[syzbot] [bcachefs?] KMSAN: uninit-value in bch2_extent_crc_append (2)
9 views
Skip to first unread message
syzbot
Mar 8, 2025, 11:20:29āÆPM3/8/25
to kent.ov...@linux.dev, linux-b...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 48a5eed9ad58 Merge tag 'devicetree-fixes-for-6.14-2' of gi..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=10a275a8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1d47ea4b9912d894
dashboard link: https://syzkaller.appspot.com/bug?extid=79e4e34c2a37d5a9c1f7
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=134ed7a0580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16630254580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0f1f7744db24/disk-48a5eed9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0abefd13fceb/vmlinux-48a5eed9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a1858ec33bb8/bzImage-48a5eed9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/f81e1c2bd91c/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+79e4e3...@syzkaller.appspotmail.com
bcachefs (loop0): check_allocations... done
bcachefs (loop0): going read-write
bcachefs (loop0): done starting filesystem
=====================================================
BUG: KMSAN: uninit-value in variable__ffs arch/x86/include/asm/bitops.h:251 [inline]
BUG: KMSAN: uninit-value in extent_entry_type fs/bcachefs/extents.h:59 [inline]
BUG: KMSAN: uninit-value in extent_entry_bytes fs/bcachefs/extents.h:68 [inline]
BUG: KMSAN: uninit-value in extent_entry_u64s fs/bcachefs/extents.h:81 [inline]
BUG: KMSAN: uninit-value in bch2_extent_crc_append+0x7c2/0x830 fs/bcachefs/extents.c:593
variable__ffs arch/x86/include/asm/bitops.h:251 [inline]
extent_entry_type fs/bcachefs/extents.h:59 [inline]
extent_entry_bytes fs/bcachefs/extents.h:68 [inline]
extent_entry_u64s fs/bcachefs/extents.h:81 [inline]
bch2_extent_crc_append+0x7c2/0x830 fs/bcachefs/extents.c:593
init_append_extent+0x466/0x1050 fs/bcachefs/io_write.c:729
bch2_write_extent fs/bcachefs/io_write.c:1073 [inline]
__bch2_write+0x54a9/0x8490 fs/bcachefs/io_write.c:1487
bch2_write+0xc98/0x1af0 fs/bcachefs/io_write.c:1659
closure_queue include/linux/closure.h:270 [inline]
closure_call include/linux/closure.h:432 [inline]
bch2_writepage_do_io fs/bcachefs/fs-io-buffered.c:469 [inline]
bch2_writepages+0x24a/0x3c0 fs/bcachefs/fs-io-buffered.c:652
do_writepages+0x427/0xc30 mm/page-writeback.c:2687
filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
__filemap_fdatawrite_range mm/filemap.c:422 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:797
bch2_fsync+0xb6/0x510 fs/bcachefs/fs-io.c:228
vfs_fsync_range+0x1f9/0x260 fs/sync.c:187
generic_write_sync include/linux/fs.h:2970 [inline]
bch2_write_iter+0x4dce/0x50f0 fs/bcachefs/fs-io-buffered.c:1072
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0xb34/0x1540 fs/read_write.c:679
ksys_write+0x240/0x4b0 fs/read_write.c:731
__do_sys_write fs/read_write.c:742 [inline]
__se_sys_write fs/read_write.c:739 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:739
x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at:
bch2_extent_crc_pack+0x686/0x6b0 fs/bcachefs/extents.c:549
bch2_extent_crc_append+0x645/0x830 fs/bcachefs/extents.c:591
init_append_extent+0x466/0x1050 fs/bcachefs/io_write.c:729
bch2_write_extent fs/bcachefs/io_write.c:1073 [inline]
__bch2_write+0x54a9/0x8490 fs/bcachefs/io_write.c:1487
bch2_write+0xc98/0x1af0 fs/bcachefs/io_write.c:1659
closure_queue include/linux/closure.h:270 [inline]
closure_call include/linux/closure.h:432 [inline]
bch2_writepage_do_io fs/bcachefs/fs-io-buffered.c:469 [inline]
bch2_writepages+0x24a/0x3c0 fs/bcachefs/fs-io-buffered.c:652
do_writepages+0x427/0xc30 mm/page-writeback.c:2687
filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
__filemap_fdatawrite_range mm/filemap.c:422 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:797
bch2_fsync+0xb6/0x510 fs/bcachefs/fs-io.c:228
vfs_fsync_range+0x1f9/0x260 fs/sync.c:187
generic_write_sync include/linux/fs.h:2970 [inline]
bch2_write_iter+0x4dce/0x50f0 fs/bcachefs/fs-io-buffered.c:1072
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0xb34/0x1540 fs/read_write.c:679
ksys_write+0x240/0x4b0 fs/read_write.c:731
__do_sys_write fs/read_write.c:742 [inline]
__se_sys_write fs/read_write.c:739 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:739
x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
__alloc_frozen_pages_noprof+0x9a7/0xe00 mm/page_alloc.c:4762
alloc_pages_mpol+0x4cd/0x890 mm/mempolicy.c:2270
alloc_frozen_pages_noprof+0x1bf/0x1e0 mm/mempolicy.c:2341
alloc_slab_page mm/slub.c:2423 [inline]
allocate_slab+0x23a/0x1110 mm/slub.c:2587
new_slab mm/slub.c:2640 [inline]
___slab_alloc+0x1287/0x3540 mm/slub.c:3826
__slab_alloc mm/slub.c:3916 [inline]
__slab_alloc_node mm/slub.c:3991 [inline]
slab_alloc_node mm/slub.c:4152 [inline]
kmem_cache_alloc_noprof+0x84e/0xe10 mm/slub.c:4171
mempool_alloc_slab+0x36/0x50 mm/mempool.c:559
mempool_init_node+0x202/0x4d0 mm/mempool.c:217
mempool_init_noprof+0x57/0x70 mm/mempool.c:246
bioset_init+0x279/0xb30 block/bio.c:1707
bch2_fs_fs_io_buffered_init+0x4a/0xc0 fs/bcachefs/fs-io-buffered.c:1084
bch2_fs_alloc fs/bcachefs/super.c:934 [inline]
bch2_fs_open+0x5654/0x5ba0 fs/bcachefs/super.c:2064
bch2_fs_get_tree+0x98a/0x24e0 fs/bcachefs/fs.c:2190
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 5782 Comm: syz-executor407 Not tainted 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 48a5eed9ad58 Merge tag 'devicetree-fixes-for-6.14-2' of gi..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=10a275a8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1d47ea4b9912d894
dashboard link: https://syzkaller.appspot.com/bug?extid=79e4e34c2a37d5a9c1f7
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=134ed7a0580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16630254580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0f1f7744db24/disk-48a5eed9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0abefd13fceb/vmlinux-48a5eed9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a1858ec33bb8/bzImage-48a5eed9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/f81e1c2bd91c/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+79e4e3...@syzkaller.appspotmail.com
