828031][ T5781] ? kmsan_get_metadata+0x105/0x1b0 [ 210.833479][ T5781] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 210.840038][ T5781] ? kmsan_get_metadata+0x105/0x1b0 [ 210.845461][ T5781] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 210.851501][ T5781] ? kmsan_get_metadata+0x105/0x1b0 [ 210.856957][ T5781] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 210.863514][ T5781] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 210.869808][ T5781] ? _raw_spin_unlock_irq+0x31/0x50 [ 210.875233][ T5781] __x64_sys_io_uring_enter+0x114/0x1a0 [ 210.881047][ T5781] x64_sys_call+0x317f/0x3db0 [ 210.885956][ T5781] do_syscall_64+0xd9/0x1b0 [ 210.890746][ T5781] ? irqentry_exit+0x16/0x60 [ 210.895544][ T5781] ? clear_bhb_loop+0x25/0x80 [ 210.900441][ T5781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.906542][ T5781] RIP: 0033:0x7f464e31c569 [ 210.911169][ T5781] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 210.931002][ T5781] RSP: 002b:00007fffc7fb95c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 210.939791][ T5781] RAX: ffffffffffffffda RBX: 00000000000024f8 RCX: 00007f464e31c569 [ 210.947930][ T5781] RDX: 000000000000a4b7 RSI: 0000000000005b45 RDI: 0000000000000005 [ 210.956078][ T5781] RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000000 [ 210.964208][ T5781] R10: 0000000000000008 R11: 0000000000000246 R12: 0000200000000300 [ 210.972346][ T5781] R13: 0000200000000040 R14: 431bde82d7b634db R15: 00007fffc7fb9630 [ 210.980520][ T5781] [ 210.983868][ T5781] Kernel Offset: disabled [ 210.988292][ T5781] Rebooting in 86400 seconds..