./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor353757020 <...> Warning: Permanently added '10.128.0.231' (ED25519) to the list of known hosts. execve("./syz-executor353757020", ["./syz-executor353757020"], 0x7fffad02d170 /* 10 vars */) = 0 brk(NULL) = 0x55556ec4f000 brk(0x55556ec4fd40) = 0x55556ec4fd40 arch_prctl(ARCH_SET_FS, 0x55556ec4f3c0) = 0 set_tid_address(0x55556ec4f690) = 5015 set_robust_list(0x55556ec4f6a0, 24) = 0 rseq(0x55556ec4fce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor353757020", 4096) = 27 getrandom("\xf2\x58\x9b\x88\xe2\xd7\x5e\x93", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556ec4fd40 brk(0x55556ec70d40) = 0x55556ec70d40 brk(0x55556ec71000) = 0x55556ec71000 mprotect(0x7fabb648a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5016 attached , child_tidptr=0x55556ec4f690) = 5016 [pid 5016] set_robust_list(0x55556ec4f6a0, 24) = 0 [pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5016] setpgid(0, 0) = 0 [pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5016] write(3, "1000", 4) = 4 [pid 5016] close(3) = 0 [pid 5016] futex(0x7fabb649040c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] rt_sigaction(SIGRT_1, {sa_handler=0x7fabb642ba60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fabb641d0e0}, NULL, 8) = 0 [pid 5016] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fabb63a0000 [pid 5016] mprotect(0x7fabb63a1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fabb63c0990, parent_tid=0x7fabb63c0990, exit_signal=0, stack=0x7fabb63a0000, stack_size=0x20300, tls=0x7fabb63c06c0}./strace-static-x86_64: Process 5017 attached => {parent_tid=[5017]}, 88) = 5017 [pid 5017] rseq(0x7fabb63c0fe0, 0x20, 0, 0x53053053 [pid 5016] rt_sigprocmask(SIG_SETMASK, [], [pid 5017] <... rseq resumed>) = 0 [pid 5016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5017] set_robust_list(0x7fabb63c09a0, 24) = 0 [pid 5016] futex(0x7fabb6490408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] rt_sigprocmask(SIG_SETMASK, [], [pid 5016] <... futex resumed>) = 0 [pid 5017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5016] futex(0x7fabb649040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=32768, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 3 [pid 5017] futex(0x7fabb649040c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7fabb6490408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7fabb649040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_UNSPEC, insn_cnt=12, insns=0x20000240, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = -1 EFAULT (Bad address) [pid 5017] futex(0x7fabb649040c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7fabb6490408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7fabb649040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT, insn_cnt=12, insns=0x20000240, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 144) = 4 [pid 5017] futex(0x7fabb649040c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7fabb6490408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="9p_client_res", prog_fd=4}}, 16 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7fabb649040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=550000000} [pid 5017] <... bpf resumed>) = 5 [pid 5017] futex(0x7fabb649040c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7fabb6490408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7fabb649040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] pipe2([6, 7], 0) = 0 [pid 5017] futex(0x7fabb649040c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7fabb6490408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7fabb649040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC, 000) = 8 [pid 5017] futex(0x7fabb649040c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7fabb6490408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] mount(NULL, "./file1", "9p", 