bcachefs (loop0): check_allocations... done
bcachefs (loop0): going read-write
bcachefs (loop0): done starting filesystem
=====================================================
BUG: KMSAN: uninit-value in variable__ffs arch/x86/include/asm/bitops.h:251 [inline]
BUG: KMSAN: uninit-value in extent_entry_type fs/bcachefs/extents.h:59 [inline]
BUG: KMSAN: uninit-value in extent_entry_bytes fs/bcachefs/extents.h:68 [inline]
BUG: KMSAN: uninit-value in extent_entry_u64s fs/bcachefs/extents.h:81 [inline]
BUG: KMSAN: uninit-value in bch2_extent_crc_append+0x7c2/0x830 fs/bcachefs/extents.c:593
variable__ffs arch/x86/include/asm/bitops.h:251 [inline]
extent_entry_type fs/bcachefs/extents.h:59 [inline]
extent_entry_bytes fs/bcachefs/extents.h:68 [inline]
extent_entry_u64s fs/bcachefs/extents.h:81 [inline]
bch2_extent_crc_append+0x7c2/0x830 fs/bcachefs/extents.c:593
init_append_extent+0x466/0x1050 fs/bcachefs/io_write.c:729
bch2_write_extent fs/bcachefs/io_write.c:1073 [inline]
__bch2_write+0x54a9/0x8490 fs/bcachefs/io_write.c:1487
bch2_write+0xc98/0x1af0 fs/bcachefs/io_write.c:1659
closure_queue include/linux/closure.h:270 [inline]
closure_call include/linux/closure.h:432 [inline]
bch2_writepage_do_io fs/bcachefs/fs-io-buffered.c:469 [inline]
bch2_writepages+0x24a/0x3c0 fs/bcachefs/fs-io-buffered.c:652
do_writepages+0x427/0xc30 mm/page-writeback.c:2687
filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
__filemap_fdatawrite_range mm/filemap.c:422 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:797
bch2_fsync+0xb6/0x510 fs/bcachefs/fs-io.c:228
vfs_fsync_range+0x1f9/0x260 fs/sync.c:187
generic_write_sync include/linux/fs.h:2970 [inline]
bch2_write_iter+0x4dce/0x50f0 fs/bcachefs/fs-io-buffered.c:1072
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0xb34/0x1540 fs/read_write.c:679
ksys_write+0x240/0x4b0 fs/read_write.c:731
__do_sys_write fs/read_write.c:742 [inline]
__se_sys_write fs/read_write.c:739 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:739
x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at:
bch2_extent_crc_pack+0x686/0x6b0 fs/bcachefs/extents.c:549
bch2_extent_crc_append+0x645/0x830 fs/bcachefs/extents.c:591
init_append_extent+0x466/0x1050 fs/bcachefs/io_write.c:729
bch2_write_extent fs/bcachefs/io_write.c:1073 [inline]
__bch2_write+0x54a9/0x8490 fs/bcachefs/io_write.c:1487
bch2_write+0xc98/0x1af0 fs/bcachefs/io_write.c:1659
closure_queue include/linux/closure.h:270 [inline]
closure_call include/linux/closure.h:432 [inline]
bch2_writepage_do_io fs/bcachefs/fs-io-buffered.c:469 [inline]
bch2_writepages+0x24a/0x3c0 fs/bcachefs/fs-io-buffered.c:652
do_writepages+0x427/0xc30 mm/page-writeback.c:2687
filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
__filemap_fdatawrite_range mm/filemap.c:422 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:797
bch2_fsync+0xb6/0x510 fs/bcachefs/fs-io.c:228
vfs_fsync_range+0x1f9/0x260 fs/sync.c:187
generic_write_sync include/linux/fs.h:2970 [inline]
bch2_write_iter+0x4dce/0x50f0 fs/bcachefs/fs-io-buffered.c:1072
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0xb34/0x1540 fs/read_write.c:679
ksys_write+0x240/0x4b0 fs/read_write.c:731
__do_sys_write fs/read_write.c:742 [inline]
__se_sys_write fs/read_write.c:739 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:739
x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
__alloc_frozen_pages_noprof+0x9a7/0xe00 mm/page_alloc.c:4762
alloc_pages_mpol+0x4cd/0x890 mm/mempolicy.c:2270
alloc_frozen_pages_noprof+0x1bf/0x1e0 mm/mempolicy.c:2341
alloc_slab_page mm/slub.c:2423 [inline]
allocate_slab+0x23a/0x1110 mm/slub.c:2587
new_slab mm/slub.c:2640 [inline]
___slab_alloc+0x1287/0x3540 mm/slub.c:3826
__slab_alloc mm/slub.c:3916 [inline]
__slab_alloc_node mm/slub.c:3991 [inline]
slab_alloc_node mm/slub.c:4152 [inline]
kmem_cache_alloc_noprof+0x84e/0xe10 mm/slub.c:4171
mempool_alloc_slab+0x36/0x50 mm/mempool.c:559
mempool_init_node+0x202/0x4d0 mm/mempool.c:217
mempool_init_noprof+0x57/0x70 mm/mempool.c:246
bioset_init+0x279/0xb30 block/bio.c:1707
bch2_fs_fs_io_buffered_init+0x4a/0xc0 fs/bcachefs/fs-io-buffered.c:1084
bch2_fs_alloc fs/bcachefs/super.c:934 [inline]
bch2_fs_open+0x5654/0x5ba0 fs/bcachefs/super.c:2064
bch2_fs_get_tree+0x98a/0x24e0 fs/bcachefs/fs.c:2190
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 5782 Comm: syz-executor407 Not tainted 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
I Hsin Cheng
Mar 26, 2025, 1:20:44āÆAM3/26/25
to syzbot+79e4e3...@syzkaller.appspotmail.com, syzkall...@googlegroups.com, I Hsin Cheng
#syz test
syzbot
Mar 26, 2025, 2:07:04āÆAM3/26/25
to linux-...@vger.kernel.org, richar...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
resource 6 [mem 0x000a0000-0x000bffff window]
[ 6.495513][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[ 6.501758][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 6.504887][ T1] PCI: CLS 0 bytes, default 64
[ 6.506086][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 6.507287][ T1] software IO TLB: mapped [mem 0x00000000bbffd000-0x00000000bfffd000] (64MB)
[ 6.509037][ T1] ACPI: bus type thunderbolt registered
[ 6.636982][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[ 6.670353][ T62] kworker/u8:3 (62) used greatest stack depth: 11960 bytes left
[ 6.759286][ T1] kvm_amd: CPU 1 isn't AMD or Hygon
[ 6.760582][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6d19e116, max_idle_ns: 440795289897 ns
[ 6.794646][ T1] clocksource: Switched to clocksource tsc
[ 6.878091][ T68] kworker/u8:3 (68) used greatest stack depth: 10984 bytes left
[ 27.136645][ T1] Initialise system trusted keyrings
[ 27.147228][ T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[ 27.158266][ T1] DLM installed
[ 27.171851][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 27.191674][ T1] NFS: Registering the id_resolver key type
[ 27.201479][ T1] Key type id_resolver registered
[ 27.206638][ T1] Key type id_legacy registered
[ 27.211801][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 27.219506][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 27.255713][ T1] Key type cifs.spnego registered
[ 27.261935][ T1] Key type cifs.idmap registered
