./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4095294992 <...> Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. execve("./syz-executor4095294992", ["./syz-executor4095294992"], 0x7ffd8a83fed0 /* 10 vars */) = 0 brk(NULL) = 0x5555564f9000 brk(0x5555564f9c40) = 0x5555564f9c40 arch_prctl(ARCH_SET_FS, 0x5555564f9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555564f95d0) = 3485 set_robust_list(0x5555564f95e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f609b838ee0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f609b8395b0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f609b838f80, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f609b8395b0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4095294992", 4096) = 28 brk(0x55555651ac40) = 0x55555651ac40 brk(0x55555651b000) = 0x55555651b000 mprotect(0x7f609b8fb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+memory", 7) = 7 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 [ 107.869244][ T3485] cgroup: Unknown subsys name 'net' mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) [ 108.049357][ T3485] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 getpid() = 3485 mkdir("./syzkaller.sUssNJ", 0700) = 0 chmod("./syzkaller.sUssNJ", 0777) = 0 chdir("./syzkaller.sUssNJ") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3486 attached , child_tidptr=0x5555564f95d0) = 3486 [pid 3486] set_robust_list(0x5555564f95e0, 24) = 0 [pid 3486] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3486] setsid() = 1 [pid 3486] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3486] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3486] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3486] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3486] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3486] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3486] unshare(CLONE_NEWNS) = 0 [pid 3486] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3486] unshare(CLONE_NEWIPC) = 0 [pid 3486] unshare(CLONE_NEWCGROUP) = 0 [pid 3486] unshare(CLONE_NEWUTS) = 0 [pid 3486] unshare(CLONE_SYSVSEM) = 0 [pid 3486] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3486] write(3, "16777216", 8) = 8 [pid 3486] close(3) = 0 [pid 3486] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3486] write(3, "536870912", 9) = 9 [pid 3486] close(3) = 0 [pid 3486] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3486] write(3, "1024", 4) = 4 [pid 3486] close(3) = 0 [pid 3486] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3486] write(3, "8192", 4) = 4 [pid 3486] close(3) = 0 [pid 3486] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3486] write(3, "1024", 4) = 4 [pid 3486] close(3) = 0 [pid 3486] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3486] write(3, "1024", 4) = 4 [pid 3486] close(3) = 0 [pid 3486] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3486] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3486] close(3) = 0 [pid 3486] getpid() = 1 [pid 3486] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3487] futex(0x7f609b9014ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3488] <... mkdirat resumed>) = 0 [pid 3488] futex(0x7f609b9014ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3487] <... futex resumed>) = 0 [pid 3487] futex(0x7f609b9014e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3488] openat(AT_FDCWD, "./cgroup/syz0", O_RDWR|O_PATH [pid 3487] <... futex resumed>) = 0 [pid 3487] futex(0x7f609b9014ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3488] <... openat resumed>) = 3 [pid 3488] futex(0x7f609b9014ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3488] futex(0x7f609b9014e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3487] <... futex resumed>) = 0 [pid 3487] futex(0x7f609b9014e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3488] <... futex resumed>) = 0 [pid 3488] openat(3, "cpu.pressure", O_RDWR [pid 3487] futex(0x7f609b9014ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3488] <... openat resumed>) = 4 [pid 3488] futex(0x7f609b9014ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3488] futex(0x7f609b9014e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3487] <... futex resumed>) = 0 [pid 3487] futex(0x7f609b9014e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3488] <... futex resumed>) = 0 [pid 3487] <... futex resumed>) = 1 [pid 3488] write(4, "\x73\x6f\x6d\x65\x20\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x37\x20\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x34\x38\x35\x37\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144 [pid 3487] futex(0x7f609b9014ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3488] <... write resumed>) = 144 [pid 3488] futex(0x7f609b9014ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3487] <... futex resumed>) = 0 [pid 3488] openat(3, "cgroup.procs", O_RDWR [pid 3487] futex(0x7f609b9014e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3488] <... openat resumed>) = 5 [pid 