0, "trans=fd,rfdno=0x0000000000000008,wfdno=0x0000000000000007," [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7fabb649040c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5016] futex(0x7fabb649041c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fabb637f000 [pid 5016] mprotect(0x7fabb6380000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fabb639f990, parent_tid=0x7fabb639f990, exit_signal=0, stack=0x7fabb637f000, stack_size=0x20300, tls=0x7fabb639f6c0} => {parent_tid=[5018]}, 88) = 5018 ./strace-static-x86_64: Process 5018 attached [pid 5016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5016] futex(0x7fabb6490418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] rseq(0x7fabb639ffe0, 0x20, 0, 0x53053053 [pid 5016] futex(0x7fabb649041c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] <... rseq resumed>) = 0 [pid 5018] set_robust_list(0x7fabb639f9a0, 24) = 0 [pid 5018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5018] splice(6, NULL, 8, NULL, 35184372088831, 0) = 21 [pid 5018] futex(0x7fabb649041c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5018] <... futex resumed>) = 0 [ 151.450279][ T5017] ===================================================== [ 151.457857][ T5017] BUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 [ 151.465344][ T5017] p9_client_rpc+0x1314/0x1340 [ 151.470639][ T5017] p9_client_create+0x1551/0x1ff0 [ 151.476763][ T5017] v9fs_session_init+0x1b9/0x28e0 [ 151.482105][ T5017] v9fs_mount+0xe2/0x12b0 [ 151.486730][ T5017] legacy_get_tree+0x114/0x290 [ 151.492424][ T5017] vfs_get_tree+0xa7/0x570 [ 151.497490][ T5017] do_new_mount+0x71f/0x15e0 [ 151.502801][ T5017] path_mount+0x742/0x1f20 [ 151.507850][ T5017] __se_sys_mount+0x725/0x810 [ 151.512886][ T5017] __x64_sys_mount+0xe4/0x150 [ 151.518470][ T5017] do_syscall_64+0xd5/0x1f0 [ 151.523534][ T5017] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 151.530328][ T5017] [ 151.533053][ T5017] Uninit was created at: [ 151.537544][ T5017] __alloc_pages+0x9d6/0xe70 [ 151.542408][ T5017] new_slab+0x2de/0x1400 [ 151.546809][ T5017] ___slab_alloc+0x1184/0x33d0 [ 151.551805][ T5017] kmem_cache_alloc+0x6d3/0xbe0 [ 151.556862][ T5017] p9_client_prepare_req+0x20a/0x1770 [ 151.562506][ T5017] p9_client_rpc+0x27e/0x1340 [ 151.567364][ T5017] p9_client_create+0x1551/0x1ff0 [ 151.572895][ T5017] v9fs_session_init+0x1b9/0x28e0 [ 151.578142][ T5017] v9fs_mount+0xe2/0x12b0 [ 151.582710][ T5017] legacy_get_tree+0x114/0x290 [ 151.587670][ T5017] vfs_get_tree+0xa7/0x570 [ 151.592367][ T5017] do_new_mount+0x71f/0x15e0 [ 151.597149][ T5017] path_mount+0x742/0x1f20 [ 151.601881][ T5017] __se_sys_mount+0x725/0x810 [ 151.606753][ T5017] __x64_sys_mount+0xe4/0x150 [ 151.611707][ T5017] do_syscall_64+0xd5/0x1f0 [ 151.616406][ T5017] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 151.622591][ T5017] [ 151.625011][ T5017] CPU: 1 PID: 5017 Comm: syz-executor353 Not tainted 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0 [ 151.635675][ T5017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 151.645986][ T5017] ===================================================== [ 151.653093][ T5017] Disabling lock debugging due to kernel taint [ 151.659353][ T5017] Kernel panic - not syncing: kmsan.panic set ... [ 151.665873][ T5017] CPU: 1 PID: 5017 Comm: syz-executor353 Tainted: G B 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0 [ 151.677939][ T5017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 151.688116][ T5017] Call Trace: [ 151.691506][ T5017] [ 151.694549][ T5017] dump_stack_lvl+0x216/0x2d0 [ 151.699436][ T5017] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 151.705472][ T5017] dump_stack+0x1e/0x30 [ 151.709768][ T5017] panic+0x4e2/0xcd0 [ 