[ 27.275818][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 27.281617][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 27.288687][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 27.294910][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 27.300924][ T1] QNX4 filesystem 0.2.3 registered.
[ 27.306398][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 27.313873][ T1] fuse: init (API version 7.42)
[ 27.324383][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 27.334304][ T1] orangefs_init: module version upstream loaded
[ 27.342457][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 27.385875][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[ 27.411133][ T1] 9p: Installing v9fs 9p2000 file system support
[ 27.418732][ T1] NILFS version 2 loaded
[ 27.423157][ T1] befs: version: 0.9.3
[ 27.428375][ T1] ocfs2: Registered cluster interface o2cb
[ 27.435391][ T1] ocfs2: Registered cluster interface user
[ 27.444097][ T1] OCFS2 User DLM kernel interface loaded
[ 27.462448][ T1] gfs2: GFS2 installed
[ 27.507842][ T1] ceph: loaded (mds proto 32)
[ 31.665351][ T1] NET: Registered PF_ALG protocol family
[ 31.671348][ T1] xor: automatically using best checksumming function avx
[ 31.679530][ T1] async_tx: api initialized (async)
[ 31.684995][ T1] Key type asymmetric registered
[ 31.689997][ T1] Asymmetric key parser 'x509' registered
[ 31.695886][ T1] Asymmetric key parser 'pkcs8' registered
[ 31.701793][ T1] Key type pkcs7_test registered
[ 31.707705][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 238)
[ 31.717960][ T1] io scheduler mq-deadline registered
[ 31.723606][ T1] io scheduler kyber registered
[ 31.728949][ T1] io scheduler bfq registered
[ 31.747246][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 31.764843][ T148] kworker/u8:0 (148) used greatest stack depth: 10624 bytes left
[ 31.765789][ T1] ACPI: button: Power Button [PWRF]
[ 31.785730][ T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 31.796004][ T1] ACPI: button: Sleep Button [SLPF]
[ 31.824520][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[ 31.910016][ T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[ 31.917218][ T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[ 31.996381][ T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[ 32.002182][ T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[ 32.076652][ T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[ 32.082354][ T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[ 32.138646][ T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[ 33.278040][ T1] N_HDLC line discipline registered with maxframe=4096
[ 33.285257][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 33.299597][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 33.329821][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 33.362685][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 33.392954][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 33.441926][ T1] Non-volatile memory driver v1.3
[ 33.452548][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 33.457091][ T1] #PF: supervisor read access in kernel mode
[ 33.463239][ T1] #PF: error_code(0x0000) - not-present page
[ 33.463239][ T1] PGD 0 P4D 0
[ 33.473453][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 33.473453][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-syzkaller-02665-g1e26c5e28ca5 #0 PREEMPT(undef)
[ 33.483649][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 33.493436][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 33.503187][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 64 b0 ad fb 8b 18 44 8b 3a 41
[ 33.523254][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 33.533478][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 33.543208][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 33.543208][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 33.553462][ T1] R10: ffff8880bba43020 R11: ffffffff86cfccf9 R12: 0000000000000000
[ 33.563198][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 33.573526][ T1] FS: 0000000000000000(0000) GS:ffff8881ab1af000(0000) knlGS:0000000000000000
[ 33.583232][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.583232][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 33.593463][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.603200][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.613504][ T1] Call Trace:
[ 33.613504][ T1] <TASK>
[ 33.613504][ T1] ? show_trace_log_lvl+0x268/0x3d0
[ 33.623221][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.623221][ T1] ? __die_body+0xce/0x1a0
[ 33.633515][ T1] ? __die+0x20f/0x270
[ 33.633515][ T1] ? page_fault_oops+0xe58/0xfb0
[ 33.643209][ T1] ? exc_page_fault+0x56c/0x700
[ 33.643209][ T1] ? asm_exc_page_fault+0x2b/0x30
[ 33.653460][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.653460][ T1] ? msix_capability_init+0x95c/0x18c0
[ 33.663197][ T1] __pci_enable_msix_range+0xad9/0xc40
[ 33.673433][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.673433][ T1] ? kmsan_internal_set_shadow_origin+0x6c/0x100
[ 33.683261][ T1] pci_alloc_irq_vectors_affinity+0x111/0x3a0
[ 33.683261][ T1] vp_find_vqs_msix+0x84d/0x1560
[ 33.693488][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.703252][ T1] vp_find_vqs+0x6c/0xa80
[ 33.703252][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.713473][ T1] ? __pfx_vp_find_vqs+0x10/0x10
[ 33.713473][ T1] probe_common+0x3b4/0x970
[ 33.723203][ T1] ? __pfx_random_recv_done+0x10/0x10
[ 33.723203][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.733449][ T1] virtrng_probe+0x2d/0x40
[ 33.733449][ T1] ? __pfx_virtrng_probe+0x10/0x10
[ 33.743202][ T1] virtio_dev_probe+0x1640/0x19a0
[ 33.743202][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 33.753450][ T1] really_probe+0x4dc/0xd90
[ 33.753450][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.763205][ T1] __driver_probe_device+0x2ab/0x5d0
[ 33.763205][ T1] driver_probe_device+0x72/0x890
[ 33.773517][ T1] __driver_attach+0x7ea/0xb50
[ 33.773517][ T1] bus_for_each_dev+0x350/0x540
[ 33.783198][ T1] ? __pfx___driver_attach+0x10/0x10
[ 33.783198][ T1] driver_attach+0x51/0x70