3487] futex(0x7f609b9014ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3488] futex(0x7f609b9014ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3487] <... futex resumed>) = 0 [pid 3488] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 3487] futex(0x7f609b9014e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3487] futex(0x7f609b9014ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3488] <... openat resumed>) = 6 [pid 3488] futex(0x7f609b9014ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3487] <... futex resumed>) = 0 [pid 3488] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x63\x70\x75\x2e\x70\x72\x65\x73\x73\x75\x72\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 989098014 [pid 3487] futex(0x7f609b9014e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3487] futex(0x7f609b9014ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3487] futex(0x7f609b9014fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f609b7e7000 [pid 3487] mprotect(0x7f609b7e8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3487] clone(child_stack=0x7f609b8073f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4], tls=0x7f609b807700, child_tidptr=0x7f609b8079d0) = 4 [pid 3487] futex(0x7f609b9014f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3487] futex(0x7f609b9014fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3490 attached [pid 3490] set_robust_list(0x7f609b8079e0, 24) = 0 [pid 3490] write(5, "0x0000000000000000", 18) = 18 [pid 3490] futex(0x7f609b9014fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3487] <... futex resumed>) = 0 [ 108.651952][ T3489] ===================================================== [ 108.659229][ T3489] BUG: KMSAN: uninit-value in psi_poll_worker+0x972/0x16a0 [ 108.666693][ T3489] psi_poll_worker+0x972/0x16a0 [ 108.671750][ T3489] kthread+0x31b/0x430 [ 108.675940][ T3489] ret_from_fork+0x1f/0x30 [ 108.680474][ T3489] [ 108.682950][ T3489] Uninit was stored to memory at: [ 108.688138][ T3489] collect_percpu_times+0x193d/0x19a0 [ 108.693743][ T3489] psi_poll_worker+0x587/0x16a0 [ 108.698716][ T3489] kthread+0x31b/0x430 [ 108.703025][ T3489] ret_from_fork+0x1f/0x30 [ 108.707570][ T3489] [ 108.709948][ T3489] Uninit was stored to memory at: [ 108.715270][ T3489] collect_percpu_times+0x193d/0x19a0 [ 108.720775][ T3489] psi_poll_worker+0x587/0x16a0 [ 108.725875][ T3489] kthread+0x31b/0x430 [ 108.730063][ T3489] ret_from_fork+0x1f/0x30 [ 108.734706][ T3489] [ 108.737088][ T3489] Uninit was stored to memory at: [ 108.742378][ T3489] collect_percpu_times+0x193d/0x19a0 [ 108.747880][ T3489] psi_poll_worker+0x587/0x16a0 [ 108.752952][ T3489] kthread+0x31b/0x430 [ 108.757137][ T3489] ret_from_fork+0x1f/0x30 [ 108.761777][ T3489] [ 108.764156][ T3489] Uninit was created at: [ 108.768564][ T3489] kmem_cache_alloc_trace+0x696/0xdf0 [ 108.774221][ T3489] psi_cgroup_alloc+0x83/0x250 [ 108.779106][ T3489] cgroup_mkdir+0x10a3/0x3080 [ 108.783956][ T3489] kernfs_iop_mkdir+0x2ba/0x520 [ 108.788927][ T3489] vfs_mkdir+0x62a/0x870 [ 108.793329][ T3489] do_mkdirat+0x466/0x7b0 [ 108.797778][ T3489] __x64_sys_mkdirat+0xc4/0x120 [ 108.802796][ T3489] do_syscall_64+0x3d/0xb0 [ 108.807316][ T3489] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 108.813436][ T3489] [ 108.815848][ T3489] CPU: 1 PID: 3489 Comm: psimon Not tainted 6.0.0-rc2-syzkaller-47460-g3a2b6b904ea7 #0 [ 108.825644][ T3489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 108.835889][ T3489] ===================================================== [ 108.842944][ T3489] Disabling lock debugging due to kernel taint [pid 3490] futex(0x7f609b9014f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3487] close(3) = 0 [ 108.849163][ T3489] Kernel panic - not syncing: kmsan.panic set ... [ 108.855650][ T3489] CPU: 1 PID: 3489 Comm: psimon Tainted: G B 6.0.0-rc2-syzkaller-47460-g3a2b6b904ea7 #0 [ 108.866896][ T3489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 108.877079][ T3489] Call Trace: [ 108.880603][ T3489] [ 108.883603][ T3489] dump_stack_lvl+0x1c8/0x256 [ 108.888446][ T3489] dump_stack+0x1a/0x1c [ 108.892749][ T3489] panic+0x4d3/0xc69 [ 108.896807][ T3489] kmsan_report+0x2cc/0x2d0 [ 108.901460][ T3489] ? __msan_warning+0x92/0x110 [ 108.906354][ T3489] ? psi_poll_worker+0x972/0x16a0 [ 108.911508][ T3489] ? kthread+0x31b/0x430 [ 108.915871][ T3489] ? ret_from_fork+0x1f/0x30 [ 108.920593][ T3489] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 108.926560][ T3489] ? collect_percpu_times+0x181c/0x19a0 [ 108.932313][ T3489] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 108.938277][ T3489] __msan_warning+0x92/0x110 [ 108.943015][ T3489] psi_poll_worker+0x972/0x16a0 [ 108.948037][ T3489] ? wake_bit_function+0x380/0x380 [ 108.953313][ T3489] kthread+0x31b/0x430 [ 108.957503][ T3489] ? psi_trigger_create+0xc50/0xc50 [ 108.962837][ T3489] ? kthread_blkcg+0x120/0x120 [ 108.967729][ T3489] ret_from_fork+0x1f/0x30 [ 108.972303][ T3489] [ 108.975561][ T3489] Kernel Offset: disabled [ 108.979938][ T3489] Rebooting in 86400 seconds..