151.713868][ T5017] ? kmsan_get_metadata+0x121/0x1d0 [ 151.719269][ T5017] kmsan_report+0x2d5/0x2e0 [ 151.724015][ T5017] ? p9pdu_readf+0x3f8a/0x4250 [ 151.728993][ T5017] ? __msan_warning+0x95/0x120 [ 151.733974][ T5017] ? p9_client_rpc+0x1314/0x1340 [ 151.739106][ T5017] ? p9_client_create+0x1551/0x1ff0 [ 151.744492][ T5017] ? v9fs_session_init+0x1b9/0x28e0 [pid 5018] futex(0x7fabb6490418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5016] exit_group(0) = ? [pid 5018] <... futex resumed>) = ? [pid 5018] +++ exited with 0 +++ [ 151.749929][ T5017] ? v9fs_mount+0xe2/0x12b0 [ 151.754613][ T5017] ? legacy_get_tree+0x114/0x290 [ 151.759752][ T5017] ? vfs_get_tree+0xa7/0x570 [ 151.764560][ T5017] ? do_new_mount+0x71f/0x15e0 [ 151.769528][ T5017] ? path_mount+0x742/0x1f20 [ 151.774292][ T5017] ? __se_sys_mount+0x725/0x810 [ 151.779261][ T5017] ? __x64_sys_mount+0xe4/0x150 [ 151.784230][ T5017] ? do_syscall_64+0xd5/0x1f0 [ 151.789071][ T5017] ? entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 151.795325][ T5017] ? kmsan_get_metadata+0x146/0x1d0 [ 151.800654][ T5017] ? kmsan_get_metadata+0x146/0x1d0 [ 151.806014][ T5017] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 151.811999][ T5017] ? p9_check_errors+0x49e/0xc80 [ 151.817152][ T5017] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 151.823187][ T5017] ? kmsan_get_metadata+0x146/0x1d0 [ 151.828560][ T5017] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 151.834558][ T5017] __msan_warning+0x95/0x120 [ 151.839368][ T5017] p9_client_rpc+0x1314/0x1340 [ 151.844364][ T5017] ? __pfx_autoremove_wake_function+0x10/0x10 [ 151.850652][ T5017] ? kmsan_get_metadata+0x146/0x1d0 [ 151.856030][ T5017] ? p9_client_create+0x1403/0x1ff0 [ 151.861420][ T5017] p9_client_create+0x1551/0x1ff0 [ 151.866588][ T5017] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 151.872626][ T5017] v9fs_session_init+0x1b9/0x28e0 [ 151.877792][ T5017] ? kmsan_get_metadata+0x146/0x1d0 [ 151.883150][ T5017] ? kmsan_get_metadata+0x146/0x1d0 [ 151.888501][ T5017] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 151.894481][ T5017] ? kmalloc_trace+0x5b7/0xba0 [ 151.899458][ T5017] ? v9fs_mount+0x83/0x12b0 [ 151.904179][ T5017] v9fs_mount+0xe2/0x12b0 [ 151.908682][ T5017] ? kmsan_get_metadata+0x146/0x1d0 [ 151.914042][ T5017] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 151.920031][ T5017] legacy_get_tree+0x114/0x290 [ 151.924995][ T5017] ? __pfx_v9fs_mount+0x10/0x10 [ 151.930009][ T5017] ? __pfx_legacy_get_tree+0x10/0x10 [ 151.935540][ T5017] vfs_get_tree+0xa7/0x570 [ 151.940176][ T5017] ? mount_capable+0x97/0x120 [ 151.945137][ T5017] do_new_mount+0x71f/0x15e0 [ 151.949936][ T5017] ? kmsan_get_metadata+0x146/0x1d0 [ 151.955290][ T5017] path_mount+0x742/0x1f20 [ 151.959830][ T5017] ? user_path_at_empty+0x325/0x3a0 [ 151.965201][ T5017] __se_sys_mount+0x725/0x810 [ 151.970109][ T5017] __x64_sys_mount+0xe4/0x150 [ 151.974997][ T5017] do_syscall_64+0xd5/0x1f0 [ 151.979692][ T5017] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 151.985734][ T5017] RIP: 0033:0x7fabb6405b29 [ 151.990320][ T5017] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 152.010135][ T5017] RSP: 002b:00007fabb63c0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 152.018713][ T5017] RAX: ffffffffffffffda RBX: 00007fabb6490408 RCX: 00007fabb6405b29 [ 152.026804][ T5017] RDX: 0000000020000100 RSI: 0000000020000000 RDI: 0000000000000000 [ 152.034911][ T5017] RBP: 00007fabb6490400 R08: 0000000020000300 R09: 0000000000000000 [ 152.042989][ T5017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabb645d06c [ 152.051110][ T5017] R13: 00007fabb645d03b R14: 0031656c69662f2e R15: 64663d736e617274 [ 152.059273][ T5017] [ 152.062693][ T5017] Kernel Offset: disabled [ 152.067082][ T5017] Rebooting in 86400 seconds..