[ 33.793460][ T1] bus_add_driver+0x74c/0xdb0
[ 33.793460][ T1] driver_register+0x3fb/0x660
[ 33.803198][ T1] __register_virtio_driver+0xf1/0x120
[ 33.803198][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.813443][ T1] virtio_rng_driver_init+0x2e/0x40
[ 33.813443][ T1] do_one_initcall+0x228/0xbf0
[ 33.823206][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.833456][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.833456][ T1] ? irqentry_enter+0x37/0x60
[ 33.843203][ T1] ? sysvec_apic_timer_interrupt+0x52/0x90
[ 33.843203][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.853447][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.853447][ T1] ? parse_args+0x250/0x10a0
[ 33.863201][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.863201][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.873436][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.883191][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.883191][ T1] ? parameq+0x43a/0x470
[ 33.893468][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.893468][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.903213][ T1] ? parse_args+0xfde/0x10a0
[ 33.903213][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.913423][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.913423][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.923210][ T1] do_initcall_level+0x140/0x350
[ 33.923210][ T1] do_initcalls+0x1a6/0x2f0
[ 33.933438][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 33.933438][ T1] do_basic_setup+0x22/0x30
[ 33.943199][ T1] kernel_init_freeable+0x306/0x4c0
[ 33.943199][ T1] ? __pfx_kernel_init+0x10/0x10
[ 33.953446][ T1] kernel_init+0x2f/0x800
[ 33.953446][ T1] ? __pfx_kernel_init+0x10/0x10
[ 33.963216][ T1] ret_from_fork+0x6d/0x90
[ 33.963216][ T1] ? __pfx_kernel_init+0x10/0x10
[ 33.973457][ T1] ret_from_fork_asm+0x1a/0x30
[ 33.973457][ T1] RIP: 1f0f:0x0
[ 33.983207][ T1] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 33.983207][ T1] RSP: 0000:0000000000000000 EFLAGS: 841f0f2e66 ORIG_RAX: 1f0f2e6600000000
[ 33.993440][ T1] RAX: 0000000000000000 RBX: 1f0f2e6600000000 RCX: 2e66000000000084
[ 34.003216][ T1] RDX: 0000000000841f0f RSI: 000000841f0f2e66 RDI: 00841f0f2e660000
[ 34.013476][ T1] RBP: 00841f0f2e660000 R08: 00841f0f2e660000 R09: 000000841f0f2e66
[ 34.023629][ T1] R10: 0000000000841f0f R11: 2e66000000000084 R12: 000000841f0f2e66
[ 34.033521][ T1] R13: 0000000000841f0f R14: 2e66000000000084 R15: 1f0f2e6600000000
[ 34.033521][ T1] </TASK>
[ 34.043206][ T1] Modules linked in:
[ 34.043206][ T1] CR2: 0000000000000000
[ 34.053458][ T1] ---[ end trace 0000000000000000 ]---
[ 34.053458][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.063202][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 64 b0 ad fb 8b 18 44 8b 3a 41
[ 34.083216][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 34.083216][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 34.093530][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.103207][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 34.113459][ T1] R10: ffff8880bba43020 R11: ffffffff86cfccf9 R12: 0000000000000000
[ 34.123215][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 34.123215][ T1] FS: 0000000000000000(0000) GS:ffff8881ab1af000(0000) knlGS:0000000000000000
[ 34.133434][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.143193][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.153460][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.163201][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.163201][ T1] Kernel panic - not syncing: Fatal exception
[ 34.173464][ T1] Kernel Offset: disabled
[ 34.173464][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.6'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2885475109=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at c390174278
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=c3901742785ff25afdc6f470af7b25b69d7c4f2f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250301-144328'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"c3901742785ff25afdc6f470af7b25b69d7c4f2f\"
/usr/bin/ld: /tmp/cc7cQtNk.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=11819804580000
Tested on:
commit: 1e26c5e2 Merge tag 'media/v6.15-1' of git://git.kernel..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=13e82dcb2b601274
syzbot tried to test the proposed patch but the build/boot failed:
resource 6 [mem 0x000a0000-0x000bffff window]
[ 6.495513][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[ 6.501758][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 6.504887][ T1] PCI: CLS 0 bytes, default 64
[ 6.506086][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 6.507287][ T1] software IO TLB: mapped [mem 0x00000000bbffd000-0x00000000bfffd000] (64MB)
[ 6.509037][ T1] ACPI: bus type thunderbolt registered
[ 6.636982][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[ 6.670353][ T62] kworker/u8:3 (62) used greatest stack depth: 11960 bytes left
[ 6.759286][ T1] kvm_amd: CPU 1 isn't AMD or Hygon
[ 6.760582][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6d19e116, max_idle_ns: 440795289897 ns
[ 6.794646][ T1] clocksource: Switched to clocksource tsc
[ 6.878091][ T68] kworker/u8:3 (68) used greatest stack depth: 10984 bytes left
[ 27.136645][ T1] Initialise system trusted keyrings
[ 27.147228][ T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[ 27.158266][ T1] DLM installed
[ 27.171851][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 27.191674][ T1] NFS: Registering the id_resolver key type
[ 27.201479][ T1] Key type id_resolver registered
[ 27.206638][ T1] Key type id_legacy registered
[ 27.211801][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 27.219506][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 27.255713][ T1] Key type cifs.spnego registered
[ 27.261935][ T1] Key type cifs.idmap registered
[ 27.275818][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 27.281617][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 27.288687][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 27.294910][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 27.300924][ T1] QNX4 filesystem 0.2.3 registered.
[ 27.306398][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 27.313873][ T1] fuse: init (API version 7.42)
[ 27.324383][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 27.334304][ T1] orangefs_init: module version upstream loaded
[ 27.342457][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 27.385875][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[ 27.411133][ T1] 9p: Installing v9fs 9p2000 file system support
[ 27.418732][ T1] NILFS version 2 loaded
[ 27.423157][ T1] befs: version: 0.9.3
[ 27.428375][ T1] ocfs2: Registered cluster interface o2cb
[ 27.435391][ T1] ocfs2: Registered cluster interface user
[ 27.444097][ T1] OCFS2 User DLM kernel interface loaded
[ 27.462448][ T1] gfs2: GFS2 installed
[ 27.507842][ T1] ceph: loaded (mds proto 32)
[ 31.665351][ T1] NET: Registered PF_ALG protocol family
[ 31.671348][ T1] xor: automatically using best checksumming function avx
[ 31.679530][ T1] async_tx: api initialized (async)
[ 31.684995][ T1] Key type asymmetric registered
[ 31.689997][ T1] Asymmetric key parser 'x509' registered
[ 31.695886][ T1] Asymmetric key parser 'pkcs8' registered
[ 31.701793][ T1] Key type pkcs7_test registered
[ 31.707705][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 238)
[ 31.717960][ T1] io scheduler mq-deadline registered
[ 31.723606][ T1] io scheduler kyber registered
[ 31.728949][ T1] io scheduler bfq registered
[ 31.747246][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 31.764843][ T148] kworker/u8:0 (148) used greatest stack depth: 10624 bytes left
[ 31.765789][ T1] ACPI: button: Power Button [PWRF]
[ 31.785730][ T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 31.796004][ T1] ACPI: button: Sleep Button [SLPF]
[ 31.824520][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[ 31.910016][ T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[ 31.917218][ T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[ 31.996381][ T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[ 32.002182][ T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[ 32.076652][ T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[ 32.082354][ T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[ 32.138646][ T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[ 33.278040][ T1] N_HDLC line discipline registered with maxframe=4096
[ 33.285257][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 33.299597][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 33.329821][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 33.362685][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 33.392954][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 33.441926][ T1] Non-volatile memory driver v1.3
[ 33.452548][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 33.457091][ T1] #PF: supervisor read access in kernel mode
[ 33.463239][ T1] #PF: error_code(0x0000) - not-present page
[ 33.463239][ T1] PGD 0 P4D 0
[ 33.473453][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 33.473453][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-syzkaller-02665-g1e26c5e28ca5 #0 PREEMPT(undef)
[ 33.483649][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 33.493436][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 33.503187][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 64 b0 ad fb 8b 18 44 8b 3a 41
[ 33.523254][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 33.533478][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 33.543208][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 33.543208][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 33.553462][ T1] R10: ffff8880bba43020 R11: ffffffff86cfccf9 R12: 0000000000000000
[ 33.563198][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 33.573526][ T1] FS: 0000000000000000(0000) GS:ffff8881ab1af000(0000) knlGS:0000000000000000
[ 33.583232][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.583232][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 33.593463][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.603200][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.613504][ T1] Call Trace:
[ 33.613504][ T1] <TASK>
[ 33.613504][ T1] ? show_trace_log_lvl+0x268/0x3d0
[ 33.623221][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.623221][ T1] ? __die_body+0xce/0x1a0
[ 33.633515][ T1] ? __die+0x20f/0x270
[ 33.633515][ T1] ? page_fault_oops+0xe58/0xfb0
[ 33.643209][ T1] ? exc_page_fault+0x56c/0x700
[ 33.643209][ T1] ? asm_exc_page_fault+0x2b/0x30
[ 33.653460][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.653460][ T1] ? msix_capability_init+0x95c/0x18c0
[ 33.663197][ T1] __pci_enable_msix_range+0xad9/0xc40
[ 33.673433][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.673433][ T1] ? kmsan_internal_set_shadow_origin+0x6c/0x100
[ 33.683261][ T1] pci_alloc_irq_vectors_affinity+0x111/0x3a0
[ 33.683261][ T1] vp_find_vqs_msix+0x84d/0x1560
[ 33.693488][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.703252][ T1] vp_find_vqs+0x6c/0xa80
[ 33.703252][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.713473][ T1] ? __pfx_vp_find_vqs+0x10/0x10
[ 33.713473][ T1] probe_common+0x3b4/0x970
[ 33.723203][ T1] ? __pfx_random_recv_done+0x10/0x10
[ 33.723203][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.733449][ T1] virtrng_probe+0x2d/0x40
[ 33.733449][ T1] ? __pfx_virtrng_probe+0x10/0x10
[ 33.743202][ T1] virtio_dev_probe+0x1640/0x19a0
[ 33.743202][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 33.753450][ T1] really_probe+0x4dc/0xd90
[ 33.753450][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.763205][ T1] __driver_probe_device+0x2ab/0x5d0
[ 33.763205][ T1] driver_probe_device+0x72/0x890
[ 33.773517][ T1] __driver_attach+0x7ea/0xb50
[ 33.773517][ T1] bus_for_each_dev+0x350/0x540
[ 33.783198][ T1] ? __pfx___driver_attach+0x10/0x10
[ 33.783198][ T1] driver_attach+0x51/0x70
[ 33.793460][ T1] bus_add_driver+0x74c/0xdb0
[ 33.793460][ T1] driver_register+0x3fb/0x660
[ 33.803198][ T1] __register_virtio_driver+0xf1/0x120
[ 33.803198][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.813443][ T1] virtio_rng_driver_init+0x2e/0x40
[ 33.813443][ T1] do_one_initcall+0x228/0xbf0
[ 33.823206][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.833456][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.833456][ T1] ? irqentry_enter+0x37/0x60
[ 33.843203][ T1] ? sysvec_apic_timer_interrupt+0x52/0x90
[ 33.843203][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.853447][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.853447][ T1] ? parse_args+0x250/0x10a0
[ 33.863201][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.863201][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.873436][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.883191][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.883191][ T1] ? parameq+0x43a/0x470
[ 33.893468][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.893468][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.903213][ T1] ? parse_args+0xfde/0x10a0
[ 33.903213][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.913423][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.913423][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.923210][ T1] do_initcall_level+0x140/0x350
[ 33.923210][ T1] do_initcalls+0x1a6/0x2f0
[ 33.933438][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 33.933438][ T1] do_basic_setup+0x22/0x30
[ 33.943199][ T1] kernel_init_freeable+0x306/0x4c0
[ 33.943199][ T1] ? __pfx_kernel_init+0x10/0x10
[ 33.953446][ T1] kernel_init+0x2f/0x800
[ 33.953446][ T1] ? __pfx_kernel_init+0x10/0x10
[ 33.963216][ T1] ret_from_fork+0x6d/0x90
[ 33.963216][ T1] ? __pfx_kernel_init+0x10/0x10
[ 33.973457][ T1] ret_from_fork_asm+0x1a/0x30
[ 33.973457][ T1] RIP: 1f0f:0x0
[ 33.983207][ T1] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 33.983207][ T1] RSP: 0000:0000000000000000 EFLAGS: 841f0f2e66 ORIG_RAX: 1f0f2e6600000000
[ 33.993440][ T1] RAX: 0000000000000000 RBX: 1f0f2e6600000000 RCX: 2e66000000000084
[ 34.003216][ T1] RDX: 0000000000841f0f RSI: 000000841f0f2e66 RDI: 00841f0f2e660000
[ 34.013476][ T1] RBP: 00841f0f2e660000 R08: 00841f0f2e660000 R09: 000000841f0f2e66
[ 34.023629][ T1] R10: 0000000000841f0f R11: 2e66000000000084 R12: 000000841f0f2e66
[ 34.033521][ T1] R13: 0000000000841f0f R14: 2e66000000000084 R15: 1f0f2e6600000000
[ 34.033521][ T1] </TASK>
[ 34.043206][ T1] Modules linked in:
[ 34.043206][ T1] CR2: 0000000000000000
[ 34.053458][ T1] ---[ end trace 0000000000000000 ]---
[ 34.053458][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.063202][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 64 b0 ad fb 8b 18 44 8b 3a 41
[ 34.083216][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 34.083216][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 34.093530][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.103207][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 34.113459][ T1] R10: ffff8880bba43020 R11: ffffffff86cfccf9 R12: 0000000000000000
[ 34.123215][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 34.123215][ T1] FS: 0000000000000000(0000) GS:ffff8881ab1af000(0000) knlGS:0000000000000000
[ 34.133434][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.143193][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.153460][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.163201][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.163201][ T1] Kernel panic - not syncing: Fatal exception
[ 34.173464][ T1] Kernel Offset: disabled
[ 34.173464][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.6'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2885475109=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at c390174278
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=c3901742785ff25afdc6f470af7b25b69d7c4f2f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250301-144328'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"c3901742785ff25afdc6f470af7b25b69d7c4f2f\"
/usr/bin/ld: /tmp/cc7cQtNk.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=11819804580000
Tested on:
commit: 1e26c5e2 Merge tag 'media/v6.15-1' of git://git.kernel..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=13e82dcb2b601274
dashboard link: https://syzkaller.appspot.com/bug?extid=79e4e34c2a37d5a9c1f7
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: no patches were applied.
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
I Hsin Cheng
Mar 26, 2025, 10:17:23āÆAM3/26/25
to syzbot+79e4e3...@syzkaller.appspotmail.com, syzkall...@googlegroups.com, I Hsin Cheng
I Hsin Cheng
Mar 26, 2025, 1:52:31āÆPM3/26/25
to syzbot+79e4e3...@syzkaller.appspotmail.com, syzkall...@googlegroups.com, I Hsin Cheng
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 48a5eed9ad58
syzbot
Mar 27, 2025, 3:15:07āÆAM3/27/25
to linux-...@vger.kernel.org, richar...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in bch2_extent_crc_append
bcachefs (loop0): stripes_read... done
bcachefs (loop0): snapshots_read... done
__filemap_fdatawrite_range mm/filemap.c:421 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:796
filemap_fdatawrite_wbc mm/filemap.c:388 [inline]
__filemap_fdatawrite_range mm/filemap.c:421 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:796
Tested on:
commit: 38fec10e Linux 6.14
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10036de4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b250f29c9561410d
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in bch2_extent_crc_append
bcachefs (loop0): stripes_read... done
bcachefs (loop0): snapshots_read... done
bcachefs (loop0): check_allocations... done
bcachefs (loop0): going read-write
bcachefs (loop0): done starting filesystem
=====================================================
BUG: KMSAN: uninit-value in variable__ffs arch/x86/include/asm/bitops.h:251 [inline]
BUG: KMSAN: uninit-value in extent_entry_type fs/bcachefs/extents.h:59 [inline]
BUG: KMSAN: uninit-value in extent_entry_bytes fs/bcachefs/extents.h:68 [inline]
BUG: KMSAN: uninit-value in extent_entry_u64s fs/bcachefs/extents.h:81 [inline]
BUG: KMSAN: uninit-value in bch2_extent_crc_append+0x7c2/0x830 fs/bcachefs/extents.c:593
variable__ffs arch/x86/include/asm/bitops.h:251 [inline]
extent_entry_type fs/bcachefs/extents.h:59 [inline]
extent_entry_bytes fs/bcachefs/extents.h:68 [inline]
extent_entry_u64s fs/bcachefs/extents.h:81 [inline]
bch2_extent_crc_append+0x7c2/0x830 fs/bcachefs/extents.c:593
init_append_extent+0x466/0x1050 fs/bcachefs/io_write.c:729
bch2_write_extent fs/bcachefs/io_write.c:1073 [inline]
__bch2_write+0x54a9/0x8490 fs/bcachefs/io_write.c:1487
bch2_write+0xc98/0x1af0 fs/bcachefs/io_write.c:1659
closure_queue include/linux/closure.h:270 [inline]
closure_call include/linux/closure.h:432 [inline]
bch2_writepage_do_io fs/bcachefs/fs-io-buffered.c:469 [inline]
bch2_writepages+0x24a/0x3c0 fs/bcachefs/fs-io-buffered.c:652
do_writepages+0x427/0xc30 mm/page-writeback.c:2687
filemap_fdatawrite_wbc mm/filemap.c:388 [inline]
bcachefs (loop0): going read-write
bcachefs (loop0): done starting filesystem
=====================================================
BUG: KMSAN: uninit-value in variable__ffs arch/x86/include/asm/bitops.h:251 [inline]
BUG: KMSAN: uninit-value in extent_entry_type fs/bcachefs/extents.h:59 [inline]
BUG: KMSAN: uninit-value in extent_entry_bytes fs/bcachefs/extents.h:68 [inline]
BUG: KMSAN: uninit-value in extent_entry_u64s fs/bcachefs/extents.h:81 [inline]
BUG: KMSAN: uninit-value in bch2_extent_crc_append+0x7c2/0x830 fs/bcachefs/extents.c:593
variable__ffs arch/x86/include/asm/bitops.h:251 [inline]
extent_entry_type fs/bcachefs/extents.h:59 [inline]
extent_entry_bytes fs/bcachefs/extents.h:68 [inline]
extent_entry_u64s fs/bcachefs/extents.h:81 [inline]
bch2_extent_crc_append+0x7c2/0x830 fs/bcachefs/extents.c:593
init_append_extent+0x466/0x1050 fs/bcachefs/io_write.c:729
bch2_write_extent fs/bcachefs/io_write.c:1073 [inline]
__bch2_write+0x54a9/0x8490 fs/bcachefs/io_write.c:1487
bch2_write+0xc98/0x1af0 fs/bcachefs/io_write.c:1659
closure_queue include/linux/closure.h:270 [inline]
closure_call include/linux/closure.h:432 [inline]
bch2_writepage_do_io fs/bcachefs/fs-io-buffered.c:469 [inline]
bch2_writepages+0x24a/0x3c0 fs/bcachefs/fs-io-buffered.c:652
do_writepages+0x427/0xc30 mm/page-writeback.c:2687
__filemap_fdatawrite_range mm/filemap.c:421 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:796
__filemap_fdatawrite_range mm/filemap.c:421 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:796
bch2_fsync+0xb6/0x510 fs/bcachefs/fs-io.c:228
vfs_fsync_range+0x1f9/0x260 fs/sync.c:187
generic_write_sync include/linux/fs.h:2970 [inline]
bch2_write_iter+0x4dce/0x50f0 fs/bcachefs/fs-io-buffered.c:1072
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0xb34/0x1540 fs/read_write.c:679
ksys_write+0x240/0x4b0 fs/read_write.c:731
__do_sys_write fs/read_write.c:742 [inline]
__se_sys_write fs/read_write.c:739 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:739
x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
__alloc_frozen_pages_noprof+0x9a7/0xe00 mm/page_alloc.c:4763
vfs_fsync_range+0x1f9/0x260 fs/sync.c:187
generic_write_sync include/linux/fs.h:2970 [inline]
bch2_write_iter+0x4dce/0x50f0 fs/bcachefs/fs-io-buffered.c:1072
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0xb34/0x1540 fs/read_write.c:679
ksys_write+0x240/0x4b0 fs/read_write.c:731
__do_sys_write fs/read_write.c:742 [inline]
__se_sys_write fs/read_write.c:739 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:739
x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
alloc_pages_mpol+0x4cd/0x890 mm/mempolicy.c:2270
alloc_frozen_pages_noprof+0x1bf/0x1e0 mm/mempolicy.c:2341
alloc_slab_page mm/slub.c:2423 [inline]
allocate_slab+0x23a/0x1110 mm/slub.c:2587
new_slab mm/slub.c:2640 [inline]
___slab_alloc+0x1287/0x3540 mm/slub.c:3826
__slab_alloc mm/slub.c:3916 [inline]
__slab_alloc_node mm/slub.c:3991 [inline]
slab_alloc_node mm/slub.c:4152 [inline]
kmem_cache_alloc_noprof+0x84e/0xe10 mm/slub.c:4171
mempool_alloc_slab+0x36/0x50 mm/mempool.c:559
mempool_init_node+0x202/0x4d0 mm/mempool.c:217
mempool_init_noprof+0x57/0x70 mm/mempool.c:246
bioset_init+0x279/0xb30 block/bio.c:1707
bch2_fs_fs_io_buffered_init+0x4a/0xc0 fs/bcachefs/fs-io-buffered.c:1084
bch2_fs_alloc fs/bcachefs/super.c:934 [inline]
bch2_fs_open+0x5654/0x5ba0 fs/bcachefs/super.c:2065
alloc_frozen_pages_noprof+0x1bf/0x1e0 mm/mempolicy.c:2341
alloc_slab_page mm/slub.c:2423 [inline]
allocate_slab+0x23a/0x1110 mm/slub.c:2587
new_slab mm/slub.c:2640 [inline]
___slab_alloc+0x1287/0x3540 mm/slub.c:3826
__slab_alloc mm/slub.c:3916 [inline]
__slab_alloc_node mm/slub.c:3991 [inline]
slab_alloc_node mm/slub.c:4152 [inline]
kmem_cache_alloc_noprof+0x84e/0xe10 mm/slub.c:4171
mempool_alloc_slab+0x36/0x50 mm/mempool.c:559
mempool_init_node+0x202/0x4d0 mm/mempool.c:217
mempool_init_noprof+0x57/0x70 mm/mempool.c:246
bioset_init+0x279/0xb30 block/bio.c:1707
bch2_fs_fs_io_buffered_init+0x4a/0xc0 fs/bcachefs/fs-io-buffered.c:1084
bch2_fs_alloc fs/bcachefs/super.c:934 [inline]
bch2_fs_get_tree+0x98a/0x24e0 fs/bcachefs/fs.c:2190
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 1 UID: 0 PID: 6726 Comm: syz.0.16 Not tainted 6.14.0-syzkaller #0
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
=====================================================
Tested on:
commit: 38fec10e Linux 6.14
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10036de4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b250f29c9561410d
syzbot
Mar 27, 2025, 3:27:05āÆAM3/27/25
to linux-...@vger.kernel.org, richar...@gmail.com, syzkall...@googlegroups.com
filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
__filemap_fdatawrite_range mm/filemap.c:422 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:797
__filemap_fdatawrite_range mm/filemap.c:422 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:797
filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
__filemap_fdatawrite_range mm/filemap.c:422 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:797
__filemap_fdatawrite_range mm/filemap.c:422 [inline]
file_write_and_wait_range+0x6f2/0x7b0 mm/filemap.c:797
bch2_fsync+0xb6/0x510 fs/bcachefs/fs-io.c:228
vfs_fsync_range+0x1f9/0x260 fs/sync.c:187
generic_write_sync include/linux/fs.h:2970 [inline]
bch2_write_iter+0x4dce/0x50f0 fs/bcachefs/fs-io-buffered.c:1072
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0xb34/0x1540 fs/read_write.c:679
ksys_write+0x240/0x4b0 fs/read_write.c:731
__do_sys_write fs/read_write.c:742 [inline]
__se_sys_write fs/read_write.c:739 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:739
x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
__alloc_frozen_pages_noprof+0x9a7/0xe00 mm/page_alloc.c:4762
vfs_fsync_range+0x1f9/0x260 fs/sync.c:187
generic_write_sync include/linux/fs.h:2970 [inline]
bch2_write_iter+0x4dce/0x50f0 fs/bcachefs/fs-io-buffered.c:1072
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0xb34/0x1540 fs/read_write.c:679
ksys_write+0x240/0x4b0 fs/read_write.c:731
__do_sys_write fs/read_write.c:742 [inline]
__se_sys_write fs/read_write.c:739 [inline]
__x64_sys_write+0x93/0xe0 fs/read_write.c:739
x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
alloc_pages_mpol+0x4cd/0x890 mm/mempolicy.c:2270
alloc_frozen_pages_noprof+0x1bf/0x1e0 mm/mempolicy.c:2341
alloc_slab_page mm/slub.c:2423 [inline]
allocate_slab+0x23a/0x1110 mm/slub.c:2587
new_slab mm/slub.c:2640 [inline]
___slab_alloc+0x1287/0x3540 mm/slub.c:3826
__slab_alloc mm/slub.c:3916 [inline]
__slab_alloc_node mm/slub.c:3991 [inline]
slab_alloc_node mm/slub.c:4152 [inline]
kmem_cache_alloc_noprof+0x84e/0xe10 mm/slub.c:4171
mempool_alloc_slab+0x36/0x50 mm/mempool.c:559
mempool_init_node+0x202/0x4d0 mm/mempool.c:217
mempool_init_noprof+0x57/0x70 mm/mempool.c:246
bioset_init+0x279/0xb30 block/bio.c:1707
bch2_fs_fs_io_buffered_init+0x4a/0xc0 fs/bcachefs/fs-io-buffered.c:1084
bch2_fs_alloc fs/bcachefs/super.c:934 [inline]
bch2_fs_open+0x5654/0x5ba0 fs/bcachefs/super.c:2064
alloc_frozen_pages_noprof+0x1bf/0x1e0 mm/mempolicy.c:2341
alloc_slab_page mm/slub.c:2423 [inline]
allocate_slab+0x23a/0x1110 mm/slub.c:2587
new_slab mm/slub.c:2640 [inline]
___slab_alloc+0x1287/0x3540 mm/slub.c:3826
__slab_alloc mm/slub.c:3916 [inline]
__slab_alloc_node mm/slub.c:3991 [inline]
slab_alloc_node mm/slub.c:4152 [inline]
kmem_cache_alloc_noprof+0x84e/0xe10 mm/slub.c:4171
mempool_alloc_slab+0x36/0x50 mm/mempool.c:559
mempool_init_node+0x202/0x4d0 mm/mempool.c:217
mempool_init_noprof+0x57/0x70 mm/mempool.c:246
bioset_init+0x279/0xb30 block/bio.c:1707
bch2_fs_fs_io_buffered_init+0x4a/0xc0 fs/bcachefs/fs-io-buffered.c:1084
bch2_fs_alloc fs/bcachefs/super.c:934 [inline]
bch2_fs_get_tree+0x98a/0x24e0 fs/bcachefs/fs.c:2190
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 6792 Comm: syz.0.16 Not tainted 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
=====================================================
Tested on:
commit: 48a5eed9 Merge tag 'devicetree-fixes-for-6.14-2' of gi..
=====================================================
Tested on:
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=17864a4c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1d47ea4b9912d894
syzbot
Mar 31, 2025, 11:55:53āÆPM3/31/25
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject:
Author: kent.ov...@linux.dev
#syz fix bcachefs: Fix kmsan warnings in bch2_extent_crc_pack()
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject:
Author: kent.ov...@linux.dev
#syz fix bcachefs: Fix kmsan warnings in bch2_extent_crc_pack()
Reply all
Reply to author
Forward
0 new messages